> I want to use the same authorization policy for resetting the DA lockout counter on login, and also have a long password/AuthValue for resetting the counter manually.
LUKS has multiple "key slots" so IIRC you can use one slot for TPM unlock, and a different one for long password unlock.
Have you considered using that as your recovery mechanism?
> It's just for a personal project,
One of the reasons very few hobbyists touch the open source TPM stuff is there are a number of alternatives that scratch similar itches much more easily.
Need to protect a crucial encryption key by locking it up in hardware? Buy a Yubikey.
Disk encryption password on your laptop is inconvenient? Just use standby when you close the lid instead of powering off fully. Login password is inconvenient? Fingerprint reader, or biometric yubikey.
Unattended kiosk, school computer lab or similar that needs to boot without a password? Just put it in a sturdy metal box and chain it to the wall.
Server in a data centre that needs to boot unattended? Move to a data centre with physical security you can trust. Still worried? Dropbear or Tang so it has to be on the right network before it'll boot.
Home lab hobbyist, working with the TPM for fun? Assess whether you're actually having fun working with the TPM, and you'll probably notice you're not.
I love retrocomputing. It completely flips the idea of "outdated consoles" on its head. Instead of being less valuable because there are better options, they are instead a forever-immutable computer for developers to target.
The produced consoles will last many more years (I have an N64 still kicking running new ROM hacks on an Everdrive). And even if every bit of hardware becomes defunct, the emulators will live on preserving that architecture in an immutable state forever.
I used to think "what's the point of creating new software for old consoles" but once I reframed them this way, I find them as or more exciting that writing software for modern hardware.
Oh they still haven't figured this one out at knowyourmeme?
Demon Core meme came from KanColle(2013) communities in Futaba, and permeated to nicovideo.jp as well as to Twitter. That's why it is predominantly image based with few GIFs inbetween, why it is Demon Core and Demon Core only, and why there are few comical non-girl versions created years after inception.
I'd guess overlap between outspoken (ex-)Futaba users AND HN readers(hops_max=3) OR knowyourmeme users is exactly 1.0f, and this won't ever go on record anywhere unless someone say it somewhere, so here you go.
The solution is to project strength and hit them where they don't expect. You are dealing with a thug, not a cost/benefit accountant, as Obama seemed to mistakenly believe. As long as they do things and we respond, nothing good will happen. They have already calculated the response and found it acceptable. Instead of this, go to the mattresses. Oh, your bridge has suddenly exploded? Shame.
The hashes involved in stuff like this, as with copyright auto-matching, are perceptual hashes (https://en.wikipedia.org/wiki/Perceptual_hashing), not cryptographic hashes. False matches are common enough that perceptual hashing attacks are already a thing in use to manipulate search engine results (see the example in random paper on the subject https://gangw.cs.illinois.edu/PHashing.pdf).
Someone gave me an analogy some time ago that made a lot of sense.
If you shine a flashlight through a tree blowing in the wind and vary the brightness to convey information, the signal can get distorted pretty easily.
However, if you have a constant brightness source and vary the color, it’s a lot easier to figure out what the source is trying to convey.
TFA literally already says what you said. They're making a reasonable distinction between chewing coca leaves for mild stimulant effect and huffing a fat rail of the pure stuff.
It gives the wrong idea to say these 17th century people were doing cocaïne.
There was a great Defcon talk about this called The Secret Life of SIM Cards that I can recommend watching (they release the video for these some time after the conference).
The talk itself was about a group that had an enormous camping trip (I hope that phrasing doesn't diminunise it) called Toorcamp of a few thousand people that thought it would be fun to also put together their own cell network for just them. They bought and programmed SIM cards and hid puzzles in the programs on them.
But the amount of programming that can be done on the SIM card alone without involving the main processor at all was really quite fascinating and there's a lot of detail in the talk if you can track it down. Here are the slides at least https://speakerdeck.com/codebutler/the-secret-life-of-sim-ca...
I think the better way to ask this question is: how much large scale spatial variation can there be in the laws of physics so that the observable behavior doesn't contradict existing observations? As far as I remember, this has been studied, but I can't find a reference right now.
Part of the reason why Crowdstrike have access, why MS wasn't allowed to shut them out with Vista was a regulatory decision, one where they argued that somebody needs to do the job of keeping Windows secure in a way that biased Microsoft can't.
So, I guess you could have some sort of escrow third party that isn't Crowdstrike or MS to do this "audit"?
Why is it critical for flight safety? It is critical for security theatre we have to endure at airports because some people have heightened neuroticism.
Be that as it may, of course the error needs correction. If it really is a one man show for tool like this, it isn't even surprising that there are shortcuts.
The "relevant devices" is surely referring to the displays here. I would love to go DP for everything but the best I can seem to find is computer monitors with 1 DP input and usually 2 or more HDMI. For living room type displays you won't find DP at all.
This analysis leaves out the fact that Pavel Durov is, with Telegram, in approximately the same position Ladar Levison was with Lavabit. Unlike Meredith Whitaker, Durov actually is in a position to furnish documents to the French government, where he has citizenship. He's in that position because he has repeatedly made deliberate product decisions, to the bafflement of cryptographers around the world, to keep himself in that position.
If you literally have plaintext documents responsive to criminal inquiries in a jurisdiction you are subject to, we don't reach the "internet censorship wars". You're in a place not dissimilar to a 1970s telephone company; the "random people can't simply declare themselves above the law wars". Don't be in that place. Encrypt end-to-end.
"We're sorry this Lithium Hydroxide canister does not appear to be genuine or has been refilled. Please contact Boeing for assistance and to order genuine parts."
As an aside one of the things I love about old school military equipment is the "battle short." It effectively disables all the safety equipment and limit switches and allows the device to run even though the device believes it should not. There's an extra measure of confidence you get just from seeing that option available to you. "No, damnit, RUN!"
I find it hard to believe that it actually is a microcode issue.
Mostly because Intel has way too much motivation to pass it off as a microcode issue, as they can fix a microcode issue for free, by pushing out a patch. If it's an actual hardware issue, then Intel will be forced to actually recall all the faulty CPUs, which could cost them billions.
The other reason, is that it took them way too long to give details. If it's as simple as a buggy microcode requesting an out-of-spec voltage from the motherboard, they should have been able to diagnose the problem extremely quickly and fix it in just a few weeks. They would have detected the issue as soon as they put voltage logging on the motherboard's VRM. And according to some sources, Intel have apparently been shipping non-faulty CPUs for months now (since April, from memory), and those don't have an updated microcode.
This long delay and silence feels like they spent months of R&D trying to create a workaround, create a new voltage spec to provide the lowest voltage possible. Low enough to work around a hardware fault on as many units as possible, without too large of a performance regression, or creating new errors on other CPUs because of undervolting.
I suspect that this microcode update will only "fix" the crashes for some CPUs. My prediction is that in another month Intel will claim there are actually two completely independent issues, and reluctantly issue a recall for anything not fixed by the microcode.
"Perhaps the worst thing about being a systems person is that
other, non-systems people think that they understand the daily
tragedies that compose your life. For example, a few weeks ago,
I was debugging a new network file system that my research
group created. The bug was inside a kernel-mode component,
so my machines were crashing in spectacular and vindic-
tive ways. After a few days of manually rebooting servers, I
had transformed into a shambling, broken man, kind of like a
computer scientist version of Saddam Hussein when he was
pulled from his bunker, all scraggly beard and dead eyes and
florid, nonsensical ramblings about semi-imagined enemies.
As I paced the hallways, muttering Nixonian rants about my
code, one of my colleagues from the HCI group asked me what
my problem was. I described the bug, which involved concur-
rent threads and corrupted state and asynchronous message
delivery across multiple machines, and my coworker said,
“Yeah, that sounds bad. Have you checked the log files for
errors?” I said, “Indeed, I would do that if I hadn’t broken every
component that a logging system needs to log data. I have a
network file system, and I have broken the network, and I have
broken the file system, and my machines crash when I make
eye contact with them. I HAVE NO TOOLS BECAUSE I’VE
DESTROYED MY TOOLS WITH MY TOOLS. My only logging
option is to hire monks to transcribe the subjective experience
of watching my machines die as I weep tears of blood.”
To this day I maintain that a large part of IPv4 space wastage is due to the HTTP WG's longtime avoidance of adopting SRV or SRV-like DNS records or even the DNS itself as normative for HTTP/HTTPS, instead allowing the HTTP RFCs to just vaguely suggest that DNS might be one way to resolve the IP address of origin servers, whilst in practice squatting on the A (address) record like they owned it (and worse, all the apex records). Consequently inspiring a vast chorus of LIRs applying for /19 allocations over the years "for SSL hosting" and continuing to do so long past the introduction of SNI (RFC 3546). Saw this behaviour firsthand as a European LIR operator with friends at RIPE. Is it cracked down on now? Yes. Are there whole swathes of IPv4 space that remain unassigned or entirely unannounced? Yes. Does every large-scale DNS hosting service have some hackish way to workaround the prohibition of CNAME records at the zone apex? They sure do, and HTTP is why.
Paul Vixie saw it coming, the very first example in the original SRV proposal (RFC 2052, 1996) is resolution of HTTP. Alas that this example was omitted in later editions. The new SVCB/HTTPS RRs (RFC 9460, 2024) are literally decades overdue.
I use it a lot. It's great to find dev resources, hidden gems, sites that talk about a specific topic, etc. It does have a limit (100 links), but for purposes such as this one - it is an absolute must-have bookmark for me.
It seems like a much more suitable parallel construction story to invent in this instance would be something like "there were valgrind issues reported, but I couldn't reproduce them, so I sanity checked the tarball was the same as the git source. It wasn't."
On the flip side, in this war many of the Gaza combatants are either irregular forces or militants deliberately wearing civilian clothing.
So if some guy in a track suit and flip-flops uses an anti tank grenade launcher, discards the empty tube, walks away, and gets lit up, then the next day the Internet is awash with videos of the “IDF murdering a civilian!”
For reference, I think both sides are in the wrong in this conflict, and Israel more than Gaza.
However, the Internet is full of armchair international law experts that are being played like a fiddle by Hamas’ propaganda arm.
Speaking of international laws of combat: no protections apply to non-uniformed combatants pretending to be civilians. None. They can be tortured, executed on the spot, whatever.
If you want protections to apply to you, then wear a uniform or never go anywhere near a gun.
>Also it involves Java ecosystem stuff like Gradle which can drive a person mad sometimes.
Interesting. Why is that? I've been out of the Java loop for some years (although I did a fair amount of work with it earlier), so not up to date with this stuff.
Yes, I noticed that recently when writing a unit test with with randomly created IP addresses. A significant part where deemed as non-routable by the code under test, so I had to limit the first octet < 224.
But is that huge allocation really extensively used in real life? How?
Or could a significant part just be reallocated for new unicast usage?
That specific chip I linked to the article about has the ability to run x86 code via translation and they claim it can run Windows. Guess that solves the chicken and egg issue, but the biggest problem is who would be willing to fab it for them, sad that politics and war interrupted this.
A lot of vehicles - my wife’s 2015 Kia included - have a very flawed implementation of rolling key encryption. Basically, you need to capture three consecutive keys. The receiver is programmed to allow any future key (in case the fob was pressed away from the car), and will happily reset to past keys when you send three consecutive keys in sequence.
Ostensibly this is to avoid people’s fobs from becoming “unpaired” somehow if the car receives a future key. You just hit the button a few times and it works. In practice, it’s trivially easy to exploit.
LUKS has multiple "key slots" so IIRC you can use one slot for TPM unlock, and a different one for long password unlock.
Have you considered using that as your recovery mechanism?
> It's just for a personal project,
One of the reasons very few hobbyists touch the open source TPM stuff is there are a number of alternatives that scratch similar itches much more easily.
Need to protect a crucial encryption key by locking it up in hardware? Buy a Yubikey.
Disk encryption password on your laptop is inconvenient? Just use standby when you close the lid instead of powering off fully. Login password is inconvenient? Fingerprint reader, or biometric yubikey.
Unattended kiosk, school computer lab or similar that needs to boot without a password? Just put it in a sturdy metal box and chain it to the wall.
Server in a data centre that needs to boot unattended? Move to a data centre with physical security you can trust. Still worried? Dropbear or Tang so it has to be on the right network before it'll boot.
Home lab hobbyist, working with the TPM for fun? Assess whether you're actually having fun working with the TPM, and you'll probably notice you're not.