| Website | https://prusa.net |
Alright, it's official! 💰
@matthew_d_green and I bet on what will break first, ML-KEM-768 or X25519. The loser donates to a 501(c)(3) picked by the winner.
If you have an opinion on quantum computers or lattices, you can join with a side bet. Just submit a PR!
[arch-dev-public] Update on Valve sponsored work in Q1 2026 - https://lists.archlinux.org/archives/list/[email protected]/thread/AXEAYKUI5AJVYOIUPWO6N2NZXI77X4EB/
Two papers came out last week that suggest classical asymmetric cryptography might indeed be broken by quantum computers in just a few years.
That means we need to ship post-quantum crypto now, with the tools we have: ML-KEM and ML-DSA. I didn't think PQ auth was so urgent until recently.
So Anthropic employees are using Claude Code to contribute AI-generated code to open source repositories and hiding the fact using their own internal “undercover mode”.
Totally trustworthy people.
(Any open source project that at the very least requires disclosure of AI-authored contributions should immediately ban Anthropic employees on principle.)
New blog post 😊
If you replace all the innerHTML with setHTML, you will be free from XSS and other injection attacks. Goodbye innerHTML, Hello setHTML
(Kudos to our folks for specifying, building and shipping!)
Cross-site scripting (XSS) remains one of the most prevalent vulnerabilities on the web. The new standardized Sanitizer API provides a straightforward way for web developers to sanitize untrusted HTML before inserting it into the DOM. Firefox 148 is the first browser to ship this standardized security enhancing API, advancing a safer web for everyone. We expect other browsers to follow soon.
- do you want to use google to sign in?
- do you want to add a passkey?
- do you want to add a 2FA token?
- we know you have 2FA but we've sent you an email instead
- this login attempt seems suspicious we've sent you a text about it
- can you click on these buses?
- you failed to click on the buses click on these bicycles instead
- should we save these details for next time?
- do you accept these trackers?
- you can opt out but we've decided it's legitimate interest anyway
- would you like to see a list of our 847 partners we share your data with?
- can we send you desktop notifications?
- can we access your location?
- do you want 10% off for signing up to the mailing list?
- do you want me to translate this page?
- hi I'm your friendly chatbot how can I help?
- oh no you can't buy this, reach out to us for a quote!
- do you want—
I'm tired boss
When Blind people send emoji to Blind people, we are picking a text description from a list and receiving the same.
Let's become ungovernable. Simply type the emoji in text.
While you're at it, include emoji that do not exist.
Melting popsicle.
Broken umbrella.
Crying horse.
Pizza rat.
We really can do anything
Today in InfoSec Job Security News:
I was looking into an obvious ../.. vulnerability introduced into a major web framework today, and it was committed by username Claude on GitHub. Vibe coded, basically.
So I started looking through Claude commits on GitHub, there’s over 2m of them and it’s about 5% of all open source code this month.
https://github.com/search?q=author%3Aclaude&type=commits&s=author-date&o=desc
As I looked through the code I saw the same class of vulns being introduced over, and over, again - several a minute.
Filippo Valsorda
Arch Linux 
Aral Balkan
dram🎀
whyrlpool
Frederik Braun �
Harley 🐝🌿
ChanceyFleet
Kevin Beaumont