Can’t stress this enough. High taxation incentives people to get more days off instead of more money. In NL it’s not unusual to have a 4 days work week. People call me out for working on Sundays because “it’s weird”

“We can easily bypas KASLR using prefetch attack these days. Entrybleed is the most famous prefetch attack variant.” iOS security is leaving dust to any other platform. It’s hard to believe KASLR is still not a standard mitigation nowadays ssd-disclosure.com/lpe-via-r…

Recently, there was a clash between the popular @FFmpeg project, a low-level multimedia library found everywhere… and Google. A Google AI agent found a bug in FFmpeg. FFmpeg is a far-ranging library, supporting niche multimedia files, often through reverse-engineering. It is entirely the result of volunteers and a marvellous piece of technology. For people who have never been on the receiving end of ‘security researchers’, it is difficult to understand why there is a pushback against them. Think about the commons. In Quebec, these are pieces of land where farmers send their cows during the summer. It is collectively owned, like FFmpeg. Everyone is responsible to care for the commons if they are using it. If you are not using it, you are supposed to stay away. Now, imagine a rich corporation comes in and sends its well-paid agents into the commons to find issues with it. Maybe a broken barrier or a dangerous hole. So far so good… But instead of fixing the issues, the corporation says “you have a month to fix the issue or else I will report you to the government”. How much love would the big corporation get in this context? Why do the security researchers insist on disclosing the issue without having contributed to fixing it? So that they can get credit for it. That's their entire scheme: find issues, irrespective of whether they affect the use case of their employer... after all, all issues no matter how small can be potentially significant at some point... and then brag about it without doing the hard work of trying to fix it. Let me be clear that no everyone working in security behaves this way. Many are good actors. But there are enough 'security researchers' behaving as parasites that it has become a recognizable pattern. « But Daniel, who should be fixing the bugs then? » If you are paying for commercial support, then get in touch with the folks you are paying. If you are not paying, then it is on you. It says so in the licenses. It is part of the moral code open source. It is part of the legal framework. Let me be clear. You do not get to bite back at Linus Torvalds if a bug in the linux kernel crashes your server. What you do is that you identify the issue, narrow it down and propose a fix. If you cannot do it, then you pay someone to do it. Or you just do not use Linux.

“Scan the codebase” ➡️ “Discover vulnerabilities” lol

The story gets stranger... Apparently I was never able to use the 🇪🇺 EU's GPUs in the first place Because I wasn't on their pre-approved organization list of "Horizon 2020" So how can you join the Horizon 2020 list as an organization? Well, you can't. It was made in 2014 and closed in 2020! ????

Serious bugs often occur in third-party components integrated by other software. @ifsecure and I found this vulnerability in the Dolby Unified Decoder. It affects Android, iOS and Windows among other platforms, sometimes 0-click. project-zero.issues.chromium…

Extreme views and narratives are over-represented on social media, per FT:

🤨

It hasn’t been announced properly, but The Apple Wiki admins & me grab firmware keys shortly after each major & minor release (e.g. 26.0 and 26.1) We also constantly fill the gaps in the old versions & platforms, e.g. M3 Max and A7 & S1P/S2/T1 & S3 SEP theapplewiki.com/wiki/Firmwa…

MTE in libPas 👀 github.com/WebKit/WebKit/pul…

That aged badly

Got curious how much faster Linux is than macOS for small-file access and creation. The results are shocking: curl -L cdn.kernel.org/pub/linux/ker… -o linux.tar.xz time tar -xf linux.tar.xz Framework Desktop: 1.6s MBP M4 Pro: 12.2s Over 7x faster on these 90K files!! 🤯

Can't help but wonder about the number of years of human work that we lost because macOS can't upgrade more than one iPhone at a time.

Europeans have no idea how ridiculous their washing'n'drying situation is. Totally cooked by eco-insanity. We just got a TOP-OF-THE-LINE Miele heat-pump setup, and it's still fucking 6:20 hours to do a single wash dry!! Would take 1.5 hours in the US on our gas/vented setup.

AI efficiency is important. Today, Google is sharing a technical paper detailing our comprehensive methodology for measuring the environmental impact of Gemini inference. We estimate that the median Gemini Apps text prompt uses 0.24 watt-hours of energy (equivalent to watching an average TV for ~nine seconds), and consumes 0.26 milliliters of water (about five drops) — figures that are substantially lower than many public estimates. At the same time, our AI systems are becoming more efficient through research innovations and software and hardware efficiency improvements. From May 2024 to May 2025, the energy footprint of the median Gemini Apps text prompt dropped by 33x, and the total carbon footprint dropped by 44x, through a combination of model efficiency improvements, machine utilization improvements and additional clean energy procurement, all while delivering higher quality responses. See the blog or technical paper for more about our methodology and ongoing efforts. Blog: cloud.google.com/blog/produc… Link to detailed paper: services.google.com/fh/files…

Today I have a more serious topic than usual, please consider reposting for reach: My wife and I are urgently looking for a specialist in neuropediatrics or a similar field for our autistic child with a diagnosed, but not further specified, movement disorder [1/3]

A year ago a friend spent thousands of $ on a Unitree Robotics robot that was never sent. His emails have been ignored and no refund or updates have been received. When he complained here, he's been harassed by bots. #UnitreeScamAlert #UnitreeScam #Unitree #UnitreeRobotics

What the fuck is going on in the United Kingdom? They've got advertisements unironically saying WiFi is bad for the environment. Who are these people???

Looks like on latest macOS, even with FileVault on, it is still possible to SSH into a machine and unlock it: "This system is locked. To unlock it, use a local account name and password. Once successfully unlocked, you will be able to connect normally."