@yawning.bsky.social
Screaming into the void.
Hellope!
25.11.2024 16:04 โ ๐ 0 ๐ 0 ๐ฌ 0 ๐ 0Also why is it that, the Keyboard Setup Tool periodically asks me to setup my trackball as a keyboard?
12.11.2024 15:43 โ ๐ 0 ๐ 0 ๐ฌ 0 ๐ 0Why is it that MacOS detects my keyboard as a JIS layout one, but refuses to apply the layout so all the punctuation is in the wrong places, and the only solution is to install a `.keylayout` file? Even Windows lets me select my keyboard layout manually.
msyk.net/macos/winkey...
How do you fuck up AF_UNIX to the point where you can kernel panic from userland, when you steal your OS code from 30+ years of prior work (Not a Rust Bug, but an Apple bug).
github.com/rust-lang/ru...
ไฝๆฐ็จ่ฟใใ
20.09.2024 06:26 โ ๐ 0 ๐ 0 ๐ฌ 0 ๐ 0
In a further sign of Japan's descent into the grim dark cyberpunk future, the Tokyo Govt is now running an AI powered matchmaking service/dating app.
Signing up requires photo ID, proof of income, govt. issued proof of being single, and money.
www.futari-story.metro.tokyo.lg.jp/ai-matching/
And people say that panaceas are a myth.
19.08.2024 10:58 โ ๐ 0 ๐ 0 ๐ฌ 0 ๐ 0Real life has been "interesting" for the last month in a not amazing way, apologies in advance if responses from me are going to be somewhat slower than usual.
19.08.2024 10:54 โ ๐ 2 ๐ 0 ๐ฌ 0 ๐ 0If the TV loicense people are hurting so much for money as the news says, how can they afford to send me junk mail asking me to get a TV loicense.
I do not own a TV or any device capable of receiving broadcast TV. NHK can Fuck Off.
In my defense, I wrote that design and code over 10 years ago.
19.08.2024 10:49 โ ๐ 1 ๐ 0 ๐ฌ 1 ๐ 0Yeahhhhh, I should have done a better design.
19.08.2024 10:47 โ ๐ 1 ๐ 0 ๐ฌ 1 ๐ 0
Abstract. Physical attacks, and among them fault injection attacks, are a significant threat to the security of embedded systems. Among the means of fault injection, laser has the significant advantage of being extremely spatially accurate. Numerous state-of-the-art studies have investigated the use of lasers to inject faults into a target at run-time. However, the high precision of laser fault injection comes with requirements on the knowledge of the implementation and exact execution time of the victim code. The main contribution of this work is the demonstration on experimental basis that it is also possible to perform laser fault injection on an unpowered device. Specifically, we targeted the Flash non-volatile memory of a 32-bit microcontroller. The advantage of this new attack path is that it does not require any synchronisation between the victim and the attacker. We provide an experimental characterization of this phenomenon with a description of the fault model from the physical level up to the software level. Finally, we applied these results to carry out a persistent fault analysis on a 128-bit AES with a particularly realistic attacker model which reinforces the interest of the PFA.
Image showing part 2 of abstract.
Switching Off your Device Does Not Protect Against Fault Attacks (Paul Grandamme, Pierre-Antoine Tissot, Lilian Bossuet, Jean-Max Dutertre, Brice Colombier, Vincent Grosso) ia.cr/2024/1123
10.07.2024 08:37 โ ๐ 4 ๐ 3 ๐ฌ 0 ๐ 0It's kind of impressive that the only package I need to implement Dual_EC_DRBG in Go "securely" is @filippo.abyssdomain.expert 's bigmod package, since the `crypto/ecdh` package exposes just enough for the rest.
nb: I do use `crypto/elliptic` for the scalar-field order, but that can be removed.
I just spent my afternoon trying to figure out how to use HTTP over AF_UNIX in Rust, and ran into a giant tire fire.
My brain lacks wrinkles for Rust and it's ecosystem.
ps: Thanks to comments in a still-open bug in reqwest from 2017, I think I figured it out at least.
Package dual_ec_drbg implements the NIST SP 800-90A Rev 1 Dual_EC_DRBG algorithm (also specified in ISO/IEC 18031:2005).
Time to find out how much MS uses Github repos for training Copilot, and how many people blindly copy-paste code for things that they shouldn't.
08.07.2024 10:27 โ ๐ 2 ๐ 0 ๐ฌ 0 ๐ 0Bonus points for "the upstream project in question is pointing at a rather old commit", and I updated the dependency import approximately 11 months ago, so there is nothing for me to fix.
03.07.2024 03:56 โ ๐ 0 ๐ 0 ๐ฌ 0 ๐ 0Neat.
03.07.2024 03:35 โ ๐ 0 ๐ 0 ๐ฌ 0 ๐ 0Sending me a profanity laced tirade about how your software broke because a downstream dependency of something I maintain moved it's repo, is not an effective way to motivate me to help you.
03.07.2024 03:26 โ ๐ 0 ๐ 0 ๐ฌ 2 ๐ 0
www.bbc.com/news/article...
10k -> 13k SHU is enough to prompt a Govt. initiated recall? WTF.
Amen to fiat-crypto + complete formulas.
03.06.2024 13:14 โ ๐ 2 ๐ 0 ๐ฌ 0 ๐ 0Well damn, the era of compiler-introduced timing side-channels is here.
In the Kyber reference implementation, Clang notices a bitmask is just selecting between zero and a constant and turns it into an if.
Very happy the Go compiler is not that smart right now.
groups.google.com/a/list.nist....
An old friend noted that there is a distinct feeling of "I just lost a SAN point". Not only is that true, but lately I'm experiencing that a lot more than I should.
27.05.2024 13:54 โ ๐ 0 ๐ 0 ๐ฌ 0 ๐ 0As an addendum, as far as personal (non-employer) projects go, Rust has been the safest language I have used because I rage-quit and delete everything due to friction before my code gets far enough to have bugs.
22.05.2024 14:03 โ ๐ 1 ๐ 0 ๐ฌ 0 ๐ 0I feel like writing Go full-time for a decade has made me less capable of using difficult languages, but I like it this way - I can focus on what I'm trying to achieve instead.
22.05.2024 08:08 โ ๐ 9 ๐ 2 ๐ฌ 1 ๐ 0I'm spoiled by the Go stdlib, the concurrency model, and errors just being `error` rather than something that each crate defines.
Oddly I don't have nearly as many issues with C99/C++11.
Also, is there a pragma or something in crab-lang that does the equivalent of wrapping the entire file in an unsafe block?
Asking for a friend.
After using Go for things that require concurrency and networking, dealing with async, tokio and hyper makes me seriously question my life decisions, and want to consume various mind altering substances in large quantities.
22.05.2024 06:32 โ ๐ 3 ๐ 0 ๐ฌ 2 ๐ 0If I ever design a programming language, my benchmark for success will be "pervasive enough that my terrible design decisions lead to dedicated silicon workarounds for performance reasons".
developer.arm.com/documentatio...
