Notes

The European Commission has published the fourth edition of its ‘Counterfeit and Piracy Watch List’, providing a detailed overview of piracy-linked sites and services located outside the EU. Aside from many familiar names such as The Pirate Bay, the report also flags the InterPlanetary File System (IPFS) as a piracy threat. Game repacker FitGirl and domain registration service Njalla also make the list, with the latter surprisingly branded as an ‘off-the-shelf piracy facilitation service’. EU Piracy Watchlist Adds IPFS, FitGirl and Njalla

Most people want to be slaves. They just want to be comfortable, and the moment a little bit of freedom causes discomfort, they rush back to their cage.

The Internet is no longer designed to be readable. It is designed to be profitable.

BadSuccessor is a privilege escalation vulnerability discovered in Windows Server 2025 that allows attackers to act with the privileges of any user in Active Directory, without modifying the target object.

It abuses the delegated Managed Service Account (dMSA) feature introduced in Windows Server 2025 and works in the default configuration, making it a high-impact, low-complexity attack vector. In 91% of the environments we examined, non-admin users had the required permissions to perform the attack.

While Microsoft has acknowledged the issue and will address it in the future, no patch is currently available. BadSuccessor

Last year I got sick of it and started looking at deploying a solar system, and that was before PG&E decided to have 6 rate hikes (#7 on the way). Now a year later, my solar system is up and running, and I no longer cringe anytime I hear the AC kick on in the Bay Area heat (we can’t all live in SF). Here’s how I did it. How I Learned to Stop Worrying and Love Building my own Solar System

Today, we look back the classic era of home computing that existed alongside the dreariness of business computing and the heart-pounding noise and colour of the arcades. Were you a Spectrum owner? Did colour clash rule your life? Did you experience tape load errors, and did you ever poke when you meant to peak? Whether you had a measly 16K or the full 128K, join us for some judgement-free reminiscence about the classic, golden era of early home computers. Note that this article might make Amstrad owners feel like they’re being made fun of. It’s okay, they’re used to it. 21 Things We Miss About Old Computers

Slow day. Slower night.

I was originally investigating this report that Postman is not HIPAA compliant. I found that Postman is not just wholly unsuitable for anyone testing a healthcare application — it has virtually zero regard for the privacy of any of its users, and has probably logged every secret string you have ever given it. Postman is logging all your secrets and environment variables

FujiNet is a multi-peripheral emulator and WiFi network device for vintage computers. The first completed hardware was for Atari 8-Bit computers and development has begun for other systems with the goal of supporting as many as possible. What sets FujiNet apart from other WiFi devices is the new Network Device (the N device, or NDEV). The N device allows vintage computers that do not have enough processing power to handle TCP/IP connections talk to the modern internet over WiFi. Virtual adapters have been created for many protocols including: TCP, UDP, HTTP, FTP, TNFS, HTTPS (SSL/TLS), SSH, TELNET, WebDAV and JSON parser. FujiNet: multi-peripheral emulator and WiFi network device for vintage computers

NetBSD is my favorite of the “proper” Unix operating systems. There are many technical reasons one could point to, including its speed, simplicity, and small install footprint. My favorite reason, however, is in NetBSD’s slogan: “Of course it runs NetBSD!”

It is no secret that I am a fan of old hardware. My rule to prevent my collecting from becoming hoarding is that each piece has to have an actual use. Since NetBSD runs on everything from high end modern systems all the way down to the Sega Dreamcast, I decided to use an iBook G4 for game development in Python with pygame. NetBSD & iBooks & Python, oh my!

An integer overflow vulnerability exists within the VirtualBox vmsvga3dSurfaceMipBufferSize [source] function. This vulnerability allows an attacker to manipulate a malloc call such that 0 bytes are allocated while VirtualBox tracks the size of the buffer as a value greater than 0.

An attacker can exploit this condition and achieve linear read/write primitives which can then be escalated to arbitrary read/write access within the host’s memory. We provide a proof-of-concept that demonstrates how to exploit this vulnerability to fully escape a virtual machine. Oracle VM VirtualBox - VM escape via VGA device

Voice over LTE (VoLTE) is a way to make calls via an internet-based protocol on mobile networks using a standard called IP Multimedia Subsystem (IMS). IMS implementations have historically caused trouble due to their increased complexity and device interdependence. This increase in complexity has traditionally only externally manifested with device incompatibility problems. In the past, it wasn’t uncommon to find devices that required special firmware to utilise VoLTE and WiFi Calling.

However, I have always been interested in another risk to this increased complexity. Security.

With an IMS implementation, it is up to the mobile network to choose how they want to implement the services, and what configurations they want to use. Your phone then talks directly with these servers. Mobile networks have a responsibility to ensure that these servers are kept up to date and secure, and that their configurations do not lead to unnecessary data exposure. O2 VoLTE: locating any customer with a phone call

The T-LoRa Pager is a compact, programmable IoT development device designed by LILYGO. It integrates LoRa connectivity, NFC capabilities, GNSS positioning, and motion sensing via an embedded IMU, all within a portable form factor.

Powered by the ESP32-S3 microcontroller, the device includes 16MB of flash memory and 8MB of PSRAM. The board features an RTC circuit, GPIO expansion headers, battery management circuitry, an audio codec, and a MicroSD card slot for external storage. T-LoRa Pager Combines ESP32-S3, LoRa, NFC, and GNSS in Handheld IoT Device

Every hour, every aching moment, oh
We are bound, bound for Asphodel, woah
Hand in hand, pull me through the river, I
Mouth to mouth like we’re lung-to-lung.