I boosted several posts about this already, but since people keep asking if I've seen it....

MITRE has announced that its funding for the Common Vulnerabilities and Exposures (CVE) program and related programs, including the Common Weakness Enumeration Program, will expire on April 16. The CVE database is critical for anyone doing vulnerability management or security research, and for a whole lot of other uses. There isn't really anyone else left who does this, and it's typically been work that is paid for and supported by the US government, which is a major consumer of this information, btw.

I reached out to MITRE, and they confirmed it is for real. Here is the contract, which is through the Department of Homeland Security, and has been renewed annually on the 16th or 17th of April.

https://www.usaspending.gov/award/CONT_AWD_70RCSJ23FR0000015_7001_70RSAT20D00000001_7001

MITRE's CVE database is likely going offline tomorrow. They have told me that for now, historical CVE records will be available at GitHub, https://github.com/CVEProject

Yosry Barsoum, vice president and director at MITRE's Center for Securing the Homeland, said:

“On Wednesday, April 16, 2025, funding for MITRE to develop, operate, and modernize the Common Vulnerabilities and Exposures (CVE®) Program and related programs, such as the Common Weakness Enumeration (CWE™) Program, will expire. The government continues to make considerable efforts to support MITRE’s role in the program and MITRE remains committed to CVE as a global resource.”

Techies, we need to get better at recognising tendencies that pave the way for fascist ideology. One example is transhumanism (part of the #TESCREAL bundle) - the belief in feasibility and desirability of radical human enhancement. Joscha Bach is a transhumanist (and "AI researcher") who conceptualises humans as software, as AI. He was given a stage at the #38c3.

I'd like to unpack some of his statements that he presents as personal takes, but they come with horrid political implications.
A 🧵

“I’ve worked for the Washington Post since 2008 as an editorial cartoonist. … I’ve never had a cartoon killed because of who or what I chose to aim my pen at. Until now.” https://anntelnaes.substack.com/p/why-im-quitting-the-washington-post?utm_campaign=post&triedRedirect=true

What has been seen cannot be unseen 🥬 #38c3

@Prucker Schicke Tasse!

Google is explicitly allowing the use of device fingerprinting from February 2025. UK data protection authority is not happy. The EU ones did not voice any concerns so far. https://ico.org.uk/about-the-ico/media-centre/news-and-blogs/2024/12/our-response-to-google-s-policy-change-on-fingerprinting/

NoName trying to get their supporters to find German media contacts, I’m guessing next week is Germany week.

#noname #threatintel

Hab gerade die Domain herzstattmerz.com registriert.

Gibt es hier ne(n) Webdeveloper(in), die/der mit mir naechste Woche eine Seite, inkl. Spendenkampagne aufsetzt, die bis zur BTW zeigt, dass Deutschland so viel mehr ist als das, was der Mr Burns der Union hier zeigt?

Meldet euch!
Lasst uns was machen!
Wir sind mehr!

Überwachungstechnologien dürfen nicht in die Hände von Verfassungsfeinden fallen, autoritäre Kräfte dürfen nicht über die digitale Zukunft unserer Gesellschaft entscheiden. Daher setzen wir uns gemeinsam mit einem breiten Bündnis aus 50 zivilgesellschaftlichen Organisationen dafür ein, das Verbotsverfahren gegen die AfD einzuleiten.

Gemeinsam fordern wir alle demokratischen Fraktionen im Bundestag auf, jetzt zu handeln und unsere Demokratie zu verteidigen!

Mehr Infos: @AfDVerbotJetzt

@wawik older Dutch laptops had a stroopwafel warming tray.

When I was a PhD student, I attended a talk by the late Robin Milner where he said two things that have stuck with me.

The first, I repeat quite often. He argued that credit for an invention did not belong to the first person to invent something but to the first person to explain it well enough that no one needed to invent it again. His first historical example was Leibniz publishing calculus and then Newton claiming he invented it first: it didn’t matter if he did or not, he failed to explain it to anyone and so the fact that Leibniz needed to independently invent it was Newton’s failure.

The second thing, which is a lot more relevant now than at the time, was that AI should stand for Augmented Intelligence not Artificial Intelligence if you want to build things that are actually useful. Striving to replace human intelligence is not a useful pursuit because there is an abundant supply of humans and you can improve the supply of intelligent humans by removing food poverty, improving access to education, and eliminating other barriers that prevent vast numbers of intelligent humans from being able to devote time to using their intelligence. The valuable tools are ones that do things humans are bad at. Pocket calculators changed the world because being able to add ten-digit numbers together orders of magnitude faster allowed humans to use their intelligence for things that were not the tedious, repetitive, tasks (and get higher accuracy for those tasks). If you want to change the world, build tools that allow humans to do more by offloading things humans are bad at and allowing them to spend more time on things humans are good at.

@hackertours Hi! Close to venue at S Bahnhof Schanzenviertel is this new Rewe Pick&Go, where you can shop without checking out at a desk. I was wondering if you could provide a tour with some engineer from rewe through the market, might be interesting from a hackers perspective!

das ifo-institut hat rausgefunden: wenn öpnv bezahlbar ist, nutzen die leute den öpnv — auch für freizeit — und das überlastet den öpnv, was vielleicht daran liegen könnte, dass der öpnv über jahrzehnte kaputt gemacht wurde.

🤖 KI Scraping Bots sind ein immer größeres Ärgernis und entwickeln sich zu einem echten Problem. Wie wir aktiv werden und wie die Zukunft aussieht, haben wir hier für euch aufgeschrieben: https://blog.uberspace.de/2024/08/bad-robots/

📣Official statement: the new EU chat controls proposal for mass scanning is the same old surveillance with new branding.

Whether you call it a backdoor, a front door, or “upload moderation” it undermines encryption & creates significant vulnerabilities

https://signal.org/blog/pdfs/upload-moderation.pdf

Starting my travel to San Francisco for IEEE S&P. I'll present our Linux Kernel Fuzzing paper on wednesday, for which we just published the source code 👇
https://github.com/seemoo-lab/VirtFuzz

Scoop: Solar storm is causing farmers' tractor GPS systems to go haywire. Many have shut down planting altogether during a critical period. A Deere dealer said accuracy is "extremely compromised"

https://www.404media.co/solar-storm-knocks-out-tractor-gps-systems-during-peak-planting-season/

Memory errors in consumer devices such as PCs and phones are not something you hear much about, yet they are probably one of the most common ways these machines fail.

I'll use this thread to explain how this happens, how it affects you and what you can do about it. But I'll also talk about how the industry failed to address it and how we must force them to, for the sake of sustainability. 🧵 1/17

Unser langjähriges Mitglied @mattecke wurde am Wochenende brutal überfallen. Lieber Matthias, wir wünschen dir alles Gute. Du hast unsere volle Solidarität!

Gemeinsam machen wir deutlich: Genug ist genug! Werdet aktiv oder unterstützt Menschen, die sich täglich für die Demokratie einsetzen.