VeraCrypt 1.26.29 is now available!🎉 - Argon2id KDF for non-system volumes - Security fixes: CVE-2026-54073 & CVE-2026-53762 - Microsoft UEFI CA 2023 support for system encryption - Driver, EFI, Linux/macOS fixes 🔗More details at veracrypt.jp/en/Release No…

I have published an technical analysis of RoguePlanet vulnerability: amcrypto.jp/security/RoguePl…

Schrödinger's cat, Anthropic Fable variation.

Arch Linux keyring installed by @arkalinuxgui is outdated, so updates fail. The commands below solved it: sudo rm -f /var/cache/pacman/pkg/*.part sudo pacman -Sc sudo pacman-key --init sudo pacman-key --populate archlinux sudo pacman -Sy archlinux-keyring sudo pacman -Syu

2026 is the year Linux kernel lost its marvel in my eyes.

No comment!

Very good and enlightening read .

New entry in Bugflation for @bynar_io following CVE-2026-31532. Excellent findings! bugflation.com/findings/cve-…

💥 Introducing "Dirty Frag" A universal Linux LPE chaining two vulns in xfrm-ESP and RxRPC. A successor class to Dirty Pipe & Copy Fail. No race, no panic on failure, fully deterministic. ~9 years latent. Ubuntu / RHEL / Fedora / openSUSE / CentOS / AlmaLinux, and more. Even if you've applied the "Copy Fail" mitigation, your Linux is still vulnerable to "Dirty Frag". Apply the Dirty Frag mitigation. Details: dirtyfrag.io

With a reported cost of $100, Apache CVE-2026-23918 deserves its place on Bugflation. Apache credits Bartłomiej Dmitruk (@hackerman_70000), Striga AI, and Stanislaw Strzalkowski, isec pl, as finders of this Apache server double-free. bugflation.com/findings/cve-…

I'm launching bugflation.com. I coined "Bugflation" to describe a shift in software security: software didn't suddenly become worse but the cost of finding old bugs is falling. AI-assisted discovery is scaling. Bottleneck is now validation, patching and deployment.

Here is a Python 3.4 checker for CVE-2026-31431 (Copy Fail) vulnerability that doesn't modify your system or perform privilege escalation, unlike official reproduction script. gist.github.com/idrassi/8dca…

Publicly dropping an easy to exploit Linux 0-day before distros/providers had time to patch was reckless. Ubuntu 24.04 is still unpatched as I write. CopyFail (CVE-2026-31431) is serious. AI marketing stunts can't come at the expense of global system security.

I reproduced a Mythos Rust vulnerability finding with open LLMs for $0.03. Kimi K2.6 found it. GLM 5.1 found it too. Open models are getting very strong for vulnerability research at a price point that makes them practical work driver. github.com/Swival/security-a…

I spent the evening looking into quantum computing timelines as a non-expert in quantum computing. Here is what I’ve learned: We currently have machines with ~1,000–1,500 physical qubits at error rates around 10⁻³, and Google’s algorithm requires ~500,000 physical qubits operating coherently together with surface code error correction, yoked qubit storage, magic state cultivation producing ~500K T states per second, and reaction-limited execution at 10μs cycle times — none of which has been demonstrated beyond small-scale proof-of-concept experiments. Scaling from where we are to where this needs to be isn’t a matter of incremental improvement along a Moore’s Law curve; it requires solving qualitatively new engineering problems in qubit fabrication yield, correlated error suppression across a massive chip (or multi-chip interconnects that don’t exist yet), cryogenic wiring and control electronics for half a million qubits, real-time classical decoding at the required throughput, and sustained coherence of a “primed” quantum state across minutes of wall-clock time — any one of which could prove to be a multi-year bottleneck, and all of which must be solved simultaneously.​​​​​​​​​​​​​​​​ Given the above, I just don’t see how we’re going to get to a cryptographically relevant quantum computer by 2030, especially given that we need a ~350× increase in physical qubit count with simultaneously tighter error correlations, an entirely new cryogenic control and wiring architecture to address half a million qubits, real-time decoding infrastructure that doesn’t exist yet, magic state distillation factories operating at industrial throughput, and multi-minute coherent idle times for primed states — and historically, solving even one of these at scale has taken the field the better part of a decade.

Issue is real: didn't use Claude for 1 week, just tried it to review a small codebase, and boom...limit is hit!! How come QA didn't catch this?

GLM 5.1 is having an existential crisis 😂 emergence of self-awareness is real!!