Mastodawn

Irrationally upset that Microsoft's blog always has these red underlines in code because apparently they take screenshots from Word or something.

Joshua Small 2d ago

Matthew Berryman 2d ago

Count Dracula was 412 when he moved to England in search of new blood.

Sauron was 54,000 years old when he forged The One Ring.

Cthulhu had seen galaxies flare
into life and fade to darkness before he put madness in the minds of men.

It's never too late to follow your dreams!

Joshua Small 4d ago

Thanks for that Powershell script copilot.

Joshua Small May 8

Ransomware aside, the TXT records on the DNS domain for instructure.com is a hellscape. It's completely absurd we've let the domain root become abused this way.

Joshua Small May 4

Marketing people be all "you should have added us to your safe senders"

Joshua Small Apr 29

This cPanel issue sure sounds like a big deal.

https://www.namecheap.com/status-updates/ongoing-critical-security-vulnerability-in-cpanel-april-28-2026/

[RESOLVED] CRITICAL SECURITY VULNERABILITY WITH CPANEL/WHM, APRIL 28, 2026 - Namecheap Status

Dear Customers, We regret to inform you that a critical security vulnerability has been identified in cPanel software affecting all currently supported versions. This vulnerability relates to an authentication login exploit that could allow unauthorized access to the control panel. As an immediate precautionary measure, we have applied a firewall rule to block access to … Continue reading [RESOLVED] CRITICAL SECURITY VULNERABILITY WITH CPANEL/WHM, APRIL 28, 2026 →

Namecheap Status

Joshua Small Apr 16

If you open the Microsoft Secure Score recommendations and try to accept a risk, your browser happily tells you Microsoft made a spelling mistake.

Joshua Small Apr 10

Best use of Claude code in a pentest so far (could not surface this answer on Google).

/cc @wdormann

Joshua Small Apr 9

Javascript people falling over themselves to bundle megabytes of compat shims everywhere. Meanwhile, I have to say this is on of my favourite bits of code. Honestly, try it. The only people you'll break already can't use your website because your CSS never catered to them.

Joshua Small Apr 7

Will Dormann Apr 6

There's a new Windows 0day LPE that has been disclosed called BlueHammer. The reporter suggests that it's being disclosed due to how MSRC operates these days.

MSRC used to be quite excellent to work with.
But to save money Microsoft fired the skilled people, leaving flowchart followers.
I wouldn't be surprised if Microsoft closed the case after the reporter refused to submit a video of the exploit, since that's apparently an MSRC requirement now. 😂

Anyway, yeah, it works. Maybe not 100% reliably, but well enough...

Website	https://lolware.net/
Github	https://github.com/technion/
Age Key	https://lolware.net/age.txt