| Web | https://comradelab.win |
| From | Sri Lanka |
| Pronouns | he/him |
GitHub - taigrr/spank: Slap your MacBook, it yells back. Uses Apple Silicon accelerometer via IOKit HID. · GitHub
https://github.com/taigrr/spank
Can't try it because I'm missing a MacBook. But that little application also has"sexy mode". Whatever that is... 😂
Does anybody with a STRONG BACKGROUND IN WEBSITE PRIVACY have time to vet this research? Are TikTok and Meta pixels REALLY doing the things claimed? I'm concerned it may be overstating things in an attempt to sell its tag monitoring tools.
https://jscrambler.com/blog/beyond-analytics-tiktok-meta-ad-pixels
In 2025, we achieved pre-auth RCE against another solution in a ransomware gang favourite category. Today, we finally click publish.
Join us as we walk through a chain of vulnerabilities we identified in BMC’s FootPrints ITSM solution.
Enjoy!
SolarWinds. Ivanti. SysAid. ManageEngine. Giants of the KEV world, all of whom have ITSM side-projects. ITSMs, as a group of solutions, have played pivotal roles in numerous ransomware gang campaigns - not only do they represent code running on a system, but they hold a significant amount of sensitive information.
@mwl @stefano You just can't fix willful ignorance. I did a gig for a body shop a few years back, connection made by my wife who, as an insurance adjuster, knew that they were unhappy with their current MSP.
It wasn't that their MSP was doing a bad job, it was that they wouldn't let their MSP do anything beyond a shit job. They were absolutely, and completely opposed to any and all computer security because, "No one is going to steal a body shop's information, no one will ever hack us." Needless to say, they had numerous problems they refused to believe were due to security issues. They had an open share file server sitting on the same network as the guest wifi. Guess what I found all over it?
I fixed one issue for them, then decided to nope the fuck out. Also, the one owner's son would absolutely never shut up about bitcoin.
RE: https://social.treehouse.systems/@ariadne/116213132813239860
Read what Ariadne is writing about LLMs. This all tracks with my intuition, that OpenAI et al are a big grift.
You categorically do NOT need millions or billions to train a useful LLM that can communicate in human language. LLMs are good at language, it's in the name!
The reason these companies are burning massive amounts of money and using increasingly massive models is they've taken "look, this tech makes for a cute chatbot that can do useful stuff" and turned it into "if we make it bigger it'll be SMARTER!"
And the thing is, that's true... to a point. When you stop treating the LLM as a language model and start trying to turn them into an all-knowing entity that has memorized the entirety of human knowledge and can do anything you prompt it for all with the same model (or a few collaborating models), you quickly hit diminishing returns. And you end up with a thing that's kind of smart (not really) and kind of knows everything (not really) and convinces everyone to throw insane amounts of money at you because you're fundamentally using the technology for something it wasn't intended for.
The way we fight back is with small home-grown "LLMs" (SLMs?) that run on a MacBook and train on a few GPUs and training/fine tuning them for specific purposes.
The whole AIBro approach of just using prompting and in-context learning with a single all-powerful model is just patently absurd.
OST2 is putting out a request for proposals for an opportunity to be funded to create classes on UEFI and/or ACPI. If you are interested, please reach out to teach🌀ost2.fyi with a proposed class syllabus. https://ost2.fyi/Training-RFPs.html
Tom 
Jerome G
Dan Goodin
watchTowr
The Psychotic Network Ferret
Hoshino Lina (星乃リナ) 🩵 3D Yuri Wedding 2026!!!
Monsieur Ralph
Adam ♿
Xeno Kovah
The New Oil