Today I got a cheery email from somebody who claims to be the "ethics and compliance" officer for a company called Bright Data. He wanted to have a "no pressure" conversation about the whole AI scraperbot problem. Looking at their web site, this company offers an API that, and I quote, "Bypasses anti-scraping mechanisms and solves CAPTCHAs, ensuring uninterrupted access to the most protected web sites".

After careful consideration for several milliseconds, I have concluded that I really don't have anything to discuss with this person.

But at least their claimed "100M+" of residential IP addresses that they use for their DDOS attacks are "ethically sourced".

The internet of things is truly a wonder. 😝

#dishwasher #parody #iot

restic 0.18.0 is released! Blog: https://restic.net/blog/2025-03-27/restic-0.18.0-released/

GitHub: https://github.com/restic/restic/releases/tag/v0.18.0

New blog post: "ECN, ECMP and anycast: a cocktail of broken connections"

Just over five years ago, I was seeing weird "connection reset" errors when trying to connect to Cloudflare sites.

This turned out be due to an unholy alliance between ECN, ECMP and anycast routing, and figuring this out was quite interesting.

I meant to write up the experience in a blog post at the time, but somehow never got around to it. I was just reminded of this, so better late than never!

https://blog.tohojo.dk/2025/03/ecn-ecmp-and-anycast-a-cocktail-of-broken-connections.html

Trying to make it easier to debug RTNL lock contention...

https://github.com/iovisor/bcc/pull/5230

#GNUTerryPratchett

Ten years ago, Sir Terry Pratchett died. But "A man’s not dead while his name is still spoken."

We carry his memory with each DokuWiki release being named after one of his many Discworld characters.

If you never read a book by him - now is a good time to do so!

#GNUTerryPratchett

X-Clacks-Overhead: GNU Terry Pratchett

(That's been in all my outbound e-mail for a decade now.)

#RIP #TerryPratchett

If your criticism of "big tech" is merely a result of the unhappiness about the fact that Meta, Google and Microsoft aren't EU-corporations you are missing the point.

There is nothing that indicates that SAP or Deutsche Telekom would hesitate a second at the chance of becoming equally violent and exploitive forces.

The solution to Big Tech isn't EU Big Tech. It's de-commercialisation and democratization of tech.

That ESP32 thing has a CVE: CVE-2025-27840: https://nvd.nist.gov/vuln/detail/CVE-2025-27840 .

And, pretty much everything all of the well-known infosec people have been saying is correct: physical access required (or, high privileges and high attack complexity; the score is kinda 'wrong' in some sense because it is combining two exploitation vectors but I think it gets across the point: this is not wormable and is not exploitable via wireless, at least not on its own. and if your threat model allows for physical access but still treats this as a big deal somehow, go home, your threat model is drunk).

“The fundamental weakness of Western civilization is empathy, the empathy exploit,” Musk said. “There it’s they’re exploiting a bug in Western civilization, which is the empathy response.”
-Elon Musk, March 6, 2025

“In my work with the defendants (at the Nuremberg Trials 1945-1949) I was searching for the nature of evil and I now think I have come close to defining it. A lack of empathy. It’s the one characteristic that connects all the defendants, a genuine incapacity to feel with their fellow men. Evil, I think, is the absence of empathy.”
-Captain G. M. Gilbert, the Army psychologist assigned to watching the defendants at the Nuremberg trials

https://www.cnn.com/2025/03/05/politics/elon-musk-rogan-interview-empathy-doge/index.html

The ubiquitous ESP32 microchip made by Chinese manufacturer Espressif and used by over 1 billion units as of 2023 contains an undocumented "backdoor" that could be leveraged for attacks.

Update 3/9/25: After receiving concerns about the use of the term "backdoor" to refer to these undocumented commands, we have updated the title of our story.

https://www.bleepingcomputer.com/news/security/undocumented-commands-found-in-bluetooth-chip-used-by-a-billion-devices/

Given it’s international women’s day, I’d like to encourage you all, but especially Dutch men to read these ‘anti-acknowledgments’ in a PhD thesis. This is not from somewhere else, it’s from Delft. And it’s not from the 1950s, but from the present. Unfortunately what academic life and culture in The Netherlands is still like. The author is just one of the few who actually spoke up about it, but there are many stories like it.

(Alt at https://pastebin.com/cqLvxX1f)

"Hi Daniel,

I've written a web fuzzer in c using your library libcurl. I want to thank you for writing a this easy to use, fast and good library. I'm 11 years old and I don't have much experience but your library made it possible."

🚨I promised I'd say more on the Royal Society and Elon Musk, so here it is. 🚨

I've resigned my position as Associate Editor at Royal Society's journal Open Science in protest at their lack of action over Elon Musk.

My op-ed in the Guardian
https://www.theguardian.com/commentisfree/2025/mar/04/elon-musk-science-royal-society-scientific-integrity
1/2

My latest cartoon for @newscientist.com #science #mathematics

I made a nerdy thing!

LatexInComments (laic) is an #emacs package to render LaTeX math blocks in code comments as overlays.

https://github.com/esquellington/LatexInComments

Just to be clear, because a bunch of assholes have hijacked public perception and lifted up some of the worst people on Earth as exemplars of what the “tech world” is supposed to be:

I’ve been in the software world for decades, surrounded by thoughftul, creative, and humane people with whom I’ve formed many wonderful friendships and done meaningful work. That’s possible. It’s normal, even.

You don’t have to become a sociopath to make it in the tech world. Or a malignant narcissist. Or a Nazi.

Your instincts to be a decent person are good instincts. Don’t let anyone talk you into being an antisocial monster. You don’t have to be.

Linus replied to Christoph about the Rust for #Linux DMA blockage:

https://lore.kernel.org/all/CAHk-=wgLbz1Bm8QhmJ4dJGSmTuV5w_R0Gwvg5kHrYr4Ko9dUHQ@mail.gmail.com/

'"Honestly, what you have been doing is basically saying "as a DMA maintainer I control what the DMA code is used for".

And that is not how *any* of this works […]

You are saying that you disagree with Rust - which is fine […]

I respect you technically, and I like working with you.

And no, I am not looking for yes-men, and I like it when you call me out on my bullshit. […]"'

#kernel #LinuxKernel