@mjg59@nondeterministic.computer
@mjg59@nondeterministic.computer avatar

mjg59

@mjg59@nondeterministic.computer

Former biologist. Actual PhD in genetics. Security at https://aurora.tech, OS security teaching at https://www.ischool.berkeley.edu. Blog: https://mjg59.dreamwidth.org. He/him.

This profile is from a federated server and may be incomplete. Browse more on the original instance.

mjg59, (edited ) to random
@mjg59@nondeterministic.computer avatar

STOP DOING HARDLINKS

INODES WERE NOT MEANT TO EXIST IN MULTIPLE DIRECTORIES

YEARS OF FILES yet NO REAL-WORLD USE FOUND for being in more than one directory

Wanted to reference files from more than one directory anyway? We had a tool for that: it was called "SYMLINKS"

"Yes please give me FIFTEEN paths that this file resolves to" - Statements dreamed up by the utterly Deranged

"Hello I would like different permissions on this file based on path" They have played us for absolute fools

mjg59, to random
@mjg59@nondeterministic.computer avatar

Impulse bought an LTE base station and I guess this is how @jonty feels about once every couple of days

mjg59, to random
@mjg59@nondeterministic.computer avatar

Given a webauthn.create response, what is the absolute easiest way for me to verify that it has a valid signature (in an ideal world something like https://debugger.simplewebauthn.dev/ but validates the signature rather than just verifying the format is good)

mjg59,
@mjg59@nondeterministic.computer avatar

@Natanael_L yes, but ended up having to write one myself

mjg59, to random
@mjg59@nondeterministic.computer avatar

Hmm got a response from CPUC saying that they're not responsible for enforcement of AT&T's Carrier of Last Resort obligations, and referring me back to AT&T. How is this actually meant to work? (Yes, I know all they're nominally obliged to provide is a basic copper landline service, that's all I'm looking for here)

mjg59,
@mjg59@nondeterministic.computer avatar

@grumpybozo My understanding is that it's a state-by-state issue

mjg59,
@mjg59@nondeterministic.computer avatar

Ok apparently a miscommunication, spoke to a couple of very helpful people at CPUC, was transferred to someone in the AT&T President's Office, and now have an order for copper to be connected along with an assertion that they don't need to install anything (I'm sceptical about this claim given the infrastructure all burned down back in 2021 and I can't imagine they decided to hook any remaining copper back up, but let's see)

mjg59,
@mjg59@nondeterministic.computer avatar

@blaise as am I! They have given me a phone number, now I just need to buy a phone

mjg59,
@mjg59@nondeterministic.computer avatar

To my utter lack of surprise, there's apparently several miles of missing copper due to the entire "the forest was on fire" thing

mjg59, to random
@mjg59@nondeterministic.computer avatar

Incredibly random question, but anyone have any experience with LTE-U hardware?

mjg59,
@mjg59@nondeterministic.computer avatar

(And does any of it actually exist other than the Baicells stuff that's the only one I can find?)

mjg59,
@mjg59@nondeterministic.computer avatar

@funkylab I'd rather use off the shelf hardware than deal with additional complexity that's under my control

mjg59, to random
@mjg59@nondeterministic.computer avatar

Oh huh Signal has been compromised by The Woke, time to take a big sip of water and check out the politics of the original authors I guess

mjg59, to random
@mjg59@nondeterministic.computer avatar

My annual plea for a thing: I want a type 1 hypervisor that just has a small isolated VM and then passes through the rest of the hardware to the main VM which runs Linux. The small VM is intended to be used to run small pieces of code that the main OS should not be able to interfere with. Does such a thing exist? (Think Xen, but with a Dom0 that can't see into DomUs)

mjg59,
@mjg59@nondeterministic.computer avatar

@baloo @hyc Right, you can do it the other way around with SEV, but that then leaves you with very restricted hardware support at the moment

mjg59,
@mjg59@nondeterministic.computer avatar

@noodles @hyc Some form of secret manager, at least

mjg59,
@mjg59@nondeterministic.computer avatar

@rzeta0 A hypervisor doesn't have to let a privileged VM see into other VMs - Xen allowing that for Dom0 is an artifact of their design rather than anything inherent. The primary Windows VM can't see into the Credential Guard VM, since the hypervisor has drawn a hardware-enforced barrier in between them.

mjg59,
@mjg59@nondeterministic.computer avatar

@rzeta0 Cryptography doesn't remove side channels - if you keep the secrets in a TPM but it doesn't use constant time operations, or if I'm able to monitor the power rails, that's not an absolute barrier. Very little is absolute - the level of security appropriate for a given problem will vary depending on what your threat model is, and I'm broadly ok with having my WebAuthn secrets in a separate VM running on the same CPU

mjg59,
@mjg59@nondeterministic.computer avatar

@noodles @hyc SEV is pretty much exclusive to server parts, and I have a laptop

mjg59,
@mjg59@nondeterministic.computer avatar

@fl0_id @hyc it's a hypervisor, it simply imposes a barrier between the resources? This isn't a conceptually complicated situation, modern CPUs support it just fine

mjg59,
@mjg59@nondeterministic.computer avatar

@fl0_id @hyc overridden by whom?

mjg59, to random
@mjg59@nondeterministic.computer avatar

Extremely strong competition this year and very happy with the result

mjg59,
@mjg59@nondeterministic.computer avatar

Kind of feel that coming second to a team with @deviantollam and @Tarah is not a bad outcome

mjg59, to random
@mjg59@nondeterministic.computer avatar

Dystopian thriller novel concept: antagonist puts phone in airplane mode and turns off GPS but ends up having their movements tracked by extracting their Pixel's history of identified background music and cross-referencing against their victim's phone

mjg59, to random
@mjg59@nondeterministic.computer avatar

Flights to @emf booked, so time for the "Don't get arrested in England" challenge 2024 edition (flawless record so far)

  • All
  • Subscribed
  • Moderated
  • Favorites
  • provamag3
  • InstantRegret
  • mdbf
  • ethstaker
  • magazineikmin
  • GTA5RPClips
  • rosin
  • thenastyranch
  • Youngstown
  • osvaldo12
  • slotface
  • khanakhh
  • kavyap
  • DreamBathrooms
  • JUstTest
  • Durango
  • everett
  • cisconetworking
  • Leos
  • normalnudes
  • cubers
  • modclub
  • ngwrru68w68
  • tacticalgear
  • megavids
  • anitta
  • tester
  • lostlight
  • All magazines
    •