Please tell your friends about federated social media site that speaks several fediverse protocols thus serving as a hub uniting them, hubzilla.eskimo.com, also check out friendica.eskimo.com, federated
macroblogging social media site, mastodon.eskimo.com a federated microblogging site, and yacy.eskimo.com an uncensored federated search engine. All Free!
What is it with government functionaries trying to compel loyalty oaths to a foreign entity when people are recovering from a natural disaster and least able to fight such an outrage?
This was previously seen in Texas, but reversed (but not the state law behind it), and now ... well, we can't rule out malicious compliance, especially in the dog days of summer:
"US quickly reverses pledge to link disaster funds to Israel boycott stance
"Hours after posting it, Department of Homeland Security removes statement that funding is dependent on states not cutting ‘commercial relations’ with Israeli companies"
Did not send an "America First" message to Trump's base....
Hours after posting it, Department of Homeland Security removes statement that funding is dependent on states not cutting 'commercial relations' with Israeli companies
Rachel Maddow points out that the thing most Americans were dreading has come to pass, and the United States has changed profoundly in only six months of aut...
Les bug bounty hunters n’ont qu’à bien se tenir car Google va bientôt tenter de les remplacer (comme ils ont déjà remplacé pas mal de créateurs web) grâce à leur nouvelle IA baptisée Big Sleep. En effet, celle-ci vient de prouver qu’elle peut détecter des failles de sécurité que même les meilleurs hackers humains ont loupées. Et je ne vous parle pas de petites vulnérabilités bidons, mais de véritables failles dans des logiciels critiques.
Vous vous souvenez quand je vous parlais de XBOW, cette IA qui était devenue numéro 1 sur HackerOne ? Eh bien Google vient de rentrer dans la danse avec Big Sleep, et visiblement ils ne sont pas venus pour rigoler. L’approche est différente mais tout aussi impressionnante.
Big Sleep, c’est le fruit d’une collaboration entre Google Project Zero (l’équipe d’élite qui trouve des failles zero-day) et DeepMind (les génies derrière AlphaGo). Ensemble, ils ont créé une IA capable d’analyser du code source et de détecter des vulnérabilités de manière autonome. Le nom “Big Sleep” vient d’ailleurs du roman noir de Raymond Chandler (lien affilié), un clin d’œil au côté détective de l’IA.
La première vraie victoire de Big Sleep, c’est donc d’avoir trouvé une vulnérabilité stack buffer underflow dans SQLite, la base de données la plus utilisée au monde. Cette faille était passée sous le radar de tous les outils de fuzzing traditionnels et des chercheurs humains. L’IA a réussi à l’identifier en analysant les patterns de code et en comprenant la logique profonde du programme.
Ce qui est vraiment fou avec Big Sleep, c’est sa capacité à comprendre le contexte et la sémantique du code car contrairement aux outils de fuzzing classiques qui bombardent le programme avec des données aléatoires pour voir s’il crashe, Big Sleep lit et comprend réellement ce que fait le code.
C’est la différence entre un lecteur de Korben.info qui lit l’un de mes articles et qui est content. Et un lecteur de Korben.info (ou pas d’ailleurs) qui lit l’un de mes articles en diagonale (ou juste le titre…lol), qui ne comprend rien et qui part ensuite m’insulter sur les réseaux sociaux ^^.
Google explique que Big Sleep utilise une approche en plusieurs étapes. D’abord, l’IA analyse le code source pour comprendre sa structure et son fonctionnement. Ensuite, elle identifie les zones potentiellement vulnérables en se basant sur des patterns connus mais aussi sur sa compréhension du flux de données. Enfin, elle génère des cas de test spécifiques pour confirmer l’existence de la vulnérabilité.
Les 20 vulnérabilités découvertes touchent différents types de logiciels, des bibliothèques système aux applications web. Google reste discret sur les détails exacts pour des raisons évidentes de sécurité, mais ils confirment que toutes les failles ont été corrigées avant toute exploitation malveillante. C’est le principe du responsible disclosure : on trouve, on prévient, on corrige, et seulement après on communique.
Ce qui différencie Big Sleep de XBOW, c’est surtout l’approche. Là où XBOW excelle dans les bug bounties publics avec une approche plus agressive, Big Sleep semble plutôt orienté vers l’analyse en profondeur de code complexe. Les deux IA sont donc complémentaires et montrent bien que l’avenir de la cybersécurité passera par ces assistants intelligents.
D’ailleurs, Google ne compte pas garder Big Sleep pour lui et l’équipe travaille sur une version open source qui permettra à la communauté de bénéficier de cette technologie. L’idée c’est de démocratiser la recherche de vulnérabilités pour que même les petites entreprises puissent sécuriser leur code.
Mais attention, tout n’est pas rose non plus car que se passera-t-il si des acteurs malveillants mettent la main sur ce genre d’IA ? La course aux armements entre attaquants et défenseurs risque de fortement s’accélérer drastiquement. Google assure avoir mis en place des garde-fous, mais on sait tous que dans le domaine de la sécurité, rien n’est jamais garanti à 100%.
Selon Google, Big Sleep peut analyser en quelques heures ce qui prendrait des semaines à une équipe humaine et contrairement à vous les vacanciers éternels, l’IA ne se fatigue pas, ne fait pas d’erreur d’inattention, et peut traiter des volumes de code monumentaux. Sur les 20 vulnérabilités trouvées, au moins 5 étaient considérées comme critiques avec un score CVSS supérieur à 8.
Pour voir les dernières découvertes de BigSleep c’est par ici.
L’objectif pour Google à terme c’est de créer une IA capable de comprendre non seulement le code, mais aussi l’intention derrière le code, donc si vous êtes développeur ou responsable sécurité, il est temps de prendre ce sujet au sérieux. Les IA comme Big Sleep et XBOW ne sont pas des gadgets, donc commencez à réfléchir à comment intégrer ces outils dans vos processus de développement et surtout, n’attendez pas que les attaquants s’en servent contre vous.
BRITAIN is “not just complicit, but an active participant” in Israel’s genocide in Gaza, activists said today during a protest by British Jews against attacks on Palestine.
DEAR FRIENDS. IF YOU LIKE THIS TYPE OF CONTENT, SUPPORT SOUTHFRONT WORK: MONERO (XMR): 86yfEHs6pkoDEKCxc6MAnQX8cVHmzhYxMVrNuwKgNmqpWK8dDxjgGnK8PtUNJMA...
Die Polizei nutzt immer öfter Staatstrojaner. Im Jahr 2023 durfte sie 130 Mal Geräte hacken und ausspionieren, 68 Mal war sie damit erfolgreich. Das ist eine Verdopplung innerhalb von zwei Jahren. Das geht aus der offiziellen Justizstatistik hervor. Justizstatistik 2023: Polizei hackt alle fünf Tage mit Staatstrojanern
The comments of Ramirez have clearly struck a nerve on both sides. For my part, I am very proud of both my Irish-Sicilian background. My Sicilian grandparents came to this country at the turn of the century. They were deeply proud of their heritage but always insisted that their children identify as Americans first and foremost.
Democrat Rep. Delia Ramirez (D., Ill.) is locked into a fierce fight with the White House over controversial remarks at the second annual Panamerican Congress held in Mexico, including declaring, “…
Google has released security updates to address multiple security flaws in Android, including fixes for two Qualcomm bugs that were flagged as actively exploited in the wild. The vulnerabilities include CVE-2025-21479 (CVSS score: 8.6) and CVE-2025-27038 (CVSS score: 7.5), both of which were disclosed alongside CVE-2025-21480 (CVSS score: 8.6), by the chipmaker back in June 2025. CVE-2025-21479 posted by pod_feeder
In der Nacht zum Mittwoch wechseln sich Wolken und Sonne ab, im Süden ist es gering bewölkt. An der Küste gibt es noch einzelne Schauer. Die Temperaturen sinken auf 15 Grad an der See und 9 Grad im Harzvorland. Im Binnenland lässt der Wind nach und weht aus westlicher Richtung. An der See bleibt es frisch mit starken bis stürmischen Böen. /LL
GitHub is introducing non-essential cookies on web pages that market our products to businesses. These cookies will provide analytics to improve the site experience and personalize content and ads ...
A lot of people don’t know that Ghislaine Maxwell’s dad, Robert Maxwell, played a pivotal role in setting up the system for how science research gets publish...
This is really interesting, but also quite a big deal because it means if you care enough to do ANY kind of honest research, you're really likely to just bang into undiscovered things by accident, because the whole scientific community is chasing their tails so nobody is really asking any questions (except of course "how do I get published")...
Singapore - Saba:
Gold prices fell on Sunday, affected by profit-taking after the sharp rise in the previous session following the release of weaker-than-expected US jobs data, which reinforced expectations of a Federal Reserve interest rate cut in …
Great from @pluralistic on why my individual efforts to remove myself from Big Tech's clutches won't achieve anything, and why we need systematic responses, not individual ones. pluralistic.net/2025/07/31/uns…
Microsoft's AI-fueled 4 trillion valuation highlights the massive impact of the AI bubble on the US economy. AI investments are now acting as a private sector stimulus, contributing more to US economic growth than consumer spending. However, a clear and sustainable business model remains elusive. In many ways, the current AI boom mirrors the dynamics of the dot-com era.
I know you don't agree with my anti-AI stance, but this kinda proves my point. If AI is a bubble (it is), then the market pushes for AI in everything, and everything dependent on AI will cause an economic bloodbath when it pops. An Anti-AI model may be the only foil against a worse outcome.
@Sh4d0w_H34rt O think it's important to separate the tech from the capitalist industry using it. Meanwhile, an economic crash was already in the works even without AI. All the bubble did was postpone what was already inevitable.
It's also informative to see how this tech is being integrated into Chinese economy for contrast.
A friend just sent me this article about losing a spouse.
"You think you're prepared. you go in with boxes and garbage bags. You tell yourself you’ll be strong. You think, “It’s just stuff.”
But then you open a drawer. And their handwriting is still on a notepad. Their scent still clings to the sleeves of that sweater you begged them to throw out every winter. Their shoes are still lined up by the door like they might be back any minute.
You find yourself sitting on the floor, holding a shirt to your face, trying to memorize a smell you know is already fading. You whisper “I’m sorry” to objects you tuck away in boxes. You fold things neatly like you’re still trying to take care of them. You pause before tossing something out, because what if that was their favorite?
No one tells you how loud the silence is when their closet door creaks open.
No one tells you how heavy an empty coat can feel in your hands. No one tells you that cleaning out a space can shatter you all over again.
It’s not just cleaning. It’s letting go of little pieces you were never ready to lose. It’s closing a drawer for the last time and feeling like you’re betraying them. It’s packing up the life you shared, while your heart silently begs, please don’t make me.
Because deep down, you’re not just packing away their things —
Columbia University's recent suspension and expulsion of more than 70 students for a Palestine demonstration is the latest sign the school's crackdown on activism is not simply about campus conduct, but appeasing political pressure from Washington.
Columbia University’s recent suspension and expulsion of more than 70 students for a Palestine demonstration is the latest sign the school’s crackdown on activism is not simply about campus conduct, but appeasing political pressure from Washington.
Mark Mansour notes that the overt, unabashed gerrymandering proposed by Texas Republicans is designed, by their own admission, to "enhance the political efficacy” of GOP votes.
What this is really about is enhancing the political efficacy of WHITE RURAL voters. As Mansour says, it's "a chilling disenfranchisement of millions of voters—especially Black, Latino, and Asian Americans."
As Tom Schaller and Paul Waldman show in their important 2024 study White Rural Rage: The Threat to American Democracy, no demographic group is so catered to politically and has so much unmerited and outsized clout as white rural voters. They write:
“No group was ever dealt a better electoral hand than rural White Americans."
The inflated power of rural White voters confers upon them an unusual ability to force state and national governments to cater to their preferences and grievances. Herein lies the danger: precisely because they wield inflated power, rural Whites’ increasingly tenuous commitments to democratic norms and traditions are magnified across the U.S. political system in many of the same ways their preferences have been for two centuries” (p. 63).
"Partisan gerrymandering is legal because the US Supreme Court declared in 2019 that it is too difficult for federal judges to ensure that congressional districts are fairly drawn. (A demonstrably false claim.)"
"Having washed its hands of voter suppression like a modern-day Pontius Pilate, the Supreme Court relinquished control of congressional districting to a patchwork of inconsistent, flawed, and (sometimes) corrupt state legislatures. Chaos ensued."
“Trump knows he can’t win the upcoming mid-term elections, so he is trying to rig them. And the way he is trying to do it is to dismantle the Voting Rights Act of 1965 as we know it. He is trying, for example to try and dismantle Hispanic and African-American opportunity districts."
Billy Begala explains how the Republican gerrymandering proposal wants to "carve up Texas like a Christmas ham," disenfranchising Black and Hispanic voters and privileging rural white ones.
At Trump’s command, the Texas GOP’s redistricting maps strip voting power away from Black Texans and are an insult to us all — regardless of partisan stripes.
Russia's Foreign Ministry spokesperson has announced that Moscow is prepared to increase collaboration with BRICS countries to combat the pressure of illegal US sanctions.
Trump said if oil drops another $10 per barrel, it could force Russia to end the war against Ukraine. He also promised to raise tariffs on India within a day.
Talk about powerful: Rachel Maddow last night on how "we're beyond waiting and seeing now":
"Whether you're looking at small scale local stories or the biggest picture stories about what's happening in our country, the story is the same and it is now an undeniable thing. We have crossed a line. we are in a place we did not want to be, but we are there."
Rachel Maddow points out that the thing most Americans were dreading has come to pass, and the United States has changed profoundly in only six months of aut...
"Whether you're looking at small scale local stories or the biggest picture stories about what's happening in our country, the story is the same and it is now an undeniable thing. We have crossed a line. We are in a place we did not want to be, but we are there. The thing we were all warning about for the last few years is not coming. It is here. We are in it."
"We do now live in a country that has an authoritarian leader in charge. We have a consolidating dictatorship in our country. and it sounds melodramatic to say it, i know, but just go with that for a minute, right? Think. Think in melodramatic terms. Think in cinematic terms. Imagine the cartoon level caricature of what you think a dictatorship looks like."
Reminds me of how, at my writing group last month, one of the members talked about how gross it was that there were people lining up to get autographs from Dean Cain. You know, because he’s MAGA and so the people getting the autographs were probably also pieces of shit. I’m sure if I said anything anti-liberal they’d kick me right out for being “political.” But that dipshit going off about Republicans? A-OK.
Transition vegane, je remplace le lait entier par le lait d'avoine barista de Oatly dans les céréales et j'ai trouvé une glace Ben&Jerry's "Chocolate fudge brownie" vegane ! #AspirantVegan #GoVegan #Vegan
Bon, le lait d'avoine est au moins 1 euros plus cher que le lait, donc j'en prendrais moins. Et la glace fait 15 euros le kilo versus dix balles pour la version pas vegane. Passer vegane, ça coûte plus cher sur un paquet de truc. Surtout si on cuisine pas.
tiens, ça y est, le râpé vegan Nourish est arrivé dans mon supermarché local. Toujours pas de végétariens ni vegans dans la famille, mais c'est bon à savoir quand on a des potes qui viennent manger. J'ai failli en prendre pour tester mais la petite a soufflé en regardant le plafond 😒
H4Heights 🇪🇺🇵🇸🇺🇦🇨🇦
in reply to Michael • • •#NaztyLittleMan