Indeed, made some preliminary tests under RHEL 9 (Rocky, etc) for example and if you're used to compile HAProxy from sources to use specific OpenSSL versions, testing "aws-lc" is fairly straightforward. Their BUILD instructions and INSTALL file from HAProxy also help.
> Chipworks offers $50-250k to fully extract the eFUSE of one Intel i5 processor, so the eFUSE content is encrypted by a master key (called “global wrapping logic key” in the patent).
I wonder how readily things like this are known within the HW security community?
Elevated temps significantly impact the retention and are included in some datasheets by memory vendors, but often they are omitted and you need to request them.
Switched to Technitium (from piHole via Docker on amd64 and manual dnsmasq before that) primarily for DNS over HTTPS and never looked back. Used it for DHCP and DNS.
For anyone wondering, this was written in 2019 and is no longer "new". I was confused by the following line since I recall this being available for sometime:
> By using the newly introduced dm-writecache device mapper Linux kernel module
Looked for a publication date, but nothing anywhere on the page other then timestamps in the command output mentioning 2019. Wayback machine confirms this as well[0]
Where do you get that? Sounds like they improved performance over the previous "fixes":
> Intel's internal tests show that the 0x12B update does not noticeably affect performance. Benchmarks and gaming tests, including popular titles like Cyberpunk 2077 and Shadow of the Tomb Raider, showed results within normal expected variations when compared to the earlier 0x125 update.
biggest issue with those chips on mobile is very aggressive thermal throttling. i dont have experience with desktop or server line because i just run amd for years (mostly because of ecc support on the entire line)
> Second, the eTVB microcode allowed certain 13th and 14th Generation Core i9 processors to maintain high performance even at elevated temperatures, which was corrected with the 0x125 microcode update released in June 2024.
On Google Pixel 8 (IDK about other Android phones) you can press the power button + volume up button to launch a pop-up menu with the following options: restart, power off, lockdown, emergency.
If you select lockdown you'll be required to use a pin or password to unlock the phone.
> Embrasure is an open-source, self-hosted secrets management tool built on Amazon Web Services (AWS) for small teams seeking simplicity and security.
Was excited to hear about self-hosted secrets management, but expected "self-hosted" to mean I can host anywhere, but the depends specific AWS features.
I actually mean that the service need not care if it's in the cloud or on-premise as opposed to whose cloud. Many of my services don't need to do anything in the cloud.
If you look at things like awesome-selfhosted[0] you'll see that this is the prevailing expectation of things describing themselves as "self-hosted".
I don’t think we should go down that rabbit hole of redefining self hosting ad anything other than host it in your own infra. So if AWS disappeared today, would your product still be self hosted? If being self hosted does not actually depend on your product but on the availability of another provider, there I don’t think we should call it self hosted.
> Based on a strict definition, I agree that Embrasure may not be considered self-hosted, but I don't think that's the "prevailing expectation."
I wont 100% discount that I live in a bubble, but try ask 100 random people what "self hosted" means, I would strongly guess that very very few says "I can (only) spin up some resources on AWS and deploy it there"
Self-hosting does not mean you can't run it on AWS, but people expect more. Just look at Postgresql as an example of a self hosted software. You can run it in the cloud or your own basement.
