Privacy-focused, debloated, FOSS Android apps I use daily as a student. Read more ›
How a simple “encrypted message” demo turned into a real lesson in what end-to-end encryption actually means — and the mistakes along the… Read more ›
More than 4,000 routers have been compromised so far, while the number of poisoned NAS devices remains unknown. Read more ›
The Outer Worlds 2 studio Obsidian have been accused of having "increased their profits by violating state wage and hour laws" in a California lawsuit. Read more ›
Also, this is just security through obscurity. The holes that mythos exploited still exist after you've tried to limit mythos accessibility.And the fact that all our systems are riddled with security holes shouldn't be too much of a surprise given the way that we all know that software is developed and how tech debt / chores are constantly underbudgeted (plus I think this underscores that any one human's knowledge and attention are inherently limited, and even the best PR review is going to l... Read more ›
Advanced Functional Materials, EarlyView. Read more ›
To strengthen my practical understanding of identity and access management, I built an Active Directory homelab using Windows Server 2019… Read more ›
Like gsocket.io but self-hosted. Remote shell to any machine — no public IP, no port forwarding, no VPN. One command install. Read more ›
Team Marine Corps opened the 2026 Warrior Games with a strong showing in powerlifting and an exhibition pickleball competition, earning 10 medals and setting the tone for the week ahead. Read more ›
A tool to parse code and generate a graph to highlight read, write and authentication links - man-consult/code-mapper Read more ›
How I’m building a deep work retreat in Zanzibar for founders who are tired of half‑shipped projects
I’m a digital nomad currently based in Zanzibar, and over the last years I kept seeing the same pattern in myself and everyone around me: endless ideas,... Read more ›
After over two years in the making, Pine64 has now launched the PineVoice (previously PineVox) smart speaker based on the Bouffalo Lab BL606P RISC-V wireless microcontroller with WiFi, Bluetooth, and Zigbee radio interfaces. The device also features two microphones, a speaker, a USB 2.0 OTG port, volume buttons, a mute button with LED, a start/stop button, and four RGB LEDs. The PineVoice smart speaker is mainly designed to work with Home Assistant. PineVoice specifications: SoC – Bouffalo La... Read more ›
Android users should be able to fully delete pre-loaded AI features, according to new proposals to the European Commission that target Google's upcoming 2026 developer verification plans. Read more ›
"Sign in with Google" has become so naturalized that questioning it feels paranoid. This is itself worth questioning. When a surveillance arrangement becomes the unquestioned default, the surveillance no longer requires justification; the alternative requires justification. The civic dimension of the default matters. A democratic society depends on the existence of un-surveilled spaces — spaces where citizens can think, discuss, organize, dissent, change their minds, without the activity bein... Read more ›
A few nights ago Thomas Ptacek shared a link to CVE-2026-34182 in OpenSSL with the note:one-byte tag vulnerability, everyone has to take a drink, that's the rule.The same bug turned out to be in wolfSSL (CVE-2026-5500), Bouncy Castle, and GnuPG's S/MIME tool gpgsm. Four independent crypto stacks all got it wrong in exactly the same place.The place is PKCS#7 / CMS parsing, and the bug is almost too dumb to believe. So let me use it as an excuse to talk about something I've been ranting about f... Read more ›
This week's release includes five new modules, including a full unauthenticated RCE chain for Paperclip AI and a VS Code extension persistence technique. On the post-exploitation side, the new windows/local/ntlm_relay_2_self module coerces the local machine account to authenticate via OpenEncryptedFileRaw (WebDAV), relays that NTLM authentication to a Domain Controller's LDAP service, then uses the resulting LDAP session to write Shadow Credentials and obtain a Kerberos service ticket as Admi... Read more ›
I’ve been running a mixed Proxmox cluster for years – four nodes of wildly different capability, from an Atom x5-Z8350 with 2 GB of RAM (a z... Read more ›