I think most programmers have a well defined, challenging job without the need to put incorrect labels on it like engineer or scientist.
That does not reflect the training required for the job. It can be a hard job (like any interesting job) and I respect that, but calling them programmers is ok!
#programming #engineering #programmer #engineer #scientist #opinion #hotTake
A Glimpse of Our Future Democracy
A schematic of how we could organize a city of 100,000 residents.
https://tiereddemocraticgovernance.org/blog_details.php?blog_cat_id=30&id=512
Wade Bachelder is a ColdFusion Application Developer, Systems Security Engineer, G.R.C. Analyst, and Consultant.
Full Deets: https://wadebach.blackcatwhitehatsecurity.com
#ColdFusion #Developer #Systems #Security #Engineer #Technology #Engineering
🚨🚨🚨NEW EPISODE ALERT!🚨🚨🚨
Chris( @stoneymonster ) and Elecia( @logicalelegance ) were joined by Sophi Kravitz to talk about art, science, and engineering.
Listen here: https://embedded.fm/episodes/516
#Microsoft Issues Security Fixes for 56 Flaws, including Active Exploit & two Zero-Days.
Three flaws are rated Critical, and 53 are rated Important in severity. Two other defects are listed as publicly known at the time of the release. The 56 flaws include 29 privilege escalation, 18 remote code execution, 4 information disclosure, 3 denial-of-service & 2 spoofing vulnerabilities.
https://msrc.microsoft.com/update-guide/releaseNote/2025-Dec
![⁉️The remaining two zero-days are listed below:⁉️
• CVE-2025-54100 [CVSS score: 7.8] - A command injection vulnerability in Windows PowerShell that allows an unauthorized attacker to execute code locally
<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-54100>
• CVE-2025-64671 [CVSS score: 8.4] - A command injection vulnerability in GitHub Copilot for JetBrains that allows an unauthorized attacker to execute code locally
<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-64671>
"This is a command injection flaw in how Windows PowerShell processes web content," Action1's Alex Vovk said about CVE-2025-54100. "It lets an unauthenticated attacker execute arbitrary code in the security context of a user who runs a crafted PowerShell command, such as Invoke-WebRequest."
<https://www.action1.com/patch-tuesday/patch-tuesday-december-2025/>
"The threat becomes significant when this vulnerability is combined with common attack patterns. For example, an attacker can use social engineering to persuade a user or admin to run a PowerShell snippet using Invoke-WebRequest, allowing a remote server to return crafted content that triggers the parsing flaw and leads to code execution and implant deployment."
👾In total, Microsoft has addressed a total of 1,275 CVEs in 2025, according to data compiled by Fortra. Tenable's Satnam Narang said 2025 also marks the second consecutive year where the Windows maker has patched over 1,000 CVEs.👾](https://files.mastodon.social/cache/media_attachments/files/115/701/479/228/253/169/original/4609dce068dacc1b.jpeg)
Does anybody have experience with #Janitza 's UMG 800 platform? I might have some questions ...
Future and #Career at LRZ? Absolutely!
🗂️ The Storage Team is looking for a Site Reliability #Software #Engineer to manage our storage systems.
🏗️ The Building Management team needs a #Construction and #Operations Manager.
🌐 The Research Team is seeking experts for Enterprise #Wiki #Solutions.
⛑️ #Students can gain hands-on experience at our Service Desk.
We are an international, diverse #team with meaningful and exciting tasks: https://www.lrz.de/karriere/aktuelle-stellenangebote
#engineering #job #ITjob
Zukunft und #Karriere am LRZ? Aber gerne:
🗂️ Das Speicherteam sucht eine:n Site Reliability #Software #Engineer für die Betreuung der Storage-Systeme
🏗️ Beim Gebäudemanagement ist eine Bau- und Betriebsleitung gefragt
🌐 Enterprise-Wiki-Lösungen sind im Forschungsteam gesucht
⛑️ #Studierende können am Servicedesk Erfahrungen sammeln.
Wir sind ein internationales, diverses #Team und haben spannende Aufgaben mit Sinn: https://www.lrz.de/karriere/aktuelle-stellenangebote
No software engineer worth their salt can answer that question as it stands - or would even try.
There are a ton of questions they're going to ask before they even consider the implementation details -- and choice of language is an implementation detail. If you don't get the basics - an understanding of the problem the user(s) need solved, the requirements for the system, constraints, interoperability requirements, integration with other systems, a hundred other things - then it doesn't matter what language you choose to use, you will fail to build a working system that solves the problem.
What language will you choose to solve an unspecified problem? Any language you like. INTERCAL, why not?
#engineer #engineering #requirements #design #system #religion
Check it out: a roundtable discussion between a computing researcher and three senior Google engineers on the pivotal role of academia and the impact of federal funding on innovation.
Available via #CACM's special issue on Federal Funding on Academic Research: https://cacm.acm.org/federal-funding-of-academic-research/from-university-research-to-global-impact/
Wherever your travels take you this season, Kubuntu Focus will be there for you. The Ir Series laptops are super light, quiet, and have great screen quality.
If you are on the Nice List, the elves can configure one for you!
See https://Kfocus.org/spec to view all systems. 🎁
⚠️ Last chance! Tux says Cyber Week is almost out of fuel. Save up to 65% before the launch window closes.
Enroll now: https://training.linuxfoundation.org/cyber-week-2025/
📣 FASTER checkout with Google Pay, Apple Pay & UPI + see prices in your local currency!
#CyberWeek #CloudNative #SysAdmin #DevOps #Engineer #Kubernetes #Developers #CyberMonday #CKA #LFCS
:github: Second Sha1-Hulud Wave affects 25,000+ Repositories via npm preinstall Credential Theft.
Multiple security vendors are sounding the alarm about a second wave of attacks targeting the npm registry in a manner that's reminiscent of the Shai-Hulud attack. The new supply chain campaign, dubbed Sha1-Hulud, has compromised hundreds of npm packages.
https://socket.dev/blog/shai-hulud-strikes-again-v2
#it #security #privacy #engineer #media #secure #programming #developer #tech #news
![[ImageSource: Wiz]
"The campaign introduces a new variant that executes malicious code during the preinstall phase, significantly increasing potential exposure in build and runtime environments," Wiz researchers said.
<https://www.wiz.io/blog/shai-hulud-2-0-ongoing-supply-chain-attack>
Like the Shai-Hulud attack that came to light in September 2025, the latest activity also publishes stolen secrets to GitHub, this time with the repository description: "Sha1-Hulud: The Second Coming."
👾The prior wave was characterized by the compromise of legitimate packages to push malicious code designed to search developer machines for secrets using TruffleHog's credential scanner and transmit them to an external server under the attacker's control. The infected variants also came with the ability to propagate in a self-replicating manner by re-publishing itself into other npm packages owned by the compromised maintainer.👾
Wiz said it spotted over 25,000 affected repositories across about 350 unique users, with 1,000 new repositories being added consistently every 30 minutes in the last couple of hours.
⁉️"This campaign continues the trend of npm supply-chain compromises referencing Shai-Hulud naming and tradecraft, though it may involve different actors," Wiz said. "The threat leverages compromised maintainer accounts to publish trojanized versions of legitimate npm packages that execute credential theft and exfiltration code during installation."⁉️](https://files.mastodon.social/cache/media_attachments/files/115/684/644/172/899/395/original/97506711548e06a4.jpeg)
![[ImageSource: Helixuard]
In the latest set of attacks, the attackers have been found to add to a preinstall script ["setup_bun.js"] in the package.json file, which is configured to stealthily install or locate the Bun runtime and run a bundled malicious script ["bun_environment.js"].
👾Registers the infected machine as a self-hosted runner named "SHA1HULUD" and adds a workflow called .github/workflows/discussion.yaml that contains an injection vulnerability and runs specifically on self-hosted runners, allowing the attacker to run arbitrary commands on the infected machines by opening discussions in the GitHub repository.👾
Exfiltrates secrets defined in the GitHub secrets section and uploads them as an artifact, after which it's downloaded, followed by deleting the workflow to conceal the activity.
⁉️"Upon execution, the malware downloads and runs TruffleHog to scan the local machine, stealing sensitive information such as NPM Tokens, AWS/GCP/Azure credentials, and environment variables," Helixuard noted.⁉️
<https://helixguard.ai/blog/malicious-sha1hulud-2025-11-24>](https://files.mastodon.social/cache/media_attachments/files/115/684/644/245/667/498/original/35d08fe2e18c7a88.jpeg)
I use #Audacity and I get excellent results... if I need a terrible #sound!!
source :a popular centralized social network.
#meme #music #production #producer #producers #engineer #engineering #soundengineering #mixing #StolenOnAnotherMedia
Our team is hiring an #engineer in #bioinformatics / #biostatistics on a 12 months contract to work on #phylodynamics and #deep #learning
This is within the #DEELOGENY project https://deelogeny.pages.in2p3.fr/
Applications should be sent to job-ref-3f7s0kv7m3@emploi.beetween.com
(additional details in the attached file in French)
#OnThisDay in 1977, #PeterCarlGoldmark, Hungarian-American broadcast and recording #engineer (developed the 33-1/3 rpm LP phonograph record format), died in a #caraccident at 71.
#RIP 🥀🕯️
You dream it and we build it!
The #Linux system you've always dreamed of with Linux-first customer care and upstream compatible. See the lineup at: https://kfocus.org
:github: #Programming a #Space #Game for x86 in #Assembly without an Operating System
Inkbox Software has released a recreation of a beloved isometric arcade game that runs directly from a PC’s Unified Extensible Firmware Interface [UEFI]. Moreover, they coded their version of Zaxxon [1982] in x86-64 Assembly language, and have generously released it as open source under the GPLv3 license.
![⁉️After Intel’s implementation of UEFI was made open source it got picked up by the TianoCore community who make tools such as the TianoCore EDK II.⁉️
<https://www.tianocore.org/>
<https://en.wikipedia.org/wiki/TianoCore_EDK_II>
[Inkbox Software] explains that the UEFI implementation provides boot services and runtime services. Boot services include things such as loading memory management facilities or running other UEFI applications, and runtime services include things like system clock access and system reset. In addition to these services there are many more UEFI protocols that are available.
[Inkbox] tells us that when an x64 CPU boots it jumps to memory address 0xfffffff0 that contains the initialization instructions which will enter protected mode, verify the firmware, initialize the memory, load the storage and graphics drivers, then run the UEFI Boot Manager.
👾The UEFI Boot Manager will in turn load the appropriate EFI application, such as the firmware settings manager application [the “BIOS settings”], Windows Boot Manager, or GRUB. “In this video we make our very own EFI application that the UEFI Boot Manager can be configured to load and run.”👾
<https://youtu.be/ZFHnbozz7b4>](https://files.mastodon.social/cache/media_attachments/files/115/668/106/590/349/783/original/da9e423516bacb1e.jpeg)
![[ImageSource: Inkbox Software]
⁉️Programming in Assembly without an Operating System.⁉️
The system used for development and testing has a AMD Ryzen AI 9 HX 370 CPU and 32GB DDR5 RAM.
<https://www.amd.com/en/products/processors/laptop/ryzen/ai-300-series/amd-ryzen-ai-9-hx-370.html>
[Inkbox Software] explains the reason they decided to begin this classic arcade gaming UEFI coding quest. In brief, the assembly coding hero says that they were “so tired of operating systems holding me back,” and that they wanted their hardware to run a classic game as it was meant to be played. That means “Written in assembly, without an operating system,” asserts Inkbox. “This is total freedom from big tech. Reject OS, Return to metal.” He shows how to read and write to the console and mentions that he did his testing on QEMU with an image on an external USB thumbdrive.
[Inkbox] goes on to show how to use the system time and date facilities to get the current month. When trying to read nanoseconds from the system clock he ended up needing to refer to the UEFI Specification Release 2.10 [2.11 is latest as of this writing].
👾[Inkbox] does some arithmetic for timing, uses LocateProtocol to load the graphics output provider, configures an appropriate video mode, writes to the screen using BLT operations and makes the program run on multiple CPU cores [the CPU used has 24]. At last, with some simple graphics programming and mouse input, [Inkbox] manages to get Space Game for x86 to run.👾](https://files.mastodon.social/cache/media_attachments/files/115/668/106/628/117/731/original/5ac0017784828c6f.jpeg)
![[ImageSource: Inkbox Software]
However, in this video [Inkbox Software] newest hack shows us how to create a computer game that runs directly on computer hardware, without an operating system! He briefly explains what BIOS is, then covers how UEFI replaces it, and talks about the genesis of UEFI from Intel in the late 90s.
<https://youtu.be/ZFHnbozz7b4>
👾As if assembly coding wasn’t tricky enough, the developer battled through UEFI limitations regarding timings, keyboard input and graphic output. For example, the default UEFI keyboard was described as “absolutely garbage for game input,” by [Inkbox], as it has a built-in delay, which is terrible for gaming. So a responsive mouse/joystick control was devised. For graphics, an engine had to be coded to replicate a retro console Picture Processing Unit [PPU].👾
Such wrinkles were eventually ironed out, though, and the video ends with a demo of the assembly-coded OS-less Zaxxon remake running at a buttery-smooth 128FPS. There is no sound in the game, though.
⁉️This game “will run on any x86_64 machine,” says [Inkbox], as long as it supports UEFI. Further details about getting this Zaxxon game up and running are available on the Space Game for x64 GitHub, alongside the code and other resources.⁉️
<https://github.com/InkboxSoftware/spacegamex64>](https://files.mastodon.social/cache/media_attachments/files/115/668/106/663/848/423/original/3411b26eb498aeb9.jpeg)
mookie's #introduction / #reintroduction
it's me, hi. i'm the mookie, it's me.
i'm a serial #fediverse instance creator (and destroyer) and have been doing this since 2018. many will already be familiar with my name or my avatar.
i'm the father of two awesome kids. i love watching and talking about #movies. i'm a #gamer. i #run to eat. i'm a giant #starwars and #startrek nerd. i'm a born and raised #engineer.
my home is at https://ultramookie.com where i should be spending more time writing.
:mastodon: Mastodon CEO steps down with €1M Payout & a deep Sigh
Eugen Rochko [CEO+Founder of Mastodon], is stepping down after nearly a decade at the helm and walking away with a sizable exit payment. "Mastodon grew beyond any of my expectations," he said. "The past two years especially have been overwhelming, and my mental and physical health have taken a dip."
https://blog.joinmastodon.org/2025/11/the-future-is-ours-to-build-together/
![[ImageSource: Mastodon]
⁉️Rochko's move has, by his own admission, been a while coming. In April 2024, the establishment of a US nonprofit was announced with a governing board of directors that included Twitter co-founder Biz Stone. Rochko also announced that his ownership of the trademark and other assets were headed to the nonprofit.⁉️
<https://blog.joinmastodon.org/2025/11/my-next-chapter-with-mastodon/>
<https://blog.joinmastodon.org/2024/04/mastodon-forms-new-u.s.-non-profit/>
Mastodon is a federated network of independently managed servers. Each server has its own rules and regulations, which are enforced locally rather than by a corporate overlord. The ActivityPub protocol is used for federation.
👾Rochko's move to an advisory role, out of the public eye, will take two to three months, and he said his departure was "an opportunity for me to regain some work-life balance." He also noted that it was an opportunity for Mastodon to "avoid some ego and trademark-related pitfalls that other large open source projects have recently experienced."👾](https://files.mastodon.social/cache/media_attachments/files/115/661/621/092/980/611/original/46641b96bc28f038.jpeg)
