| Signal | @darkuncle.42 |
| The Rules | https://gist.github.com/darkuncle/d366a6c4323db64a7b761704d6f1ab95 |
| The Reading List | https://gist.github.com/darkuncle/42bdeed4503c6ccd9bdb025f6eb45fc6 |
| Profile photos | Zuma Beach and Henry Cowell Redwoods |
RE: https://universeodon.com/@world_beauty/116489768355046825
I will never not be 13 when this planet comes up in the rotation
Ooooh, nice:
https://xint.io/blog/copy-fail-linux-distributions
CVE-2026-31431: Local privilege escalation to root using a trivial 732 byte python script for pretty much every Linux distribution since 2017.
Xint Code disclosed CVE-2026-31431, an authencesn scratch-write bug chaining AF_ALG + splice() into a 4-byte page cache write. A 732-byte PoC gets root on Ubuntu, Amazon Linux, RHEL, SUSE. | AI for Security, Vulnerability Research
"Indie bookstores are proving to be an antidote for the time we’re living in." 100% this
"A.I. disrupted online search results and flooded Amazon with poorly written copycat books...making it harder for books written by humans to stand out from the slop." YEP
https://archive.is/IMqNo (no paywall)
#bookstodon
Fourteen years ago, I wrote the proof-of-concept. This month, Chrome shipped the fix.
Back in 2012, I built several PoC browser extensions to demonstrate the real-world risks of cookie session theft and two-factor authentication bypass. The threat was already obvious then - anyone with code execution in the browser context could lift a session cookie and replay it from anywhere.
This April, Chrome 146 rolled out Device Bound Session Credentials (DBSC) on Windows, with macOS to follow. DBSC cryptographically binds authentication sessions to the device's hardware - TPM on Windows, Secure Enclave on macOS - so an exfiltrated cookie is useless on any other machine.
It doesn't kill infostealer-driven session hijacking outright, but it raises the cost.
Progress is progress.
Notable hacks where infostealer and session cookie stealing was involved:
EA games hack, 2021
CircleCI, 2022
Article from 2012:
https://www.infoworld.com/article/2279527/researcher-to-demonstrate-feature-rich-malware-that-works-as-a-browser-extension-2.html
Google on DBSC:
https://security.googleblog.com/2026/04/protecting-cookies-with-device-bound.html
RE: https://mastodon.social/@mattsheffield/116489732504388828
This might be the freakiest thing I can recall seeing. 100% nightmare fuel. (Although the Zuck robot seems kind of true to life?) Nice to see Beeple continuing to set new artistic frontiers.
Well the news is universally horrendous this morning. But you know what never disappoints?...... Comedy Wildlife Photography Awards! Hooray for animals!
18 silly finalists from the Comedy Wildlife People's Choice Awards
https://www.popsci.com/environment/comedy-wildlife-peoples-choice-awards-winner-finalists/
Ever wanted to start developing for the #Commodore #Amiga but had no idea where to start?
amiga-bootcamp, a git repo with all the knowledge about the Amiga's inner workings has you covered!
📣 Please take note ...
#AI #noAI #author #art #writing #creativity #joannamaciejewska #technology #laundry #dishes
Jan Schaumann
Logan Five Thousand
Sue is Writing Solarpunk 🌞🌱
zh4ck
Ben
dirk dierickx
Ingrid Hoeben Ⓥ 🇧🇪
Spencer