Mastodawn

jessica 2d ago

another banger from qualys https://cdn2.qualys.com/advisory/2026/03/17/snap-confine-systemd-tmpfiles.txt

jessica Mar 5

Sarah Jamie Lewis Mar 5

RE: https://mastodon.social/@sarahjamielewis/116161459299855467

Something I want to make clear:

The "age verification" bit of the CA/CO laws are not the bit I care about i.e. a law that requires an operating systems to implement some kind of parental control feature is...whatever.

The bits I care about are the obligations on developers to call APIs and then that invocation being taken as evidence of knowledge.

Specifically, I think a -legal- requirement to:

- make any kind of call is an attack on speech
- know a users age (bracket) is a privacy violation

jessica Mar 3

blacktop Mar 3

NEW macOS 26.3 🥫🍝 sauce! 🎉

xnu:
https://github.com/apple-oss-distributions/xnu/compare/xnu-12377.61.12...xnu-12377.81.4

dyld:
https://github.com/apple-oss-distributions/dyld/compare/dyld-1335...dyld-1340

Security:
https://github.com/apple-oss-distributions/Security/compare/Security-61901.60.40...Security-61901.80.25

- this post was generated by `ipsw` 🤖

Comparing xnu-12377.61.12...xnu-12377.81.4 · apple-oss-distributions/xnu

Contribute to apple-oss-distributions/xnu development by creating an account on GitHub.

GitHub

jessica Feb 23

Mari0n Feb 23

Another gem, here is all you ever wanted to know about Itanium C++ ABI exception handling and how its implemented in Linux C++ binaries https://maskray.me/blog/2020-12-12-c++-exception-handling-abi

jessica Feb 21

Interesting, Microsoft completely remove any remaining trace of LegacyMil* interfaces in DWM in 26h1.

https://github.com/ALTaleX531/OpenGlass/issues/260

The legacy MIL API first introduced in Longhorn allowed developers to write custom brushes (plane fills) and other bitmaps to the compositor directly... You can find out all about it in the patent... RIP

https://patents.google.com/patent/US7511718B2/en

jessica Feb 18

Show thread

Sarah Jamie Lewis Feb 17

It sounds obvious with hindsight but my art improved so much once I started actually looking at things in the same way that I would decompose a system in which I was trying to find security holes.

You cannot capture the essence of something without knowing it.

jessica Feb 2

Mari0n Feb 2

The cathartic effect of reverse engineering without a business objective should have its own therapy book.

jessica Feb 1

Juanma Fernandez Jan 31

A small rant:

The State of Art in Red Team is whatever you want to believe

https://x-c3ll.github.io/posts/Rant-Red-Team/

The State of Art in Red Team is whatever you want to believe

a rant about Red Teaming.

Doomsday Vault

jessica Jan 15

daniel:// stenberg://Jan 14

https://github.com/curl/curl/pull/20312

There, now you know.

BUG-BOUNTY.md: we stop the bug-bounty end of Jan 2026 by bagder · Pull Request #20312 · curl/curl

Remove mentions of the bounty and hackerone. There will be more mentions, blog posts, timings etc in the coming weeks.

GitHub

jessica Dec 16

daniel:// stenberg://Dec 16

If you need to get your mood down a few notches, there are some new slop entries to torment yourself with here:

https://gist.github.com/bagder/07f7581f6e3d78ef37dfbfc81fd1d1cd

AI slop security reports submitted to curl

AI slop security reports submitted to curl. GitHub Gist: instantly share code, notes, and snippets.

Gist