Success! AbdulAziz Hariri of Haboob SA completed his attack against Adobe Reader using a 6-bug logic chain exploiting multiple failed patches which escaped the sandbox and bypassed a banned API list. He earns $50,000 and 5 Master of Pwn points. #Pwn2Own #P2OVancouver

Haha this is great. Ken Thompson refuses to take a test on how well he knows C, so Google won’t let him commit code. #C #Software #Developers #UNIX

theregister.com/2010/04/21/ken

Time for a tale about a grifter:

Over on bird site, right at the height of the pandemic a bunch of Unemployment systems buckled under the load. The culprit? COBOL..... okay actually it was shitty Java apps that sat in front of the mainframes that were running COBOL. But COBOL was blamed nonetheless.

A grifter who shall remain nameless made a tweet about running an entire banks COBOL application on MVS 3.8J on a Raspberry Pi. The post went viral cause it hit on all the right buzzwords of the time. This immediately set off my bullshit alarms because the COBOL we have available doesn't even support END-IF statements. There's just no fucking way on earth they were doing as they claimed. The funniest part was they posted screenshots as if they were running it, but they were screenshots from the manual!

Anyway, so I called them out, they tried to weasel out of it but I kept pressing them. So they finally posted an actual screenshot... of the hercules terminal. You should know, when you download and install TK4- there's two scripts: 'mvs' and 'start'. The one you want to run is mvs.sh, start.sh just starts hercules but doesn't actually IPL the mainframe. Any guesses which command they ran in their screeshot? If you guessed start.sh and the screenshot was just a hercules console waiting for input youd be correct! (hercules is just the emulator, it would be like claiming to play FFX on PCSX2 on a raspberry pi, but its a screenshot of the emulator UI with no games).

So I made fun of them for this and pointed out they ran the wrong command, they needed to run mvs.sh. They deleted the tweet, then reposted it with the new screenshot showing the system after IPL (LMAO!).

Anyway, calling our their grift made them VERY upset. Through back channels I find out that they've called IBM to try and get me in trouble (lol), when that didn't work they threatened to send journalists after me (nice guy).

The best part was that when that went nowhere they told IBM that they had been working on a blockchain app for mainframes but since the mainframe community hurt their feelings they were going to delete their code and not share it! Boo hoo.

Upon hearing that obvious bullshit I took it upon myself to build what they claimed, I wanted to make an interface to manage my Dogecoin in COBOL and CICS.

Thus was born DOGECICS github.com/mainframed/DOGECICS the coolest way to manage and send dogecoin on earth.

Not only that, but I was able to run the whole thing on my Raspberry Pi Zero W

youtube.com/watch?v=xWRy6e6xDy

Better yet, when I tweeted out about Dogecics it was picked up by Adafruit!

And thats the story about how I upset a grifter and wrote a CICS application. If you want to try DOGECICS all you need to do is download TK4- wotho.ethz.ch/tk4-/ and follow the instructions in the github link.

as chrome gets older and more exposed to the elements it will be eventually partially composed of rust

not that it matters to me, a firefox user

"there is no a priori theoretical quantum speedup associated with Grover's algorithm"
arxiv.org/abs/2303.11317

VC: *squirms in his chair, visibly uncomfortable*
Me: No, it's not just a SIEM, it uses your events as building blocks for rock/hip hop lyrics. I call it "Linkin Logs"

We just dealt with a really nasty case of food poisoning here. The only member of the group to order the salad that night.
twitter.com/k8em0/status/16378

hey folks? fix your fuckin' email parsers. the only way to validate an email address is to send email to it, and i promise that .codes is a real domain.

Hey, good time to remind everyone that you can easily opt out of some of the exploitation of your social network to feed surveillance or ad datasets by hiding your network. You could also opt out of search indexing, but that doesn't really stop any scrapers.

Update. Turns out that John #Deere has been using open code under the #GPL w/o living up to the license. The Software Freedom Conservancy (@conservancy) is calling on it to comply — which would greatly enhance #farmers' #RightToRepair.
sfconservancy.org/blog/2023/ma

"We…publicly call on John Deere to immediately resolve all of its outstanding GPL violations…by providing complete source code…that the GPL & other copyleft licenses require, to the farmers & others who are entitled to it."

#OpenSource

CVE-2023-21036 / acropalypse is absolutely bonkers.

Apparently for 5+ years the cropping / editing tools for screenshots on Google Pixel phones was only overwriting the start of the screenshot PNG file, but not truncating.

All screenshots shared for the past 5+ years might have data recoverable from them. Demo available at acropalypse.app/

Google still hasn't communicated anything on this.

(h/t ItsSimonTime on Musk's site)

Show older