HackerTrans
TopNewTrendsCommentsPastAskShowJobs

tiberious726

259 karmajoined قبل 4 سنوات

comments

tiberious726
·قبل 20 ساعة·discuss
Not presupposing something is not itself a presupposition
tiberious726
·قبل 20 ساعة·discuss
I take exception to calling ck3 similar to civ
tiberious726
·قبل 29 يومًا·discuss
And should be expected at any time without backups
tiberious726
·قبل 29 يومًا·discuss
Who would exploits be sold to then?
tiberious726
·قبل 29 يومًا·discuss
"Over 900 packages infected in a repository anyone can upload to, it just has to be compatible with Arch"
tiberious726
·الشهر الماضي·discuss
This is correct, look at IBM's CAPI for an example of the needed hardware
tiberious726
·الشهر الماضي·discuss
Install the plasma add-ons package if you're on KDE, I'm sure there's still something around for gnome too.

Burning windows away on close is my favorite
tiberious726
·قبل شهرين·discuss
I fly with a flipper zero often. What are you talking about?
tiberious726
·قبل شهرين·discuss
A hackrf is less expensive than a flipper and more capable in every way, except the dolphin gifs.

The flipper's primary use is that looks like a children's toy, which makes it far more effective for demos of how bad an orgs security is to not-especially-technical stakeholders than something like a hackrf or chameleon
tiberious726
·قبل شهرين·discuss
How does Forgejo stack up to Gitea nowadays?
tiberious726
·قبل 3 أشهر·discuss
#AmericaColonizesEurope
tiberious726
·قبل 3 أشهر·discuss
It basically did, just in hex...
tiberious726
·قبل 3 أشهر·discuss
There is much better hardware available to security researchers (chameleons, hackrf, and actually research-grade (much more expensive) equipment).

The flipper is basically an Arduino pre built with a bunch of static antennas. It's fine and in a decent form factor, but I really haven't found it useful.

Do you have any links to actual research (not children playing "researcher") done with flipper hardware?
tiberious726
·قبل 3 أشهر·discuss
It doesn't infer anything, you just hit a blacklisted token
tiberious726
·قبل 3 أشهر·discuss
The fury X was a beast for a consumer card, sadly limited by having a mere 4gb of (hbm) VRAM, and a non-refillable AIO. But back when games could fit in 4gb, it was incredible.

I'd absolutely buy another hbm consumer GPU if it had at least 8gb (and if I got the vibe/hope AMD will actually support for a couple years...)
tiberious726
·قبل 3 أشهر·discuss
> TPM isn't for "security" in the abstract, it's fundamentally for authentication

What on earth do you think I make my users present keys for???

You know all those guides saying "you should never copy an ssh private key over the network. Make a new one for each device" that every idiot dev ignored? Now I can enforce that.
tiberious726
·قبل 3 أشهر·discuss
This article's method is bad, basically the same as systemd-creds (not itself bad, just extremely compatible), take a look at tpm-ssh-agent or gnupg for how to do that part the right way (the party they don't do right is bind/sign to pcrs, which is just low hanging fruit in today's day and age...)
tiberious726
·قبل 3 أشهر·discuss
If you run into the link to this, is love to read it. Proper, modern, pcrphase binding with a signing key should remove these firmware update issues irt the raw pcr value changing
tiberious726
·قبل 3 أشهر·discuss
The authors of both this article and ssh-tpm-agent (disjoint set) really need to learn about pcrphases and the signing keys therefor: https://github.com/Foxboron/ssh-tpm-agent/issues/15
tiberious726
·قبل 3 أشهر·discuss
I set up my orgs SPF/DKIM/DMARC (we self host, they have feelings about corporate data sovereignity...) it look about 30 min having never touched them before, and maybe another 15 to write an ansible playbook to rotate the keys.

We do have a _tremendous_ amount of spam fail these checks, as well as a few legitimate organizations.... Some of our peer companies have sent out notices that they will bounce anything that fail these checks in the coming years, and we're probably going to to do the same before too long.

It's trivially easy, and absolutely valuable