Nevermind, I've been persuasive enough to get it to read actual data even if bus encryption is "required" :3c
like this
pivotman319 🦊 :flagace: reshared this.
isithran reshared this.
Intel branch predictors fully reverse-engineered:
https://today.ucsd.edu/story/a-small-change-leads-to-big-results-for-computer-security
Surprise: A Small Change Leads to Big Results for Computer Security
Researchers from UC San Diego and Purdue University have discovered a hidden feature of Intel processors that can be used to significantly increase security, including shutting down an entire class of Spectre attacks that can give an attacker secret …today.ucsd.edu
reshared this
isithran reshared this.
A keynote by @b0rk at a developer conference about how the #DNS works. But it is not just about the DNS, it is also about how to approach a new and complicated technology. Very surprising. (And the demo is live!)
https://www.youtube.com/watch?v=tsxjNsFu_2g
isithran reshared this.
Fuck your TPM.
Researchers fully compromise AMD fTPM, confirming voltage fault injection vulnerability
A new research paper explains vulnerabilities in AMD SoCs that could let attackers neutralize any security from their TPM implementations. The attacks can expose any cryptographic information...Daniel Sims (TechSpot)
isithran reshared this.
Last week, the laying of submarine cable Natitua Sud has begun and should be completed with its landing in Tubuai on May 15th, should the weather be favorable.
NatituaSud subsea cable lands at Toahotu bay, French Polynesia
Subsea cable was deployed by OMS Group's CS Logbrog shipwww.datacenterdynamics.com
Hilarious likes this.
isithran reshared this.
Fantastic reporting by @kimzetter here - a year long report into what went down with #Solarwinds.
I'd like to highlight this bit. Zero trust, my arse. Lots of new details in this report. https://www.wired.com/story/the-untold-story-of-solarwinds-the-boldest-supply-chain-hack-ever/
SolarWinds: The Untold Story of the Boldest Supply-Chain Hack
The attackers were in thousands of corporate and government networks. They might still be there now. Behind the scenes of the SolarWinds investigation.Kim Zetter (WIRED)
isithran likes this.
Éric Freyssinet reshared this.
https://github.com/dscp46/lglass
If you wish support for another system type/brand, please drop a feature request with the commands you wish to see implemented.
Central Repeater management web interface v0.1 released.
https://github.com/dscp46/remara/
The remote repeater control agent will follow soon, I'm still adjusting some functions and the installer. Also the protocol specification needs to be completed and proofread.
#hamr #hamradio #svxlink #mqtt #remara
Short demo of our central repeater management utility.
Version 0.1 almost ready to ship.www.youtube.com/watch?v=4ykdPr…
With the growth of the regional repeater network, fellow hams asked for an easy way to control their repeaters. Here is version 0.1 of that product, which is able to manage a list of repeaters, then to send various commands (ping, change room, disconnect repeater, enable or disable repeater logic, reboot the system).
Next version will be shipped with proper privilege separation, group ACL management, and a few refinements.
Key moments:
0:00 Repeater agent running on our test stub. Network has just been cut, to show that connectivity loss can be recovered.
0:33 Repeater agent recovering its connection to the control segment.
0:39 Connecting to the management interface
0:44 Browsing through the repeater list.
0:49 Showing the repeater properties editor
1:05 Ping demo with our test laptop which is connected with user 'f4hof-s'. The UI shows a notification toast to confirm the "repeater" has acknowledged our command.
1:19 Changing conference room
1:34 Rebooting the remote system. Command hasn't been acked because the system rebooted too quickly. This will be fixed in the initial release. Please notice that the notification toast shows a warning as the command hasn't been confirmed.Coming soon: remote control of analog repeaters through #Hamnet. cc @[url=https://kloud.social/users/fred]Fr0de[/url] F4EED/KI7QQP
Control plane uses MQTT, either in fire and forget mode, or with reliable delivery and explicit command acknowledgement. #hamr #hamradio
RemAra v0.1 short demo
With the growth of the regional repeater network, fellow hams asked for an easy way to control their repeaters. Here is version 0.1 of that product, which is...YouTube
Version 0.1 almost ready to ship.
https://www.youtube.com/watch?v=4ykdPrglnfA
With the growth of the regional repeater network, fellow hams asked for an easy way to control their repeaters. Here is version 0.1 of that product, which is able to manage a list of repeaters, then to send various commands (ping, change room, disconnect repeater, enable or disable repeater logic, reboot the system).
Next version will be shipped with proper privilege separation, group ACL management, and a few refinements.
Key moments:
0:00 Repeater agent running on our test stub. Network has just been cut, to show that connectivity loss can be recovered.
0:33 Repeater agent recovering its connection to the control segment.
0:39 Connecting to the management interface
0:44 Browsing through the repeater list.
0:49 Showing the repeater properties editor
1:05 Ping demo with our test laptop which is connected with user 'f4hof-s'. The UI shows a notification toast to confirm the "repeater" has acknowledged our command.
1:19 Changing conference room
1:34 Rebooting the remote system. Command hasn't been acked because the system rebooted too quickly. This will be fixed in the initial release. Please notice that the notification toast shows a warning as the command hasn't been confirmed.
Coming soon: remote control of analog repeaters through #Hamnet. cc @Fred F4EED/KI7QQP
Control plane uses MQTT, either in fire and forget mode, or with reliable delivery and explicit command acknowledgement. #hamr #hamradio
RemAra v0.1 short demo
With the growth of the regional repeater network, fellow hams asked for an easy way to control their repeaters. Here is version 0.1 of that product, which is...YouTube
like this
isithran reshared this.
Just a little WIP from my messy workshop (should see the other half of the table). Got the idea for pride month, but will probably have them in a shop earlier. Now.. what flag to create next?
#MastoArt #3DPrinting #WIPWednesday #Fox
isithran reshared this.
Control plane uses MQTT, either in fire and forget mode, or with reliable delivery and explicit command acknowledgement. #hamr #hamradio
like this
like this
https://loper-os.org/?p=1913
Someone linked me to this site, and it has like, an entire book on finite field arithmetic.
Love discovering old internet monoliths like this
isithran reshared this.
Do foxes obey Bose-Einstein statistics, in which case their spin quantum numbers would be +1 and -1, or do they obey Fermi-Dirac Statistics, +1/2 and -1/2?
If the latter, it is possible that the fox is a Majorana fermion, in which case a fox of the opposite spin would be its antiparticle.
isithran reshared this.
A large-tech blog shared their HKDF application and I identify several issues with its implementation. Inside is an anonymized version with critiques and improvements.
Tags: #cryptography #hkdf #blog #engineering #security
https://cendyne.dev/posts/2023-01-30-how-to-use-hkdf.html
How to use HKDF to derive new keys
HKDF is a great tool to derive sub-keys from a master key, however it is often misused! Be careful about the salt parameter and use info correctly!cendyne.dev
isithran likes this.
reshared this
isithran reshared this.
https://davidmathlogic.com/colorblind/#%23648FFF-%23785EF0-%23DC267F-%23FE6100-%23FFB000
#Design #Accessibility
Coloring for Colorblindness
This interactive visual tool lets you see how accessible your color palettes are to viewers who are colorblind.davidmathlogic.com
isithran reshared this.
[1] https://testcardgen.onrender.com/
isithran reshared this.
f4ivy reshared this.
Contacter le 09 69 32 15 15 puis choix 1, 2 puis 4.
Si le conseiller ne connait pas la procédure, dites lui de faire une F185 sur le site SGE en choisissant le mode standard. Préciser que la procédure a été confirmée précédemment avec le groupe TD.
Appeler de préférence en période creuse (temps de midi par ex). Normalement, le changement devrait être effectif la nuit suivante.
like this
Au passage, c'est plutôt bien documenté chez Enedis : https://www.enedis.fr/media/2035/download
isithran likes this.
isithran reshared this.
https://wunkolo.github.io/post/2023/01/tdpbuud-average-color/
tdpbuud: Average Color
Using artificial intelligence and machine learning instructions to get the average color of an imagewunkolo.github.io
isithran reshared this.
DICOM is the medical image format, very TIFF-like.
Its preamble makes many polyglots possible, including TIFF-DICOM sharing the same image data.
It doesn't tolerate appended data - but just append a "private" tag if needed.
reshared this
isithran reshared this.
Encrypted data at rest just means they use the cloud. It's standard cloud practise. They give it basically for free at a button toggle. "Using military grade encryption" yes I know it's AES. That shouldn't make you feel any safer. Optus even said their unauthenticated API was protected by double layers of encryption! (TLS in transit and AES at rest!). That meant nothing, and did nothing to protect their breach. Why?
Because the threat models that encryption at rest protects against is someone walking into some data center and grabbing hard drives. And no one does that. Every piece of encrypted information stored by your business is constantly decrypted at some point for use - especially customer and production data. Any attacker who compromises your employees with access to cloud resources, or an application/system with access to those cloud resources will have credentials and permission to decrypt the data. Because at the end of the day encrypted data is just as useless to you as it is to the attacker.
Soatok Dreamseeker reshared this.
I get even more irritated when auditors and the like conflate that with what we do.
Soatok Dreamseeker reshared this.
- "Well, today I found out I've got a full shelf of CDs the national library in charge of the mandatory deposit in my country does not even have in its database, which lead me to read back the law to ensure I wasn't liable to a hefty fine."
like this
The rare records no one would actually be interested in, the live sets could easily be tied to me if they happend to leak on yt or something.
I think the message has been received... 😈
[object Otter] :verified_paw: likes this.
isithran reshared this.
Something I see a lot is people accepting bad IT experiences as mandatory. Like this is life, get on with it. But this isn't remotely true.
It's a choice, sometimes just not a choice an organization realizes it has. I have to be the person calling bullshit on stuff because I know. Because I understand what's normal outside the org, or I have literally done their job before as an IT Generalist.
The business malaise in accepting deteriorated user experiences is frankly shocking.
You're being led like a dog by people who aren't being challenged to do better. Who often are not stupid and can do better, but have no mandate to venture it.
Happy new year, and all the best to all of you 🎇
like this
isithran reshared this.
« A partir du 1er janvier 2023, les contraintes géographiques des numéros 01 à 05 s’assouplissent. Concrètement, il sera possible de conserver son numéro de téléphone fixe, notamment en cas de déménagement, dans une autre zone géographique de France métropolitaine. »
https://www.arcep.fr/demarches-et-services/utilisateurs/degeographisation-des-numeros-de-01-a-05-ce-qui-change-au-1er-janvier-2023.html
isithran reshared this.
isithran