Qualcomm gobbles up Arduino
It was good while it lasted, I guess. Arduino will retain its independent brand, tools, and mission, while continuing to support a wide range of microcontrollers and microprocessors from multiple semiconductor providers as it enters this next chapter within the Qualcomm family. Following this acquisition, the 33M+ active users in the Arduino community will gain access to Qualcomm Technologies’ powerful technology stack and global reach. Entrepreneurs, businesses, tech profess … ⌘ Read more

How GitHub Copilot enabled accessibility governance process improvements in record time
See how we turned weekly accessibility grade signals into an automated, accountable remediation workflow—powered by GitHub Copilot and cross‑functional collaboration.

The post [How GitHub Copilot enabled accessibility governance process improvements in record time](https://github.blog/ai-and-ml/github-copilot/how-we-automated-accessibility-compliance-in-five-h … ⌘ Read more

Qualcomm to Acquire Arduino
Comments ⌘ Read more

Qualcomm to Acquire Arduino
Article URL: https://www.qualcomm.com/news/releases/2025/10/qualcomm-to-acquire-arduino-accelerating-developers–access-to-i

Comments URL: https://news.ycombinator.com/item?id=45502541

Points: 500

# Comments: 235 ⌘ Read more

My open letter, to the European Commission digital markets act team:

Hello,

I am joining other developers, concerned about Googles new plan, to approve every app and effectively destroy most of the competing 3rd party stores this way. The biggest one of these alternative stores, most known for their focus on user and developer privacy, already states, this would make it impossible for them to operate: https://f-droid.org/cs/2025/09/29/google-developer-registration-decree.html
Even communities like the XDA forum, where new developers are often introduced to the world of Android development, would likely be strongly impacted, as making, publishing and installing Android apps is made less accessible.

I am not just writing on their behalf, I run a small website myself (https://thecanine.ueuo.com/), that both provides legal modifications, for some android apps - for example adding an amoled dark theme, to the most popular XMPP chat client for Android, or increasing one of Androids keyboard apps height. This all comes after Googles previous changes to the Android operating system, that prevent users from installing old apps (old to Google, can mean only a couple of months, without an update - https://developer.android.com/google/play/requirements/target-sdk and the target version gets increased every year). I rely on apps developed by a single developer, even for things like making the pixel art presented on my website and sideloading as a way to make these apps work, before developers can catch up to Google’s new requirements - if Google is allowed to slowly kill these options, us digital artists will soon lose the tools we need to create digital art.

Unlimited access to Docker Hardened Images: Because security should be affordable, always
Every organization we speak with shares the same goal: to deliver software that is secure and free of CVEs. Near-zero CVEs is the ideal state. But achieving that ideal is harder than it sounds, because paradoxes exist at every step. Developers patch quickly, yet new CVEs appear faster than fixes can ship. Organizations standardize on… ⌘ Read more

wafer.space Launches GF180MCU Run 1 for Custom Silicon Fabrication
wafer.space has launched its first pooled silicon fabrication run on Crowd Supply, known as GF180MCU Run 1. The campaign offers designers the opportunity to fabricate 1,000 chips of their own design using GlobalFoundries’ 180 nm mixed-signal process. The initiative is aimed at providing accessible, structured access to custom silicon, with dies expected to ship in […] ⌘ Read more

Fine-Tuning Local Models with Docker Offload and Unsloth
I’ve been experimenting with local models for a while now, and the progress in making them accessible has been exciting. Initial experiences are often fantastic, many models, like Gemma 3 270M, are lightweight enough to run on common hardware. This potential for broad deployment is a major draw. However, as I’ve tried to build meaningful,… ⌘ Read more

Docker MCP Toolkit: MCP Servers That Just Work
Today, we want to highlight Docker MCP Toolkit, a free feature in Docker Desktop that gives you access to more than 200 MCP servers. It’s the easiest and most secure way to run MCP servers locally for your AI agents and workflows. The MCP toolkit allows you to isolate MCP servers in containers, securely configure… ⌘ Read more

Tiny RISC-V Development Board with WCH CH32V317WCU6 Available from $6.80
The nanoCH32V317 is a compact development board created by MuseLab to simplify prototyping and embedded system development. It integrates USB connectivity, Ethernet support, and a straightforward programming interface through USB Type-C, providing an accessible platform for engineers and hobbyists working with RISC-V microcontrollers. The board is powered by the WCH CH32V317WCU6, a RISC-V microcontro … ⌘ Read more

DietPi September 2025 Update Brings Faster Backups and Roon Server Early Access
The September 20th release of DietPi v9.17 introduces smaller and more efficient system images, faster backups with reduced disk usage, and a new toggle for Roon Server’s early access builds. The update also addresses SPI bootloader flashing issues on Rockchip devices, improves Raspberry Pi sound card handling, and includes multiple bug fixes across tools and […] ⌘ Read more

Pretty happy with my zs-blog-template starter kit for creating and maintaining your own blog using zs 👌 Demo of what the starter kit looks like here – Basic features include:

• Clean layout & typography
  
• Chroma code highlighting (aligned to your site palette)
  
• Accessible copy-code button
  
• “On this page” collapsible TOC
  
• RSS, sitemap, robots
  
• Archives, tags, tag cloud
  
• Draft support (hidden from lists/feeds)
  
• Open Graph (OG) & Twitter card meta (default image + per-post overrides)
  
• Ready-to-use 404 page
  

As well as custom routes (redirects, rewrites, etc) to support canonical URLs or redirecting old URLs as well as new zs external command capability itself that now lets you do things like:

$ zs newpost

to help kick-start the creation of a new post with all the right “stuff”™ ready to go and then pop open your $EEDITOR 🤞

#awesome #zs

Another win for the Digital Markets Act: Microsoft gives truly free access to additional year of Windows 10 updates to EU users
A few months ago, Microsoft finally blinked and provided a way for Windows 10 users to gain “free” access to the Windows 10 Extended Security Update program. For regular users to gain access to this program, their options are to either pay around $30, pay 1000 Microsoft points, or … ⌘ Read more

Aussie apple exports to Canada easier as restrictions relaxed
Australia apple growers will have easier access to the Canadian export market following trade negotiations between the nations. ⌘ Read more

This probably means that I can no longer host my own website. I don’t want to deploy something like Anubis, because that ruins the whole thing: I want it to be accessible from ancient browsers, like OS/2 or Windows 3.11.

I’ll keep an eye on it for a while. Maybe try to block some IPs.

Sooner or later, I’ll take the website down and shift everything to Gopher.

The bots have begun to access my website way more often. I’m getting about 120k hits on https://www.uninformativ.de/git/ now in a couple of hours.

They don’t cache anything, probably on purpose.

It comes in waves. I get about 100 hits (all at once) on that /git endpoint, all from different IPs. Then it takes a moment until I get another wave of about 500-1000 requests (all at once) where they do HEAD requests on some of the paths below /git. I assume they did a GET earlier and are now checking if something has changed.

We use all the Microsoft programs at work - Teams and Outlook especially.

After all kinds of technical problems with Teams, that sometimes go unresolved for over a year, Microsoft shifted their priorities away from fixing things and towards adding an annoying AI Copilot button, that just takes up space and all it does, is loads the website in Teams, so I disabled it. Soon they just add it back, but in a different row of icons, therefore it’s now a different button, you have to disable (I think they added yet another one, to the Teams, on my work phone and I had to disabled that too). Not too long after, the desktop one just enabled itself, because of “an error” and I can disable it, but doing so activates a popup, that begs you to turn it back on, every once in a while. You can’t disable the popup and can only click “Yes” or “Not now” on it. I still keep it disabled, out of principle, but yesterday I noticed yet another Copilot button, this time in the top right corner of my Outlook and this one cannot be disabled, on the business version of Outlook and even on the personal one, it’s only possible to do it through hidden privacy settings, by prohibiting the program from connecting to Microsoft servers, for extra “features”.

There’s people complaining about it online, so it’s clear nobody really wants it, but at this point Microsofts position is that you will have at least one useless AI button on your screen, at any given time, and you will be happy. And yes, their AI sucks and if I absolutely have to use AI for something, there’s already 2 better options, we have access to, at work.

I just saw that these motherfuckers also query my twtxt feed. I have to enable access logs for everything again and see who else wants some napalm response. :-(

In 1996, they came up with the X11 “SECURITY” extension:

https://www.reddit.com/r/linux/comments/4w548u/what_is_up_with_the_x11_security_extension/

This is what could have (eventually) solved the security issues that we’re currently seeing with X11. Those issues are cited as one of the reasons for switching to Wayland.

That extension never took off. The person on reddit wonders why – I think it’s simple: Containers and sandboxes weren’t a thing in 1996. It hardly mattered if X11 was “insecure”. If you could run an X11 client, you probably already had access to the machine and could just do all kinds of other nasty things.

Today, sandboxing is a thing. Today, this matters.

I’ve heard so many times that “X11 is beyond fixable, it’s hopeless.” I don’t believe that. I believe that these problems are solveable with X11 and some devs have said “yeah, we could have kept working on it”. It’s that people don’t want to do it:

Why not extend the X server?

Because for the first time we have a realistic chance of not having to do that.

https://wayland.freedesktop.org/faq.html

I’m not in a position to judge the devs. Maybe the X.Org code really is so bad that you want to run away, screaming in horror. I don’t know.

But all this was a choice. I don’t buy the argument that we never would have gotten rid of things like core fonts.

All the toolkits and programs had to be ported to Wayland. A huge, still unfinished effort. If that was an acceptable thing to do, then it would have been acceptable to make an “X12” that keeps all the good things about X11, remains compatible where feasible, eliminates the problems, and requires some clients to be adjusted. (You could have still made “X11X12” like “XWayland” for actual legacy programs.)

Another example:

$ setpriv \
    --landlock-access fs \
    --landlock-rule path-beneath:execute,read-file:/bin/ls-static \
    --landlock-rule path-beneath:read-dir:/tmp \
    /bin/ls-static /tmp/tmp/xorg.atom

The first argument --landlock-access fs says that nothing is allowed.

--landlock-rule path-beneath:execute,read-file:/bin/ls-static says that reading and executing that file is allowed. It’s a statically linked ls program (not GNU ls).

--landlock-rule path-beneath:read-dir:/tmp says that reading the /tmp directory and everything below it is allowed.

The output of the ls-static program is this line:

─rw─r──r────x 3000 200 07-12 09:19 22'491 │ /tmp/tmp/xorg.atom

It was able to read the directory, see the file, do stat() on it and everything, the little x indicates that getting xattrs also worked.

3000 and 200 are user name and group name – they are shown as numeric, because the program does not have access to /etc/passwd and /etc/group.

Adding --landlock-rule path-beneath:read-file:/etc/passwd, for example, allows resolving users and yields this:

─rw─r──r────x cathy 200 07-12 09:19 22'491 │ /tmp/tmp/xorg.atom

hey! i asked this a while ago but i have to ask again – is anyone willing to offer space on their yarn pod to my friend? i would love to invite her to my own but she’s unable to access my site for personal reasons. she’s really interested in seeing what yarn is about so if anyone is willing and able, let me know!

Okay, here’s a thing I like about Rust: Returning things as Option and error handling. (Or the more complex Result, but it’s easier to explain with Option.)

fn mydiv(num: f64, denom: f64) -> Option<f64> {
    // (Let’s ignore precision issues for a second.)
    if denom == 0.0 {
        return None;
    } else {
        return Some(num / denom);
    }
}

fn main() {
    // Explicit, verbose version:
    let num: f64 = 123.0;
    let denom: f64 = 456.0;
    let wrapped_res = mydiv(num, denom);
    if wrapped_res.is_some() {
        println!("Unwrapped result: {}", wrapped_res.unwrap());
    }

    // Shorter version using "if let":
    if let Some(res) = mydiv(123.0, 456.0) {
        println!("Here’s a result: {}", res);
    }

    if let Some(res) = mydiv(123.0, 0.0) {
        println!("Huh, we divided by zero? This never happens. {}", res);
    }
}

You can’t divide by zero, so the function returns an “error” in that case. (Option isn’t really used for errors, IIUC, but the basic idea is the same for Result.)

Option is an enum. It can have the value Some or None. In the case of Some, you can attach additional data to the enum. In this case, we are attaching a floating point value.

The caller then has to decide: Is the value None or Some? Did the function succeed or not? If it is Some, the caller can do .unwrap() on this enum to get the inner value (the floating point value). If you do .unwrap() on a None value, the program will panic and die.

The if let version using destructuring is much shorter and, once you got used to it, actually quite nice.

Now the trick is that you must somehow handle these two cases. You must either call something like .unwrap() or do destructuring or something, otherwise you can’t access the attached value at all. As I understand it, it is impossible to just completely ignore error cases. And the compiler enforces it.

(In case of Result, the compiler would warn you if you ignore the return value entirely. So something like doing write() and then ignoring the return value would be caught as well.)

@bender@twtxt.net Yeah, well, it’s a bit like twtxt. There is a Gopher community, but it’s small. I actually don’t like that HTTP is so easily accessible. I don’t like it that much when people post links to my site on HackerNews or something like that. Too much exposure.

Gopher is a small world. It’s slow and cozy.

And much like twtxt, the protocol is simple®, so it’s easier to tinker with it.

https://omnitools.app/ Access thousands of user-friendly utilities for editing images, text, lists, and data, all directly from your browser.

Radxa UFS/eMMC Module Reader and Storage Solution Enables Fast Flashing and Scalable Embedded Storage
Radxa’s UFS/eMMC Module Reader is a compact USB 3.0 adapter for flashing OS images, accessing firmware, and transferring large files. It supports both eMMC v5.0 and UFS 2.1 modules with speeds up to 5 Gbps The adapter is compatible with eMMC and UFS modules from Radxa, and also works with modules from platforms like PINE64 and […] ⌘ Read more

@lyse@lyse.isobeef.org Only 10% of the German population had Internet access in 1998: https://de.wikipedia.org/wiki/Internet_in_Deutschland#/media/Datei:Diagramm_Internetnutzer_in_Deutschland.svg I guess I was lucky in that regard.

(If today’s tech wasn’t constantly trying to track and scam you, I might still be an early adopter.)

Streams as web resources with access controls
Comments ⌘ Read more

Settings Management for Docker Desktop now generally available in the Admin Console
We’re excited to announce that Settings Management for Docker Desktop is now Generally Available!  Settings Management can be configured in the Admin Console for customers with a Docker Business subscription.  After a successful Early Access period, this powerful administrative solution has been enhanced with new compliance reporting capabilities, completing our vision for … ⌘ Read more

Settings Management for Docker Desktop now generally available in the Admin Console
We’re excited to announce that Settings Management for Docker Desktop is now Generally Available!  Settings Management can be configured in the Admin Console for customers with a Docker Business subscription.  After a successful Early Access period, this powerful administrative solution has been enhanced with new compliance reporting capabilities, completing our vision for … ⌘ Read more

When I chose the MIT license for all of my software, I thought:

“Should I use GPL, which I don’t really understand? Is that worth it? Yeah, there is a theoretical possibility that some company might use my code in their proprietary product … and then what? Should I sue them to enforce the GPL? I’m not going to do that anyway, so I’ll just use the MIT license.”

And now we have those LLM scrapers and now it’s suddenly a reality that these companies (ab)use my code. I can see it in my logs. I didn’t expect that back then.

GPL wouldn’t help, either, of course. (Regardless, I now think that GPL would have been the better choice anyway.)

I’m honestly considering taking my code and website offline. Maybe make it accessible through some obscure protocol like Gopher or Gemini, but no more HTTP.

(Yes, Anubis might help. Temporarily.)

I’m just tired.

CSRF: How I gained unauthorized access to Cart

Image

Read Free

Continue reading on InfoSec Write-ups » ⌘ Read more

Settings Management for Docker Desktop now generally available in the Admin Console
We’re excited to announce that Settings Management for Docker Desktop is now Generally Available!  Settings Management can be configured in the Admin Console for customers with a Docker Business subscription.  After a successful Early Access period, this powerful administrative solution has been enhanced with new compliance reporting capabilities, completing our vision for … ⌘ Read more

$540 Bounty: How a Misconfigured Warning Endpoint in Apache Airflow Exposed DAG Secrets

Image

CVE-2023–42780: An Improper Access Control Bug That Let Low-Privileged Users View DAG Impo … ⌘ Read more

Banana Pi Previews BPI-R4 Pro Router Board with MediaTek MT7988A and Wi-Fi 7 Support
Banana Pi has revealed early details about the BPI-R4 Pro, an upcoming router board powered by the MediaTek MT7988A (Filogic 880). Designed as a successor to the BPI-R4, it targets high-speed wireless and wired networking for applications such as Wi-Fi 7 access points and multi-gigabit gateways. The BPI-R4 Pro features a quad-core Arm Cortex-A73 CPU […] ⌘ Read more

Types and other techniques as an accessibility tool for the ADHD brain
Comments ⌘ Read more

Memory Analysis Introduction | TryHackMe Write-Up | FarrosFR

Image

Non-members are welcome to access the full story here.

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/memory-analysis-introduction-tryhackme-write-up-farrosfr-32e … ⌘ Read more

Access Denied to Hall-of-Fame

Image

Proof that even “Access Denied” can open doors

Continue reading on InfoSec Write-ups » ⌘ Read more

Logic Flaw: Deleting HackerOne Team Reports Without Access Rights

Image

How a GraphQL Mutation Allowed Unauthorized Report Deletion Across Teams

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/logic-flaw … ⌘ Read more

This One Hacker Trick Got Me Access to an Admin Dashboard ️

Image

Sometimes, it’s not about brute force. It’s about finesse. One header. One oversight. One open door.
— A Hacker’s Mindset 🧠

[Continue reading on InfoSec … ⌘ Read more

$500 Bounty: Shopify Referrer Leak: Hijacking Storefront Access with a Single Token

Image

Referrer Header Leaks + Iframe Injection = Storefront Password Bypass

[Continue reading on InfoSec Writ … ⌘ Read more

Hacking Insights: Gaining Access to University of Hyderabad Ganglia Dashboard ⌘ Read more

GitHub MCP Exploited: Accessing private repositories via MCP
Comments ⌘ Read more

GitHub MCP Exploited: Accessing private repositories via MCP
Comments ⌘ Read more

Access Control Syntax
Comments ⌘ Read more

Maybe you’ll enjoy this as well:

I still have one of my first modems, a Creatix LC 144 VF:

I think this was the modem that I used when I first connected to the internet, but I’m not sure.

I plugged it in again and it still works:

The firmware appears to be from 1994, which sounds about right. I don’t think we had internet access before that. We certainly did use local mailboxes, though. (Or BBS’s, as you might call them.)

I now want to actually use that modem again. For the moment, I can only use a phone to dial into it, I lack a second modem to actually establish a connection. Here’s a video:

Not spectacular, but the modem does answer after me entering ATA.

I bought another cheap old modem on eBay and am now waiting for it to arrive. Once it’s here, I want to simulate an actual dial-up session, hopefully from OS/2 or Windows 3.x.

High-Level Group on Access to Data for Effective Law Enforcement
Comments ⌘ Read more

NanoKVM Pro Delivers 4K IP-KVM Capabilities with Dual-System Support and Enhanced Remote Management
The NanoKVM Pro is a compact IP-KVM device designed for remote access, system control, and local display monitoring. Building on the earlier NanoKVM, this version introduces 4K resolution support, improved connectivity, and broader compatibility with open-source platforms. This device enables real-time remote desktop access at up to 4K at 30 fram … ⌘ Read more

GhostBSD: from usability to struggle and renewal
This article isn’t meant to be technical. Instead, it offers a high-level view of what happened through the years with GhostBSD, where the project stands today, and where we want to take it next. As you may know, GhostBSD is a user-friendly desktop BSD operating system built with FreeBSD. Its mission is to deliver a simple, stable, and accessible desktop experience for users who want FreeBSD’s power without the complexity of manual set … ⌘ Read more

Writing Pentest Reports | TryHackMe Write-Up | FarrosFR

Image

Non-members are welcome to access the full story here. Write-Up by FarrosFR | Cybersecurity

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/writing-pentest-reports-tryhackme-wri … ⌘ Read more

I Broke Rate Limits and Accessed 1000+ User Records — Responsibly

Image

👉Free Article Link

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/i-broke-rate-limits-and-accessed-1000-user-records-responsibly-8c45f … ⌘ Read more