harrysintonen

The feeling when you notice a bug in your binutils port that has been generating semi-randomly broken branch relaxation trampolines for decades.

#programming #coding #oops

If you're a #facebook user, you can object to your information being used for #aItraining: https://www.facebook.com/help/contact/6359191084165019

As part of the process, they demand you to explain how the process impacts you. Of course, this is just another step to stop you from exercising your right to object. You can enter "I refuse to explain my reasons" or similar, and it will be equally valid as an actual explanation.

#privacy #enshittification

No one — absolutely no one — saw this coming: "The UK government is developing a “murder prediction” programme which it hopes can use personal data of those known to the authorities to identify the people most likely to become killers."

https://www.theguardian.com/uk-news/2025/apr/08/uk-creating-prediction-tool-to-identify-people-most-likely-to-kill

This is far, far more sinister than anything even Philip K. Dick could dream of.

#precrime #thoughtcrime #privacy

I can't recommend
https://www.privacyguides.org/ enough. Excellent curated information on how to protect your #privacy.

Finnish Post has decided to start using your data for service planning and development. This is opt-in by default.

"My data may be used for service planning and development, as well as for delivering personalized content and targeted advertising using profiling.
Profiling refers to automated processing of personal data where the information is used to evaluate personal characteristics, such as interests or service usage. The purpose of profiling is to enhance the customer experience and ensure that the customer receives relevant and interesting recommendations and services."

Notably for some reason this is separate from "Marketing consents" and is enabled by default.

You can turn off this option at: https://my.account.posti.fi/settings

#profiling #privacy #gdpr #enshittification

Today Finland is voting in county and municipal #elections. Unsurprisingly the idiot Russian "hacking crew" is DDoSing websites of the political parties.

Newsflash: The voting is pen & paper. No websites are involved in the voting process. You gain absolutely nothing by DDoSing the party websites.

#infosec #cybersecurity

In case you haven't noticed #nis2directive is in effect in Finland now:

"Finnish Parliament has passed the government proposal for a national #Cybersecurity Act to implement the EU Cybersecurity Directive (NIS 2 Directive). As regards public administration, the relevant requirements included in the Directive are laid down in the Act on Information Management in Public Administration."

Interestingly this also increases the duties and responsibilities of The Finnish Transport and Communications Agency Traficom:

"The Cybersecurity Act also entails new supervisory duties for Traficom compared to the old NIS Directive. In future, Traficom will be the competent authority supervising cybersecurity issues also in the following sectors: postal and courier services, space, public administration, managed service providers, managed security service providers, research, and the manufacture of vehicles and other transport equipment."

ref: https://traficom.fi/en/news/cybersecurity-act-passed-parliament-obligations-under-nis-2-directive-enter-force-8-april-2025

#Microsoft is removing the possibility to use a local account with #Windows.
https://blogs.windows.com/windows-insider/2025/03/28/announcing-windows-11-insider-preview-build-26200-5516-dev-channel/

"We’re removing the bypassnro.cmd script from the build to enhance security and user experience of Windows 11."

Oh, okay, but how does it improve security or user experience?

"This change ensures that all users exit setup with internet connectivity and a Microsoft Account."

Ah, so it does not improve security or use experience. It in fact is making the user experience worse, as you no longer can set up Windows offline easily.

The only reason is to force more users to sign up to Microsoft account.

#enshittification

If you care about your health information #privacy sending your generic material to a commercial entity is a mistake. The reason for the cheap prices is that your health information will be sold. While some companies claim anonymity, such claims are often with little merit has there often is enough information to identity individuals.

The fallout from the malicious tj-actions/changed-files is still being investigated. It is fortuitous that this malicious commit was identified fairly quickly, as further compromise of major OSS components and projects could lead to a kind of chain reaction.

• https://www.stepsecurity.io/blog/harden-runner-detection-tj-actions-changed-files-action-is-compromised
• https://semgrep.dev/blog/2025/popular-github-action-tj-actionschanged-files-is-compromised/

#infosec #cybersecurity

VMSA-2025-0004: #VMware ESXi, Workstation, and Fusion updates address multiple vulnerabilities (CVE-2025-22224, CVE-2025-22225, CVE-2025-22226)

VMCI heap-overflow vulnerability (CVE-2025-22224): A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.

VMware ESXi arbitrary write vulnerability (CVE-2025-22225): A malicious actor with privileges within the VMX process may trigger an arbitrary kernel write leading to an escape of the sandbox.

HGFS information-disclosure vulnerability (CVE-2025-22226): A malicious actor with administrative privileges to a virtual machine may be able to exploit this issue to leak memory from the vmx process.

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25390

#CVE_2025_22224 #CVE_2025_22225 #CVE_2025_22226 #infosec #cybersecurity

#curl predecessor httpget 0.2 from around 1996/1997 is 165 lines. Needless to say, it has multiple critical security vulnerabilities. How many can you spot?

If you build it on a modern system and want to try exploiting it in true 90s fashion, be sure to turn off address space layout randomisation (ASLR).

https://github.com/curl/httpget/blob/master/httpget-0.2.c

#infosec #cybersecurity