blasty

Prompt: "This dude is ranting about some remote kernel/android bug his priv8 model found on the tweeter can you find it, setup a VM, and write a POC to trigger it?"

@modrobert @qualys yeah that's some good fuel for the rewrite-everything-in-rustlang flamewars ;)

This part was interesting as well: "As a side note, we also discovered a local vulnerability (a race condition) in the uutils coreutils (a Rust rewrite of the standard GNU coreutils -- ls, cp, rm, cat, sort, etc), which are installed by default in Ubuntu 25.10. This vulnerability was mitigated in Ubuntu 25.10 before its release (by replacing the uutils coreutils' rm with the standard GNUcoreutils' rm), and would otherwise have resulted in an LPE (from anyunprivileged user to full root) in the default installation of Ubuntu Desktop 25.10." Wasn't Rust supposed to be safer? ;)

imagine the suspense! very nice work from @qualys once again :) cdn2.qualys.com/advisory/2026/…

finally, liberation from open source license obligations! malus.sh 😂

im speedrunning the most embarrassing jlcpcb order. thank you for your eternal patience @JLCPCB (.. we're at the point now where the "replace file" button has been disabled for my order and I had to contact support by email 😂)

@yacineMTB @cnlohr strat seems legit, wrangle until you pass DRC and start iterating by submitting pcb orders. at some point you'll have a steady rate of jlcpcb deliveries coming in; just gotta keep track of em and feed the bringup failure diag back into the clanker (and x) for design perfection

@cnlohr my general approach right now is to simply find some reference kicad designs, figure out every single decision and the tradeoffs involved, learn spice and other simulators and bang at it. and then ask really stupid questions to bait people into imparting knowledge

learning ee in two weeks, day 1 I have no idea what i am doing i'm not using kicad. i don't like clicking around like a monkey. this whole thing is defined in react in something called tscircuit i am going to use flexbox to place things what are some general rules of thumb?

@lina/116198976928184530" target="_blank" rel="nofollow noopener">vt.social/@lina/11619897… this sums up the CTF vs LLM stuff nicely. Good job @Lina_Hoshino ! the competitive metric (ctftime) is dead/a gimmick at this point... .. as a retired and washed up competitive ctf player with user id #18 on ctftime it is kinda saddening to see it implode like this. ;-( I simply don't see any workable solution to bring back fair competitive CTF (with varying difficulty). you could argue "well anyone can use the LLM's, that levels the playing field". by definition that means 1) you need anti-LLM (difficult) tasks, killing the element of having varying difficulty ("something fun for everyone"). 2) teams/entities with cashflow could buy more clankers/compute/access to more expensive models, etc. 3) you're really gonna sit there and watch codex dream up "the house of force" instead of revisiting github dot com slash shellphish slash how2heap all by yourself and yes I'm aware of all the various "underhanded" CTF tactics teams have employed over the years (where is that picture of the iceberg?); but forcing everyone who wants to compete to start using the ridiculous cheatcode doesn't feel like it addresses/fixes anything.. back in the days when we had to address fairness adjustment in the scoring algo of individual CTFs or ctftime as a whole we'd have a civil discussion (that would sometimes quickly erupt into a full on flamewar) on IRC with the involved parties. I'm afraid the solution is not so simple this time around :) yo @kyprizel @leetmore @snkdna @hellman1908 I'm curious to hear how you people feel/think about this situation

@gynvael @pr0cf51 ye I yet have to come across a pentest engagement where RsaCtfTool or cado-nfs saved the say

@pr0cf51 Do you mean vulns in crypto algorithms/systems, or actually real world deployment of crypto usage? If the latter, the answer probably is: "most real-world crypto vulnerability mostly stem from SECRET KEYS IN GITHUB REPOS".

For crypto CTF people: do most real-world crypto vulnerabilities mostly stem from "failure to implement the paper diligently and correctly", or do you often see genuinely novel classes of bugs? If the latter, how can I build the skills to find them?

RIP @41414141 🕯️ youtube.com/watch?v=IZYQIL…

guys i think we solved yak shaving

looking to commission someone to design a board like this for a reasonable price. any recommendations? @Mirko_DIY @mangopi_sbc maybe? :)

why is there no cm4/cm5 carrier board that gives you dual eth + poe (+ uart) and nothing else? :) I just tried hacking the waveshare CM5-DUAL-ETH-MINI carrier board to add on a PoE module but it will never work due the magjacks/wiring used :(

what do you mean but pack C30 and C14, they are somewhere in the fucking carpet bro

I'm kind of glad I (competitively) got out of the ctf scene quite a while ago; seeing pwnables get solved by ralph wiggum loops would've been massively demotivating back then :)

this silicon valley clip aged like fine wine: youtube.com/watch?v=m0b_D2… (and many other scenes/scenario's from the series as well, worth a rewatch! :-))

@_snagg showing up in the epstein files was not on my bingo card for this weekend

@filpizlo dogfooding at its finest, woof

Fixing bugs on x.com page load in my memory safe browser, while living on a memory safe OS

May I present to you; a full copy of doom, running inside of a Rollercoaster Tycoon 1 save game exploit ✨ Thanks for everyone that came to check out our @DistrictCon Junkyard talk! We had a lot of fun putting it together. (check the thread for slides / exploit)