@sirdarckcat.bsky.social
Google security researchers have improved the Retbleed CPU side-channel attack to increase exfiltration speed.
The attack can now leak data at 13 KB/s, which is fast enough to be used in modern cloud environments.
bughunters.google.com/blog/6243730...
youtu.be/sUFDKTaCQEk?... (slides at entrysign.top)
20.05.2025 08:33 β π 7 π 4 π¬ 0 π 0Google published details on EntrySign, an AMD Zen microcode signature validation vulnerability (CVE-2024-56161) that can allow threat actors to install malicious firmware: bughunters.google.com/blog/5424842...
It also released Zentool, a tool to jailbreak AMD processors: github.com/google/secur...
It's covered by the privacy policy, so similar to Docs/GMail!
10.02.2025 06:53 β π 1 π 0 π¬ 0 π 0I am such a big fan of NotebookLM.. The ability to say, hey, here are 20 papers and 3 books from this subject matter, can you please explain this problem to me? and have active in-depth Q&A helps me solve problems in new spaces so much faster. What used to take me multiple weekends now takes hours
09.02.2025 20:29 β π 2 π 0 π¬ 1 π 0
A restaurant menu with *(V) and *(V+)
What type of C code is this??!
08.02.2025 11:40 β π 3 π 0 π¬ 0 π 0
It's out and make for a very interesting read:
github.com/google/secur...
IMO, AMD should own it and release a microcode SDK....
@sirdarckcat.bsky.social
Yes!!! It would be so cool if they open sourced their tools
03.02.2025 22:17 β π 1 π 0 π¬ 0 π 0youtu.be/H9K45VkjKvM?... I found a video of c developers
14.01.2025 22:25 β π 1 π 0 π¬ 0 π 0
Ok I understand but can I pay 7 yen more?
03.01.2025 04:34 β π 3 π 0 π¬ 0 π 0
LLMs are at least better translators than normal translation tools
gemini.google.com/share/68582c...
I think the FBI is taking a chaotic good approach to secure coding. No more insecure software or.. right to jail!
01.01.2025 11:29 β π 0 π 0 π¬ 0 π 0"Guan Tianfeng's role in the conspiracy was to develop and test the zero-day vulnerability" - yikes, better not develop any more vulnerabilities or fail to do proper testing or the FBI will go after you!
www.fbi.gov/wanted/cyber...
π€
01.01.2025 00:28 β π 2 π 0 π¬ 1 π 0Today I realized <input type=radio> implements roving tabindex natively.. so you can hack a css-only implementation. Forgive me ARIA, for I will sin.
29.12.2024 00:45 β π 0 π 0 π¬ 0 π 0
Is this what they call a culture shock in Japan?
28.12.2024 02:59 β π 1 π 0 π¬ 0 π 0Made a tiny game with my 6-years old cousin tonight using cursor.com - must say this was way easier than I thought, and I literally wrote zero code.
sirdarckcat.github.io/salchichon/
So with that, I'll update this thread when I make some progress π
23.12.2024 15:20 β π 0 π 0 π¬ 0 π 0Some I will fix by hiding it from the a11y tree (like the checkboxes), some I will fix by changing divs to buttons (as I should have done since the start). Some I will add aria roles (like for things I styled as links but can't make real links).
Some I'm curious what will happen (like dialogs).
So, with that, my next step is going to be to look at the *actual* a11y tree of the application and see what's there that shouldn't be there.
Some stuff I already know I will find is:
1. I used some divs as buttons instead of using <button>
2. I used some checkboxes for keeping CSS state
On an older project of mine, I did this exercise of designing with the accessibility tree, and when making the end-to-end tests, I also serialized the a11y tree to identify regressions (Google also has an internal tool called Rembrandt that does this), you can see it here
github.com/google/tampe...
Screen readers actually have better keyboard navigation tools than we do (yikes!), as there are a lot more keyboard shortcuts. However, the majority of the interactions work without assistive technologies. As a result, a significant "upside" about caring about a11y is better keyboard UI design.
23.12.2024 15:20 β π 0 π 0 π¬ 1 π 0As such, when drafting the a11y tree we can "imagine" what hierarchy is easy to navigate through by landmarks and tabbing. One (surprising?) result is that this makes the webapp extremely keyboard friendly, and in a way, helps users be more productive.
23.12.2024 15:20 β π 0 π 0 π¬ 1 π 0Screen readers "navigate" through the accessibility tree, but they also use "landmarks" like headings. And to navigate the hierarchy within the application. Interactive elements (like buttons) also can be sequentially browsed through by tabbing.
23.12.2024 15:20 β π 0 π 0 π¬ 1 π 0When we "design", we sometimes let the user assume what certain elements are, based on their looks. For example rounded corners for tabs, or 3d boxes for buttons. This "look and feel" is called an affordance, and for a11y you label these on the a11y tree with aria roles (tablist, button).
23.12.2024 15:20 β π 0 π 0 π¬ 1 π 0
Mock of kernel explorer, with boxes and arrows representing different parts of code and a nav bar with tabs.
The a11y tree for a related view of the app.
An interesting exercise is to design the UI of our web app, but instead of doing drawings, draft how the a11y tree of our app would be "seen". Or, in other words, design for a11y first.
This actually is a lot easier and faster than drawing boxes. See the screenshots below, for example.
Browsers have something similar to the DOM tree but called the Accessibility Tree.
developer.chrome.com/blog/full-ac...
In many ways it is similar to the DOM tree, but it only contains elements that assistive technologies (like screen readers) find useful, and may have a different hierarchy.
So one thing I want to work on the kernel explorer before we keep accumulating tech debt is accessibility.
I thought it would be cool to try and describe how I'll approach it, so this will be a 𧡠thread I'll update as I make progress.
Writing CSS is so relaxing..
codepen.io/sirdarckcat/...
<div class="node">
<h1></h1>
<div class="edges">
<div class="left"></div>
<div class="right"></div>
</div>
</div>
