It's hard to build an oscillator: lcamtuf.coredump.cx/blog/oscilla...

i did a 15 minute impromptu talk about glasgow/amaranth/yowasp/grebedoc and why i think these tools are interesting and special for @oshwassociation.bsky.social, you can watch a recording: youtu.be/Y_TtMzmuXoY?...

For months I've heard crazy stories about SF's reorganized street medicine teams, which are now forced to focus on "the list" — a small number of homeless folks who've annoyed politicians or angry neighbors. This means every day they have to drive past people in urgent need of medical care. 1/3

Getting silly with C, part ~(~1<<1) lcamtuf.coredump.cx/blog/c3/?n

New RP2350 stepping just dropped, E9 fixed. www.raspberrypi.com/news/rp2350-...

the virgin libsmacker (crashes, doesn't use stdint, not written by me) vs the Chad libsmusher (uses stdint, works first try, written by me)

Thermomix TM5 reverse engineering and exploitation www.synacktiv.com/en/publicati... #cybersecurity #iot

I was going to break into targetControlSystem and do terrible things to it.

check out the (new, not merged yet) #GlasgowInterfaceExplorer I²C controller documentation! whitequark.github.io/glasgow/refa... is there anything else you'd like to see, either in general in the docs, or as a part of this applet?

Cart saved

...he says to Signal's president

A (fairly) gentle intro to transfer functions and resonant filters: lcamtuf.coredump.cx/blog/rc-filt... To fully appreciate it, you'd probably need to be up-to-date on the preceding article, linked on top.

This is actually the inside of Hegseth's phone right now

I’m speaking up in support of @thekrebscycle.bsky.social & @sentinelone.com Cybersecurity should be a non-partisan issue that unites us in our shared mission to defend our country. National security can’t afford the chilling effect on both public & private sector www.lutasecurity.com/post/in-supp...

JESUS CHRIST

Do people read the terms and conditions before clicking accept? I assume most don't, and even when we do, those are digest. TOSAbout is a list of company terms and conditioned, explained in simple language, to understand how shady those are, before you click “accept” www.tosabout.com/

the Signal fiasco is a good reminder that while these people are destructive, and cruel, and bigoted, and petty they are also really, really stupid

My pill organiser I designed to hold the immunosuppressants for @photographotter.bsky.social's kidney :) Printed plastic & CNC milled aluminium, with Photter's picture engraved into it.

“RP2040 has now been certified to run at a system clock of 200Mhz when using a regulator voltage of at least 1.15 volts.” github.com/raspberrypi/...

If you use Signal and your threat model includes Russian state actors, make sure your version of Signal is up to date in order to harden your account against these attacks: cloud.google.com/blog/topics/...

the thing about cattle, not pets, is that we neglected the part where you render the cattle into a fine soup-like homogenate labs.watchtowr.com/8-million-re...

Rest in peace:

"Masculine Energy"

Just FYI, administrative warrants (like the ones used by ICE) are not judicial warrants (used by cops, signed by a judge). You do NOT legally have to open the door for an ICE officer with an administrative warrant *no matter what the ICE officer says.*

When Florida can report and arrest trans people for just going to the bathroom, and they can now also forcibly detransition people in prison by refusing their meds and shaving their heads, and the industry is still ✨⭐️conference at Epcot✨⭐️!

The year is 2035. I meet President AOC in the Oval Office. "You've done well," she says. "By telling men to dress gay, you've lowered the population rate by 90%, thereby reducing carbon emissions." She slides me a manilla envelope. I can now afford a home in a walkable neighborhood

events.ccc.de/congress/202... You can bypass security on the RP2350 by glitching the OTP power supply (which does not have a glitch detector on it). This causes OTP to supply "guard data" instead of real data, and interpreting the guard data happens to enable RISC-V mode, which can do anything.

Custom sprite injection over WIFI using RCE on a legit copy of Pokémon pearl :)

The duality of man

anyway, you may have noticed the statement was *to all those who celebrate* that doesn’t seem to include you, which means i *wasn’t talking to you*

nobody does more brutal fashion reviews than the irish

PSA: MODERATION LISTS ARE MIGRATING FROM THIS ACCOUNT to @skysentry.bsky.social If you're subscribed to any of the lists, please re-subscribe to them at the new owner by November 30th, after which I will no longer be maintaining them, and the lists will be removed from this account. Thank you.

A Stanford student got in a car accident that killed two people and was charged with crimes. After the victims' families wrote to Stanford about it, saying he should be disciplined, he sued them and tried to use the suit to silence their advocacy. Yesterday he lost. This is the story.

Pair of WebKit vulns patched in iOS 18.1.1 and macOS 15.1.1, time to kick off those updates!

A few recent nature photos

Oh, I never posted my gotofail story on here. Early 2014, someone came to me about a catastrophic vulnerability in Apple's TLS implementation. I shit you not, they'd overheard someone at a bar drunkenly bragging about how they were going to sell it to a FVEY intelligence agency for six figures.

The Vision Pro battery has an ACE USB-PD controller similar to Apple Silicon Macs and USB-C iPhones. It thus also supports the SOP’DEBUG commands!

Rebuilding my following list. Gimme all your #hackers, especially all your #queer, #enby, and #lgbtq ones. More sass, more better (looking at you @lookitup.baby).