@mjg59@nondeterministic.computer
@mjg59@nondeterministic.computer avatar

mjg59

@mjg59@nondeterministic.computer

Former biologist. Actual PhD in genetics. Security at https://aurora.tech, OS security teaching at https://www.ischool.berkeley.edu. Blog: https://mjg59.dreamwidth.org. He/him.

This profile is from a federated server and may be incomplete. Browse more on the original instance.

mjg59, to random
@mjg59@nondeterministic.computer avatar

Oracle "Prove your commitment to Liinux by releasing a GPL-compatible version of the CDDL rather than just rebranding RHEL" challenge (difficulty: impossible)

mjg59,
@mjg59@nondeterministic.computer avatar

@not2b ZoL has diverged quite significantly from upstream, and Oracle don't own it. But almost all of it is licensed in such a way that newer versions of CDDL would automatically apply to it.

mjg59, to random
@mjg59@nondeterministic.computer avatar

Who wants a blogpost about what a root of trust actually is and why almost all existing implementations don't actually provide that trust

mjg59, to random
@mjg59@nondeterministic.computer avatar

Did you know! US federal legal filings are publicly available via PACER, but cost money. The RECAP extension (https://free.law/recap) uploads any PACER downloads you make to https://www.courtlistener.com/recap/ where they're freely available. Also, if your PACER balance is under $30 in a quarter, it's written off. If everyone who reads this uploaded $29 of stuff to RECAP every quarter, way more material in the public interest would be publicly available. Is there any way to organise this?

mjg59, to random
@mjg59@nondeterministic.computer avatar

Every Eero in my mesh was functioning as a Thread router and sending IPv6 RAs for the same /64, which meant Linux kept updating its routing table based on whichever one it saw most recently, which meant Chrome kept firing ERR_NETWORK_CHANGED errors if a page load was in flight when that happened and good lord

mjg59,
@mjg59@nondeterministic.computer avatar

No clue whether the bug here is every Eero advertising the route rather than just one of them doing that, or whether it's Chrome for triggering that error even if all that's happened is that a unique link address is now routed via a different gateway

mjg59,
@mjg59@nondeterministic.computer avatar

Fucking computers

mjg59, to random
@mjg59@nondeterministic.computer avatar

I am once again encouraging people to reject the idea that terms of service should have any legal significance whatsoever

mjg59,
@mjg59@nondeterministic.computer avatar

How the fuck do you apply terms of service to a service that allows people on other servers to read the data without agreeing to the ToS

mjg59,
@mjg59@nondeterministic.computer avatar

Using the tools of the oppressor against them is a perfectly legitimate short term strategy but could people please think about what the ideal future looks like before arguing for increased legal control of services

mjg59,
@mjg59@nondeterministic.computer avatar

@brot There's a whole bunch of things that can be done here and "Let's use terms of service" is not one of them

mjg59, to random
@mjg59@nondeterministic.computer avatar

Hitting Twitter with a Googlebot user agent now returns "Unverified web crawlers are not allowed"

mjg59,
@mjg59@nondeterministic.computer avatar

Although there's still material being indexed, so it's possible that they're still allowing it from specific IP ranges

mjg59, to random
@mjg59@nondeterministic.computer avatar

Discovering that most of my students never experienced Windows ME is probably the thing that has made me feel oldest

mjg59,
@mjg59@nondeterministic.computer avatar

@drbrain Fortunate

mjg59, to random
@mjg59@nondeterministic.computer avatar

Welcome to all the new users fleeing twitter! It's important to remember that the Fediverse (the correct term to describe what people frequently call "Mastodon") isn't Twitter and there are different social rules here. In order to avoid upsetting people who've been here for a while already, here's some guidance:

  1. Become ungovernable
  2. No snitching
  3. Otherwise, do whatever the fuck you want

Hope that helps!

vorlon, to random
@vorlon@mastodon.social avatar

A lot of people seem to be upset about the kolektiva.social database compromise because the data was unencrypted on a disk. I think this displays a failure to understand how little effective encryption of data happens on servers.

The admin should have been using encryption on their local drives. They also shouldn't have had the data local where it could be caught up by an unrelated warrant.

But if the warrant had been for kolektiva.social itself, served against a cloud provider?

mjg59,
@mjg59@nondeterministic.computer avatar

@RAOF @vorlon Device Health Attestation is available for Windows as both a local or hosted solution, but otherwise yup it's bad

sil, to random
@sil@mastodon.social avatar

I never know what to do when adding subheading titles to an article.
<h1>Stuart's Food Guide</h1>
<h2>or, Pies I Have Known</h2>
<h3>by Stuart</h3>

but then what do I use for titles for each of the sections? <h1>? <h2>? <h3>? maybe <h4>?

Anyway, now I do know, because @SteveFaulkner has written https://www.tpgi.com/subheadings-subtitles-alternative-titles-and-taglines-in-html/ which Explains All This and it's good.

Short answer:
<hgroup>
<h1>Stuart's Food Guide</h1>
<p>or, Pies I Have Known</p>
<p>by Stuart</p>
</hgroup>

<h2>Section 1: Meat</h2>

mjg59,
@mjg59@nondeterministic.computer avatar

@sil HTML header tags feel like about the worst remaining artifact of HTML 1.0

mjg59, to random
@mjg59@nondeterministic.computer avatar

Quiz! Why is it bad if a measured boot implementation allows you to use the attestation signing keys to sign arbitrary material?

mjg59, to random
@mjg59@nondeterministic.computer avatar

Going to be presenting at the Linux Security Summit in Spain in September on a mechanism that lets you tie secrets to the TPM in a per-process mechanism that can even be tied into IMA, and which allows more nuanced outcomes than just using the kernel keyring.

mjg59, to random
@mjg59@nondeterministic.computer avatar

Good morning today I am reverse engineering AMI's firmware update tool because of course I am

mjg59,
@mjg59@nondeterministic.computer avatar

This tool "works" by extracting the source for a kernel driver from itself, building it, and then using it to proxy a bunch of SMM calls. Which means if you run it on a system with secure boot enabled, it just prints an error and does nothing.

mjg59, to random
@mjg59@nondeterministic.computer avatar

Oh come on Chrome, what format is this timestamp?

{"params":{"reason":"Network changed"},"phase":0,"source":{"id":3431991,"start_time":"722958226","type":7},"time":"723098223","type":107},

mjg59, to random
@mjg59@nondeterministic.computer avatar

I know there are people reading this who work for major companies still advertising on Twitter (Apple, Google, and Amazon at least), so: two days before the SF Trans March, Elon is making it even more explicit that Twitter is a transphobic platform. You have the ability to influence the behaviour of your employers. Maybe do that?

mjg59,
@mjg59@nondeterministic.computer avatar

@Grandalf https://twitter.com/elonmusk/status/1671370284102819841 but sure

  • All
  • Subscribed
  • Moderated
  • Favorites
  • JUstTest
  • InstantRegret
  • mdbf
  • ethstaker
  • magazineikmin
  • cisconetworking
  • rosin
  • thenastyranch
  • Youngstown
  • GTA5RPClips
  • slotface
  • khanakhh
  • kavyap
  • DreamBathrooms
  • megavids
  • Durango
  • everett
  • tacticalgear
  • tester
  • osvaldo12
  • modclub
  • normalnudes
  • ngwrru68w68
  • cubers
  • Leos
  • provamag3
  • anitta
  • lostlight
  • All magazines
    •