pagedout.institute ← Call for articles & art for issue #8 of this technical IT zine is open! As usual, we accept 1-page articles about everything interesting in IT and related fields (be it programming, cybersec, AI, demoscene, retro, electronics, etc).

Here's some blursed Python code for you: a, b, c = {"alice", "has", "a cat"} print(a, b, c)

Here's a Saturday Python 3 Puzzle for you:

If you've liked my "Linux Terminal: CTRL+D is like pressing ENTER" article (hackarcana.com/article/ctrl...), be sure to checkout @mina86.com's "Is Ctrl+D really like Enter?" (mina86.com/2025/is-ctrl...) :)

Heeey, ncurses/terminfo has a small virtual machine! And if there's a VM, there are CTF challenges :) hackarcana.com/public-exerc... hackarcana.com/public-exerc... (third one coming next week, will be a bit harder)

We've received 50 required articles for issue #7 of @pagedout.bsky.social - this means we're publishing the issue in the few next weeks. 1. Want to get an article in #7? You should write it now and send it in in the next few days. 2. We're still looking for more issue sponsors!

OK, ChatGPT 5 admittedly surprised me in a positive way. I threw a PNG with a (small) Python AST graph at it and told it to reverse it to Python code, and it successfully did that. I have expected it to fail hard, but here we are 🤷.

Friendly reminder that order of operations makes a difference... more so than you think ;)

Lulu (print on demand) is increasing prices by 5% from Aug 1st, so if you were thinking of getting @pagedout.bsky.social #6 there, do it now: www.lulu.com/search?page=...

[Please share with people outside of cybersec] Do you have a horror story when you had to deal with cybersecurity companies / people? This is your chance to vent! → forms.gle/9aX24HrfnEQm... I'm running an anonymous survey to listen to stories and look into the disconnect we sometimes have.

Yet another ZIP trick... hackarcana.com/article/yet-... + a hands on exercise if you want to try this yourself: hackarcana.com/article/yet-...

A (not so) short analysis of anonymization schema used in the "Discord Unveiled" paper: hackarcana.com/article/anon...

Poll! What ANSI color types does your terminal support? "\x1b[1;31m3bpp+attr\x1b[m \x1b[91m4bpp\x1b[m \x1b[38:5:196m8bpp\x1b[m \x1b[38;2;255;0;0m24bpp\x1b[m" Reply with screenshot of the output of this string + add OS/terminal versions E.g. Ubuntu 24.04.2LTS, Konsole 23.08.5

Btw, is there sth like (www.web3isgoinggreat.com) but about AI fails?

[PL] W przyszłym tygodniu zaczynam nową serię szkoleniową - 10 projektów w Pythonie krok po kroku (python.sekurak.pl). Coś dla osób bardziej początkujących, w szczególności dla osób, które trafiły na ścianę po hello world / kalkulatorze, albo mają problem jak ↓

Doing a short livestream in ~30 minutes with inspecting a pcap with USB traffic from a gamepad – www.youtube.com/live/xVrxfEk...

Doing a free webinar today at 8PM CEST (i.e. livestream with slides) about "files", as entities on the filesystem, seen through the eyes of a security researcher. hexarcana.ch/lp/files/ ← sign up here if interested

Paged Out! #6 is out! pagedout.institute Totally free, 80 pages, best issue so far! 'nuff said, enjoy! (please repost to help spread out the news!)

Next Monday I'm doing a 2h webinar on files as seen through the eyes of a cybersecurity researcher. This will cover useful stuff for programmers, more junior pentesters, and other tech enthusiasts who enjoy knowing how stuff works on a computer :) hexarcana.ch/lp/files/?ut...

I'm getting some specific questions about my upcoming training – I'll update the training page later today. This said, I've also recorded a short show-case / case-study of what type of skill one will acquire on my training: www.youtube.com/watch?v=ib4Y...

tmp.0ut Volume 4 just came out!!! LET'S GO! And guess who's article is there ;) 08 .... FixedASLR: .o ELF loader in a CTF task tmpout.sh/4/

I'm running an "Intro to programming and Python" workshop (in Polish) in the evening with Sekurak / securitum and we have over 10 000 people registered. This is definitely and a new record for me!!! If you understand Polish, you can still sign up at sklep.securitum.pl/wstep-do-pro...

A lot of you were telling me I should do my courses in English, so here we go: Mastering Binary Files and Protocols: The Complete Journey hackarcana.com/bin?utm=gyn-b This is an A-to-Z course teaching a fundamental skill in practical IT, useful in cybersec/coding/etc Start Apr 8th

It's been a moment since I've posted sth on my YT channel, so here we go: www.youtube.com/watch?v=jBsV... I'm going here through my "pressing CTRL+D is like ENTER pressing" article – enjoy!

I've written another article, this time on the fundamental reason why we have all these XSSes/SQLIs/etc. At least that's the way I explain it ;) hackarcana.com/article/why-... There's also a CTF challenge for this article (misc60): hackarcana.com/article/why-... Enjoy!

If you like CTF challenges, we've been steadily pushing some of my favorite tasks to my new edu site: hackarcana.com/exercises From top to bottom: Linux RE, 2x JS RE, USB PCAP, ZIP/crypto, DOS/VGA RE, 2x BMP image stegano, 5x BMP file format stegano, Python 2.7 RE, and ROP RE HFGL

Did you know that pressing CTRL+D in linux terminal is like pressing ENTER? (to some extent, of course) Well, I didn't, so after randomly investigating what CTRL+D actually does, I've decided it's a fun topic to write about: hackarcana.com/article/ctrl...

Pro tip for protocol hand-crafting lovers: Having problems sending \r\n on Linux? Press CTRL+V to escape the next key press, and follow it up with ENTER to get \r. CTRL+V, ENTER, ENTER → \r\n

Worth reading!

This one is a fun one hackarcana.com/public-exerc... USB PCAP of a gamepad selecting the flag :) (Dejan, who was re-flagging this task, had to listen to my "back in my days the second thing you've learnt in programming was how to read the state of a joystick!" story. I am not sorry.)

Audio deepfakes will disproportionately affect people with hearing disabilities that rely on cochlear implants. This is the inconvenient reality of AI harms for marginalised groups. www.ndss-symposium.org/wp-content/u...

I've published a new blog post clearing up some confusion about what's what in the realm of securing input received from the user (or attacker): hackarcana.com/article/sani... That's a bit of app security theory for you, but I've seen this asked on job interviews. And it's actually important ;)

(funny, story in 4 posts) I asked Google to change "my" photo that pops up on Google Search's Knowledge Graph, since, well, that isn't me...

Problem with neural networks is that they don't always observer the feature you think they should. Case in point: I know that my tea is safe to drink if the cup isn't full. I've already had some tea, so it's not hot anymore, right? A half-full cup of boiling-hot tea is something I actively avoid.

ICYDK restrictions in PDF (copy pasting, printing…) are linked to encryption, which often uses an empty user password : no password prompt, but the file is still encrypted. So just decrypting the file (via qpdf, pdftk, print to PDF,…) removes these restrictions.

Oh this issue is going to be amazing! If you want to get your article in, you have around 10 more days before we set the number of pages in stone. Btw, know anyone who would like to sponsor Issue #6? pagedout.institute?page=ads.php

"[vendor] have identified computer code within the web-based version of DeepSeek’s AI chatbot". Specifically, when logging to the Chinese DeepSeek server, the IP address is revealed to a remote-server. Worse, a cookie is set in the user web browser! finance.yahoo.com/video/deepse...

There is still a couple more days to submit your 1-page article to @pagedout.bsky.social #6! We're at 41 pages of content out of 50 required. We'll start finalizing the issue when we reach 50. Not much time left, but you can still make it! :) pagedout.institute?page=cfp.php

"Hacker", as we in the bizz know well, carries different meanings for different people, and this can cause hilarious misunderstandings. Yesterday, the second part of an ongoing documentary about issues in NEWAG trains that were analyzed by Dragon Sector was aired. [...] gynvael.coldwind.pl?id=799

Soft deadline for Paged Out! #6 is upon us – 1 Feb 2025 – pagedout.institute?page=cfp.php

If you're following NEWAG vs Dragon Sector suits: Citizens Network Watchdog Poland ("independent, apolitical and non-profit organization in the form of a watchdog & think-do-tank") filed an amicus brief with the court urging the court to dismiss the case as a SLAPP siecobywatelska.pl/od-niedziala...

Legal question: I've been following the Honey/PayPal case, where they are getting class-action-sued left, right, and center in the US. Will we be seeing individual lawsuits and class-action-equivalents in other countries as well? If yes/no – why?

(please re-post for reach - thank you!) Learned a cool new Linux trick? Know an interesting quirk in a network protocol? Or have something else to share? Write a 1-page article for the #6 issue of Paged Out! :) pagedout.institute?page=cfp.php Soft deadline is Feb 1st.

Want to support security researchers from Dragon Sector in covering legal costs piling up after they went public with logic bombs in train firmware? IBAN for donations is available here: www.ccc.de/en/updates/2... Talks for context media.ccc.de/v/37c3-12142... streaming.media.ccc.de/38c3/relive/...

Printing on Linux, my experience: 1. Click "Print document" 2. Get a typical printing window 3. Click "Print" 4. ...crickets... 5. Do something else. Laptop enters sleep mode 6. Open the laptop 2 days later 7. Printing starts 8. ... 9. Profit? What's worse, I got used to this.

Thank you for all the recommendations so far! Some of you asked for me to share the list of what I got, so here it is: gynvael.coldwind.pl/n/eoy_talk_w... More technical conference talk recommendations are welcomed! :)

Request: I'm planning a slow end-of-year, so I'm making a list of technical conference talks I should watch (security/programming/hardware/demoscene/etc). Hit me with a link to a talk you think I should watch :)

I'm going to run a 7.5h online instructor-led workshop for folks who want to get into Reverse Engineering & Assembly (it's meant to unstuck folks who tried and kickstart folks who want to learn it). What do you think would be a fair price for that? Options are: around $100, $200, $300 or $500

bughunters.google.com/blog/6355265... This is my favorite ethical hacking exercise that a company can run – the "Leaving Tradition" at Google. This spawned so many amazing hacking stories over the years and let to mitigating so many complex exploitation paths!