David Buchanan
@retr0.id
reverse engineering, cryptography, exploits, hardware, file formats, and generally giving computers a hard time
Fedi: @retr0id@retr0.id
Macroblog: https://www.da.vidbuchanan.co.uk/blog/
Fedi: @retr0id@retr0.id
Macroblog: https://www.da.vidbuchanan.co.uk/blog/
and all systems are distributed systems
November 13, 2025 at 5:43 PM
and all systems are distributed systems
(by "directly" I mean by modifying the client or using a different one)
November 12, 2025 at 10:18 PM
(by "directly" I mean by modifying the client or using a different one)
it works fine if you upload it directly
November 12, 2025 at 10:15 PM
it works fine if you upload it directly
It does however mean that you can upload a GIF as a GIF, if you really want to (don't get too excited, the image CDN will still convert it to a jpeg)
November 12, 2025 at 9:38 PM
It does however mean that you can upload a GIF as a GIF, if you really want to (don't get too excited, the image CDN will still convert it to a jpeg)
There are synthetic test cases at github.com/did-method-p..., the most interesting "live" one I found is plc.directory/did:plc:rpkd...
go-didplc/testdata at main · did-method-plc/go-didplc
Go implementation of did:plc. Contribute to did-method-plc/go-didplc development by creating an account on GitHub.
github.com
November 12, 2025 at 8:53 PM
There are synthetic test cases at github.com/did-method-p..., the most interesting "live" one I found is plc.directory/did:plc:rpkd...
Ah here we go html.spec.whatwg.org/multipage/ca...
HTML Standard
html.spec.whatwg.org
November 12, 2025 at 8:52 PM
Ah here we go html.spec.whatwg.org/multipage/ca...
I believe the "bug" is implemented by the HTMLImageElement spec
November 12, 2025 at 8:47 PM
I believe the "bug" is implemented by the HTMLImageElement spec
this looks interesting although I wouldn't call it a full implementation without this, it's basically the core of the PLC mechanism
November 12, 2025 at 8:25 PM
this looks interesting although I wouldn't call it a full implementation without this, it's basically the core of the PLC mechanism
somebody has an AI agent that can reliably spam my email inbox
November 12, 2025 at 4:10 PM
somebody has an AI agent that can reliably spam my email inbox
*I* write them lowercase but I expect my http library to canonicalize them
November 12, 2025 at 2:34 AM
*I* write them lowercase but I expect my http library to canonicalize them
MTE and the likes aren't far off
November 12, 2025 at 12:41 AM
MTE and the likes aren't far off
maybe they're using a galaxy-brained email validation scheme:
1. compile a list of every email ever (from public data breaches)
2. find the email with smallest Levenshtein distance from the user-entered email
3. you now have a valid email address!
1. compile a list of every email ever (from public data breaches)
2. find the email with smallest Levenshtein distance from the user-entered email
3. you now have a valid email address!
November 11, 2025 at 8:52 PM
maybe they're using a galaxy-brained email validation scheme:
1. compile a list of every email ever (from public data breaches)
2. find the email with smallest Levenshtein distance from the user-entered email
3. you now have a valid email address!
1. compile a list of every email ever (from public data breaches)
2. find the email with smallest Levenshtein distance from the user-entered email
3. you now have a valid email address!
Are the images contained within the email? Seems kinda weird for a signup email!
November 11, 2025 at 8:29 PM
Are the images contained within the email? Seems kinda weird for a signup email!
"parse don't validate" ummmm why would I do that my data is already valid
November 11, 2025 at 6:05 PM
"parse don't validate" ummmm why would I do that my data is already valid
This is different though, trusted code can still print untrusted data to stdout
November 11, 2025 at 5:53 PM
This is different though, trusted code can still print untrusted data to stdout