Pinned ping

WARNING, pinned: toots mostly consist of non-CWed Internet memes, anime memes, personal debates, politics, sometimes discussion of controversial ideologies (but it's probably in Chinese w/ CW), even worse, mostly written in Chinese which you cannot understand. Only occasionally posting FLOSS and security-related news and opinions. Wants to follow? Proceed with care. All the views and opinions expressed here is my personal, not necessarily (and mostly, not) related to any organization I am affiliated to.

Pinned ping

I've... exploited 0days you programmers wouldn't believe.
[*contemptuous laugh*]
ROP shellcode on non-executable memory ran as the machine of Turing.
I watched Offset2lib pwns ASLR near the stack of kernel space.

All those bugs won't be fixed in time, like
[*cough*] dereference... to... NULL,
segfault (core dumped)

”Don't get confused by the similarities between 4kV ESD testing, 4kV fast transient burst testing, and 4kV
surge. The voltages are the same, but the energy behind them is totally different. Dropping a small rock
on your foot may hurt, but you will still be able to walk. Dropping a large rock from the same height will
most likely cause severe damage to your foot. Doing this 250 times per second will reduce your shoe size

Atmel engineers have done a good job on writing this application note 🤣

tired: generate random seed from mouse movements

inspired: generate random seed from cat movements, unpredictability is guaranteed.

三天时间已经有五个完全不相关的人来问我 CSPRNG 的问题了。巧合吗? ​​​​等等,这是不是宇宙的某种启示,很短的时间内发生如此不随机的事情——也就是说在暗示我,我自己用的 CSPRNG 不安全(滑稽)

"You may not like the prison industry, but there are lots of reasons to love BSD jails." 🤣

niconiconi relayed

"In this thesis, we explore the feasibility of hiding malware in ACPI bytecode by finding the kernel ASLR slide. First, we sketch a proof that
ASL, the programming language of ACPI, is turing-complete.

Furthermore, we demonstrate that because ACPI uses physical addresses, the kernel can be found via brute force. Additionally, we show that this holds true in any kASLR configuration offered by the Linux kernel. This shows that kASLR of physical addresses offers no security benefits."

ACPI is Turing-complete.

To describe low-level hardware operations in an OS-independent way, ACPI defines a virtual machine, which is provided by an operating system to run the ASL assembly language.

I knew ASL and even have modified it to workaround broken BIOS, but never realized it's running a virtual machine... Here's the question, can someone write a Lisp interpreter on ACPI...

So the kernel is running vendor-provided code with full-privilege... What could possibly go wrong... 🤔

niconiconi relayed


niconiconi relayed
niconiconi relayed

Git-signatures – Multiple PGP signatures for your commits

(submitted by Couto)

niconiconi relayed

@bgme mastodon很好用但是明星不来呀😂

niconiconi relayed
@lain let's try to guess how much RAM that gets you on a baremetal dedi... 1TBish?

sounds about right for matrix
niconiconi relayed
niconiconi relayed
niconiconi relayed

Western Digital’s RISC-V “SweRV” Core Design Released for Free

(submitted by osivertsson)

除了往 GitHub 邮箱发垃圾邮件之外,最近几年经常有一些低级的技术公司爬 Linux 内核的 git 日志,然后判断开发者的姓名是否为中文,并群发招聘的垃圾邮件。每提交一个新内核补丁,就能收到三封垃圾邮件。还说什么招聘什么什么核心高端人才,鬼才信,我自己都不信我是什么高端人才……

niconiconi relayed



niconiconi relayed


niconiconi relayed

@bgme @niconiconi 我跑了一天了还没有结束(然而从监控看只有刚开始运行的时候释放了一些空间,后面似乎就没什么卵了,我觉得 Mastodon 这个问题显然不是 fd 被进程打开造成的,因为存储系统不可能打开几万个冷文件一直不释放否则早就打到 ulimit 了,这个就是删除不完整或者它以为删了但后端没有,或者它漏掉了很多应该被删除的东西,但没有石锤证据、也不知到实际上是为什么(

分享专辑《B1T​-​0N!》 这位作者读本科时写了个简单的虚拟机当作业,后来又开发了汇编器、脚本和三通道音频合成器,然后在这台自己发明的计算机上二次创作 8-bit 音乐……后来又用 Z80 汇编把石头门 8-bit 外传的脚本引擎移植到了 ZX Spectrum 上,在 demo 大赛获奖。,在真机上真的能运行,128 KiB 内存的那个型号……俄罗斯死宅果然都不是一般人……上半张 下半张

Show more

cybrespace: the social hub of the information superhighway

jack in to the mastodon fediverse today and surf the dataflow through our cybrepunk, slightly glitchy web portal