Nicolò Fornari
@rationalpsyche.bsky.social
Penetration Tester. Art passionate. Friends call me "grandpa".
Reposted by Nicolò Fornari
It's important for Europeans, and others from visa-waiver countries, to understand they don't have freedom of speech rights when visiting the United States.
The Trump regime is still deporting visitors for critical comments made online, because they can.
The Trump regime is still deporting visitors for critical comments made online, because they can.
How My Reporting on the Columbia Protests Led to My Deportation
As an Australian who wrote about the demonstrations while on campus, I gave my phone a superficial clean before flying to the U.S. I underestimated what I was up against.
www.newyorker.com
November 5, 2025 at 8:05 AM
It's important for Europeans, and others from visa-waiver countries, to understand they don't have freedom of speech rights when visiting the United States.
The Trump regime is still deporting visitors for critical comments made online, because they can.
The Trump regime is still deporting visitors for critical comments made online, because they can.
Reposted by Nicolò Fornari
Starting Monday LinkedIn will begin using data from your profiles/posts to train AI. If you live in EU/EEA/Switzerland/Canada/Hong Kong your data is subject to being used this way, but you can opt out. Go to Settings/Privacy/Data for Generative AI Improvement and toggle the switch to off
Update to our Terms and data use | LinkedIn Help
Update to our Terms and data use
www.linkedin.com
October 30, 2025 at 4:13 PM
Starting Monday LinkedIn will begin using data from your profiles/posts to train AI. If you live in EU/EEA/Switzerland/Canada/Hong Kong your data is subject to being used this way, but you can opt out. Go to Settings/Privacy/Data for Generative AI Improvement and toggle the switch to off
Day to day: the user experience of getting a direct answer for simple things compared to scrolling a bloated blog post, with ads and cookie banners. It would be better to solve the state of the web but hey, it's a workaround.
here’s my litmus test: is AI improving your day to day life? Is it actually helping you to create, connect, feel joy, chase ambition?
If not - what’s the point?
If not - what’s the point?
October 30, 2025 at 10:41 PM
Day to day: the user experience of getting a direct answer for simple things compared to scrolling a bloated blog post, with ads and cookie banners. It would be better to solve the state of the web but hey, it's a workaround.
Reposted by Nicolò Fornari
If you know who did this, or if you know how to set it back, the hotel kindly asks you to do so, respecting the fun achievement unlocked :)
https://infosec.exchange/@xme/115422139879568495
https://infosec.exchange/@xme/115422139879568495
Xavier Mertens 🇧🇪 (@[email protected])
Attached: 1 image When you leave a coffee machine unprotected at a hacker conference… #hacklu2025
infosec.exchange
October 23, 2025 at 7:27 AM
If you know who did this, or if you know how to set it back, the hotel kindly asks you to do so, respecting the fun achievement unlocked :)
https://infosec.exchange/@xme/115422139879568495
https://infosec.exchange/@xme/115422139879568495
Great work guys!!
🎉Success. Our #Pwn2own team combined #zeroday bugs to #exploit @home-assistant.io green which earned them $20'000 and 4 pts. Congratz to @bcyrill.bsky.social Emanuele, Lukasz @muukong.bsky.social and @yvesbieri.bsky.social.
Respect to @stephenfewer.bsky.social and the Summoning Team for the wins.
Respect to @stephenfewer.bsky.social and the Summoning Team for the wins.
October 22, 2025 at 6:55 PM
Great work guys!!
Reposted by Nicolò Fornari
#Pentest of gRPC-Web apps is tricky due to the binary format. We are releasing bRPC-Web, a @portswigger.net @burpsuite.bsky.social extension developed by our @muukong.bsky.social that helps manipulate #gRPC-Web traffic, even in absence of #protobuf schemas. blog.compass-security.com/2025/10/brpc...
October 21, 2025 at 11:38 AM
#Pentest of gRPC-Web apps is tricky due to the binary format. We are releasing bRPC-Web, a @portswigger.net @burpsuite.bsky.social extension developed by our @muukong.bsky.social that helps manipulate #gRPC-Web traffic, even in absence of #protobuf schemas. blog.compass-security.com/2025/10/brpc...
Reposted by Nicolò Fornari
pagedout.institute ← we've just released Paged Out! zine Issue #7
pagedout.institute/download/Pag... ← direct link
lulu.com/search?page=... ← prints for zine collectors
pagedout.institute/download/Pag... ← issue wallpaper
Enjoy!
Please please please share to spread the news - thank you!
pagedout.institute/download/Pag... ← direct link
lulu.com/search?page=... ← prints for zine collectors
pagedout.institute/download/Pag... ← issue wallpaper
Enjoy!
Please please please share to spread the news - thank you!
October 4, 2025 at 10:39 AM
pagedout.institute ← we've just released Paged Out! zine Issue #7
pagedout.institute/download/Pag... ← direct link
lulu.com/search?page=... ← prints for zine collectors
pagedout.institute/download/Pag... ← issue wallpaper
Enjoy!
Please please please share to spread the news - thank you!
pagedout.institute/download/Pag... ← direct link
lulu.com/search?page=... ← prints for zine collectors
pagedout.institute/download/Pag... ← issue wallpaper
Enjoy!
Please please please share to spread the news - thank you!
Reposted by Nicolò Fornari
The @EUCommission would like to hear your views on the governance and sustainability of critical open source software. The survey closes October 5th.
https://ec.europa.eu/eusurvey/runner/FOSSEPS_Governance_and_Sustainability_Survey
#OpenSource #governance #sustainability
https://ec.europa.eu/eusurvey/runner/FOSSEPS_Governance_and_Sustainability_Survey
#OpenSource #governance #sustainability
Study of the European Commission: Survey on the Governance and Sustainability of Critical Open Source Software
ec.europa.eu
September 30, 2025 at 2:24 PM
The @EUCommission would like to hear your views on the governance and sustainability of critical open source software. The survey closes October 5th.
https://ec.europa.eu/eusurvey/runner/FOSSEPS_Governance_and_Sustainability_Survey
#OpenSource #governance #sustainability
https://ec.europa.eu/eusurvey/runner/FOSSEPS_Governance_and_Sustainability_Survey
#OpenSource #governance #sustainability
Reposted by Nicolò Fornari
"Employees are using AI tools to create low-effort, passable looking work that ends up creating more work for their coworkers.[...] it shifts the burden of the work downstream, requiring the receiver to interpret, correct, or redo the work. In other words, it transfers the effort
1/2
1/2
September 23, 2025 at 11:10 AM
"Employees are using AI tools to create low-effort, passable looking work that ends up creating more work for their coworkers.[...] it shifts the burden of the work downstream, requiring the receiver to interpret, correct, or redo the work. In other words, it transfers the effort
1/2
1/2
Reposted by Nicolò Fornari
It is representative of a *profound* failure of a country that this group of people are up there talking about medicine and science at all
September 22, 2025 at 9:13 PM
It is representative of a *profound* failure of a country that this group of people are up there talking about medicine and science at all
Beyond the message of the talk, the insights on the parliamentary monitoring system are super interesting!
And there is now also a transcript of this 41 minute presentation: berthub.eu/articles/pos...
Microstacks or megadependencies over at Webdevcon 2025 - Bert Hubert
tl;dr: A meandering talk that reminds us of the risks of shipping unknown build time dependencies (as from npm), and also highlights how many services now have runtime third party service dependencies...
berthub.eu
September 22, 2025 at 5:24 PM
Beyond the message of the talk, the insights on the parliamentary monitoring system are super interesting!
Reposted by Nicolò Fornari
Europe stands with Estonia in the face of Russia’s latest violation of our airspace.
We will respond to every provocation with determination while investing in a stronger Eastern flank.
We will respond to every provocation with determination while investing in a stronger Eastern flank.
September 19, 2025 at 3:19 PM
Europe stands with Estonia in the face of Russia’s latest violation of our airspace.
We will respond to every provocation with determination while investing in a stronger Eastern flank.
We will respond to every provocation with determination while investing in a stronger Eastern flank.
Reposted by Nicolò Fornari
I've been researching the Microsoft cloud for almost 7 years now. A few months ago that research resulted in the most impactful vulnerability I will probably ever find: a token validation flaw allowing me to get Global Admin in any Entra ID tenant. Blog: dirkjanm.io/obtaining-gl...
One Token to rule them all - obtaining Global Admin in every Entra ID tenant via Actor tokens
While preparing for my Black Hat and DEF CON talks in July of this year, I found the most impactful Entra ID vulnerability that I will probably ever find. One that could have allowed me to compromise ...
dirkjanm.io
September 17, 2025 at 1:20 PM
I've been researching the Microsoft cloud for almost 7 years now. A few months ago that research resulted in the most impactful vulnerability I will probably ever find: a token validation flaw allowing me to get Global Admin in any Entra ID tenant. Blog: dirkjanm.io/obtaining-gl...
Deterministic LLMs are possible.
thinkingmachines.ai/blog/defeati...
thinkingmachines.ai/blog/defeati...
Defeating Nondeterminism in LLM Inference
Reproducibility is a bedrock of scientific progress. However, it’s remarkably difficult to get reproducible results out of large language models.
For example, you might observe that asking ChatGPT the...
thinkingmachines.ai
September 15, 2025 at 3:51 PM
Deterministic LLMs are possible.
thinkingmachines.ai/blog/defeati...
thinkingmachines.ai/blog/defeati...
Reposted by Nicolò Fornari
We use @jameskettle.com Burp extension Collaborator Everywhere daily. Now our upgrades are in v2: customizable payloads, storage, visibility. Perfect for OOB bugs like SSRF.
Find out more here: blog.compass-security.com/2025/09/coll...
#AppSec #BurpSuite #Pentesting
Find out more here: blog.compass-security.com/2025/09/coll...
#AppSec #BurpSuite #Pentesting
September 9, 2025 at 11:54 AM
We use @jameskettle.com Burp extension Collaborator Everywhere daily. Now our upgrades are in v2: customizable payloads, storage, visibility. Perfect for OOB bugs like SSRF.
Find out more here: blog.compass-security.com/2025/09/coll...
#AppSec #BurpSuite #Pentesting
Find out more here: blog.compass-security.com/2025/09/coll...
#AppSec #BurpSuite #Pentesting
Reposted by Nicolò Fornari
Reposted by Nicolò Fornari
Wow
"Flashlights from the bow swept over the water. Fearing that they had been spotted, the SEALs opened fire. Within seconds, everyone on the North Korean boat was dead."
"Flashlights from the bow swept over the water. Fearing that they had been spotted, the SEALs opened fire. Within seconds, everyone on the North Korean boat was dead."
How a Top Secret SEAL Team 6 Mission Into North Korea Fell Apart
www.nytimes.com
September 5, 2025 at 10:57 AM
Wow
"Flashlights from the bow swept over the water. Fearing that they had been spotted, the SEALs opened fire. Within seconds, everyone on the North Korean boat was dead."
"Flashlights from the bow swept over the water. Fearing that they had been spotted, the SEALs opened fire. Within seconds, everyone on the North Korean boat was dead."
Reposted by Nicolò Fornari
EPFL, ETH Zurich, and CSCS released Apertus, Switzerland's first large-scale, multilingual language model (LLM). As a fully open LLM, it serves as a building block for developers and organizations to create their own applications: www.cscs.ch/science/comp... @ethz.ch #AI #Apertus #AIforGood
September 2, 2025 at 8:14 AM
EPFL, ETH Zurich, and CSCS released Apertus, Switzerland's first large-scale, multilingual language model (LLM). As a fully open LLM, it serves as a building block for developers and organizations to create their own applications: www.cscs.ch/science/comp... @ethz.ch #AI #Apertus #AIforGood
Reposted by Nicolò Fornari
ChatGPT just shipped the exact memory feature I've always wanted - automatic memory that's scoped to a specific project simonwillison.net/2025/Aug/22/...
ChatGPT release notes: Project-only memory
The feature I've most wanted from ChatGPT's memory feature (the newer version of memory that automatically includes relevant details from summarized prior conversations) just landed: With project-only...
simonwillison.net
August 22, 2025 at 10:44 PM
ChatGPT just shipped the exact memory feature I've always wanted - automatic memory that's scoped to a specific project simonwillison.net/2025/Aug/22/...
Reposted by Nicolò Fornari
In a somewhat better world this ChatGPT suicide case should at minimum trigger resignations from OpenAI top brass. This won't happen of course, showing what kind of people we are dealing with there.
And yes, this case is different from finding similar information via search
1/2
And yes, this case is different from finding similar information via search
1/2
August 27, 2025 at 10:04 AM
In a somewhat better world this ChatGPT suicide case should at minimum trigger resignations from OpenAI top brass. This won't happen of course, showing what kind of people we are dealing with there.
And yes, this case is different from finding similar information via search
1/2
And yes, this case is different from finding similar information via search
1/2
Reposted by Nicolò Fornari
Still more evidence that the US under Trump is an enemy of Europe.
Greenland: Denmark summons top US diplomat over alleged influence operation
Greenland: Denmark summons top US diplomat over alleged influence operation
The aim was reportedly to infiltrate Greenland's society and promote its secession from Denmark.
www.bbc.com
August 27, 2025 at 8:51 AM
Still more evidence that the US under Trump is an enemy of Europe.
This is a magnificent read.
"Every warning about AGI danger is also a pitch deck for more funding"
"The future is already here. You just have to stop looking for it in the wrong place."
"Every warning about AGI danger is also a pitch deck for more funding"
"The future is already here. You just have to stop looking for it in the wrong place."
“Boring is the highest compliment I can give technology. Boring means it works. Boring means you stop thinking about how and start thinking about what.”
A Hitchhiker's Guide to the #ai Bubble
https://fluxus.io/article/a-hitchhikers-guide-to-the-ai-bubble
A Hitchhiker's Guide to the #ai Bubble
https://fluxus.io/article/a-hitchhikers-guide-to-the-ai-bubble
August 12, 2025 at 6:03 PM
This is a magnificent read.
"Every warning about AGI danger is also a pitch deck for more funding"
"The future is already here. You just have to stop looking for it in the wrong place."
"Every warning about AGI danger is also a pitch deck for more funding"
"The future is already here. You just have to stop looking for it in the wrong place."
I never managed to do any meaningful work on the train, I need a comfortable setup for it. With chatpgt I can (let it) work on small side projects I never allocated time for.
August 9, 2025 at 7:33 AM
I never managed to do any meaningful work on the train, I need a comfortable setup for it. With chatpgt I can (let it) work on small side projects I never allocated time for.
UK is beta testing all the shittiest ideas, first brexit and now this. At least other countries will see the consequences before wanting to follow.
Spotify is now instituting face scans and ID checks ... to listen to music.
Porn was only ever the excuse. The only thing that surprises me is how quickly the government surveillance mandate has spread to absolutely every service we use.
www.404media.co/spotify-uk-a...
Porn was only ever the excuse. The only thing that surprises me is how quickly the government surveillance mandate has spread to absolutely every service we use.
www.404media.co/spotify-uk-a...
Spotify Is Forcing Users to Undergo Face Scanning to Access Explicit Content
Submit to biometric face scanning or risk your account being deleted, Spotify says, following the enactment of the UK's Online Safety Act.
www.404media.co
July 31, 2025 at 3:25 PM
UK is beta testing all the shittiest ideas, first brexit and now this. At least other countries will see the consequences before wanting to follow.
Reposted by Nicolò Fornari
