Lightnews — Scholar-powered news

Reposted by Fredrik Dahlgren

seifert 🐢 @seifert.bsky.social · 3h

Ewan McGregor i inledningen till Trainspotting springer mot kameran. En påmålad pratbubbla sträcker sig från hans mun och innehåller det quoteade inlägget nedan

Fredrik Dahlgren @fegge.bsky.social · 1d

WAICT builds on subresource integrity to create an end-to-end transparency solution for web applications. It is still early days, but this looks like great news for web application auditability and trust! 🎉

blog.cloudflare.com/improving-th...

Improving the trustworthiness of Javascript on the Web

Today, there's no way to audit a site’s client-side code as it changes, making it hard to trust sites that use cryptography. We preview a specification we coauthored that adds auditability to the web.

blog.cloudflare.com

1

Reposted by Fredrik Dahlgren

Lukasz Olejnik @lukaszolejnik.bsky.social · 4d

Geostationary satellites are leaking critical data, transmitting sensitive communications in the clear. With just $800 of consumer hardware, researchers intercepted military, telecom, retail, and infrastructure traffic. satcom.sysnet.ucsd.edu/docs/dontloo...

1 27 56

Reposted by Fredrik Dahlgren

Amanda Sokolnicki @amandasokolnicki.bsky.social · 10d

Vad bra Moderaterna mår. (Återigen: Underlaget jag skriver utifrån är alltså officiell SCB-statistik!)

10 21 94

Reposted by Fredrik Dahlgren

Ola Spännar @olaspannar.bsky.social · 12d

Påminnelse. År 2025 lever 700 000 människor i materiell och social fattigdom i Sverige. Det är en ökning med 120 000 på ett år. Bara sedan 2021 har andelen fattiga nästan fördubblats, från 3,5% till 6,6%. Ojämlikheten skenar

www.dagensarena.se/innehall/fat...

Fattigdomen fördubblad i Sverige på tre år | Dagens Arena

Andelen fattiga i Sverige har fördubblats sedan 2021 och är nu nära 7 procent av befolkningen. 700 000 personer klarar inte att betala nödvändiga utgifter.

www.dagensarena.se

10 87 150

Fredrik Dahlgren @fegge.bsky.social · 11d

Jag försökte bli månadsgivare till en organisation jag stödjer, men för att godkänna autogirot var jag tvungen att ge något som heter FinShark tillgång till mitt konto i 180 dagar!? Det känns ju helt bananas! Är det här verkligen det bästa vi kan åstadkomma 2025?

Ett screenshot med texten

”Min avsikt: Med denna inloggning kommer FinShark AB komma åt följande tjänster i 180 dagar:

- Titta på transaktionskonton och kortkoppladekontokopplade kort
- Initiera betalningsuppdrag från transaktionskonton”

1 2

Reposted by Fredrik Dahlgren

Signal @signal.org · 14d

We are alarmed by reports that Germany is on the verge of a catastrophic about-face, reversing its longstanding and principled opposition to the EU’s Chat Control proposal which, if passed, could spell the end of the right to privacy in Europe. signal.org/blog/pdfs/ge...

signal.org

41 2.4K 4K

Fredrik Dahlgren @fegge.bsky.social · 15d

This is so cursed.

LaurieWired @lauriewired.bsky.social · 15d

Virtual Machines render fonts. It’s kind of insane.  

TrueType has its own instruction set, memory stack, and function calls.  

You can debug it like assembly. It’s also exploitable:

1 4

Fredrik Dahlgren @fegge.bsky.social · 15d

I really recommend reading the blog post though. It goes into detail on some of the engineering and security considerations that went into the design, as well as how the rollout is handled.

Fredrik Dahlgren @fegge.bsky.social · 15d

The triple ratchet extends the double ratchet with a second, sparse post-quantum ratchet called SPQR. SPQR is based on a chunked version of ML-KEM 768. The outputs from both are passed to a KDF to form a hybrid KEM.

1 2

Fredrik Dahlgren @fegge.bsky.social · 15d

Signal is really pushing the envelope with their new post-quantum secure triple ratchet. The protocol is formally verified using ProVerif, and the implementation uses hax to verify correctness and panic-freeness of the implementation. Really great work!

Signal @signal.org · 15d

In 2023, Signal was the first mainstream messenger to enable post-quantum cryptography. We’re still ahead of the (elliptical) curve, implementing a new hybrid PQ ratchet ensuring Forward Secrecy & Post-Compromise Security even in a post-quantum world. signal.org/blog/spqr/

Signal Protocol and Post-Quantum Ratchets

We are excited to announce a significant advancement in the security of the Signal Protocol: the introduction of the Sparse Post Quantum Ratchet (SPQR). This new ratchet enhances the Signal Protocol’s...

signal.org

1 2

Fredrik Dahlgren @fegge.bsky.social · 21d

This gives a whole new meaning to APT.

1

Fredrik Dahlgren @fegge.bsky.social · 21d

Excel is Turing complete. Just sayin.

Fredrik Dahlgren @fegge.bsky.social · 25d

LLDB adds native support for MCP.

lldb.llvm.org/use/mcp.html

Model Context Protocol (MCP) - 🐛 LLDB

lldb.llvm.org

Reposted by Fredrik Dahlgren

Strömberg @cs1891.bsky.social · 29d

Fan ta svenska folket om de inte röstar bort de brunblå om ett år.

3 6 69

Reposted by Fredrik Dahlgren

Jonas Grenfeldt @grenfeldt.bsky.social · 29d

4 18 41

Fredrik Dahlgren @fegge.bsky.social · Sep 18

In the EU (Sweden) we (and Google) are apparently still not wholly convinced.

An image of the Mexican gulf, with the label ”Mexican gulf” followed by ”American gulf” in parenthesis.

Reposted by Fredrik Dahlgren

Matthew Green @matthewdgreen.bsky.social · Sep 17

I know it’s been said again and again, but what does it say about ChatControl that its backers keep explicitly *exempting* law enforcement and national security accounts from content scanning?

3 40 96

Reposted by Fredrik Dahlgren

Neal Agarwal @neal.fun · Sep 16

I’m Not a Robot, a game about solving CAPTCHAs, is out now!

good luck :)

> neal.fun/not-a-robot/

53 330 820

Reposted by Fredrik Dahlgren

Lea Kissner @leak.bsky.social · Sep 15

TIL that setting LESSSECURE makes you more secure

Man page for the less command, telling you that the flag LESSSECURE puts the less command in secure mode

2 6 44

Fredrik Dahlgren @fegge.bsky.social · Sep 15

Solving AI alignment alignment.

alignmentalignment.ai

Center for the Alignment of AI Alignment Centers

We align the aligners

alignmentalignment.ai

5

Fredrik Dahlgren @fegge.bsky.social · Sep 15

Great paper on finding and exploiting parser differentials between ZIP parsers to bypass signature validation, malware detection, or VSCode extension ID validation.

www.usenix.org/conference/u...

The image shows two LibreOffice documents. A normal document to the left, and a malicious document to the right. The malicious document contains an additional, malicious word/document.xml file. The signature is checked against the original word/document.xml file, while the malicious word/document.xml file is displayed to the user.

4 15

Reposted by Fredrik Dahlgren

netspooky @vacci.ne · Sep 13

There's a sick linenoise article by @there.is.no.aarch64.mov in @phrack.org 71 called "Learning An ISA By Force Of Will", where ixi goes from unknown binary blob, to manual instruction decoding, to figuring out control flow, and gives a critique of the RE'd ISA.

phrack.org/issues/71/3#...

24 89

Fredrik Dahlgren @fegge.bsky.social · Sep 14

Over 600 GB of source code, internal communication, and documentation about the great firewall of China leaked from Geedge Networks.

gfw.report/blog/geedge_...

Geedge & MESA Leak: Analyzing the Great Firewall’s Largest Document Leak

The Great Firewall of China (GFW) experienced the largest leak of internal documents in its history on Thursday September 11, 2025. Over 500 GB of source code, work logs, and internal communication re...

gfw.report

Reposted by Fredrik Dahlgren

The Onion @theonion.com · Sep 13

Study Finds Health Benefits Associated With Seriously Considering Going Vegetarian For A While Now https://theonion.com/study-finds-health-benefits-associated-with-seriously-c-1819579558/

20 56 940