fsebugoutzone.org:9999

       Posts by taviso@social.sdf.org
 (DIR) Post #AQyHF1bhEUGIgIP5Hs by taviso@social.sdf.org
       2022-12-25T15:45:39Z
       
       1 likes, 1 repeats
       
       A few people have asked me about the #LastPass incident. I don&#39;t really have anything new to add but stand by this article I wrote a few years ago!https://lock.cmpxchg8b.com/passmgrs.html
       
 (DIR) Post #ASqmPut1qwQSPlxEie by taviso@social.sdf.org
       2023-02-19T21:46:09Z
       
       0 likes, 0 repeats
       
       @corsac @mjg59 Yeah, strong disagree that SMS-2FA is better than no 2FA at al...but there is a cheap and easy solution to credential stuffing that is! Unique Passwords make credential stuffing literally impossible, and it works on every service, not just a few! It&#39;s also free, and doesn&#39;t require a cellphone subscription!
       
 (DIR) Post #ASqmYyahRvh8VfhXAu by taviso@social.sdf.org
       2023-02-19T21:49:31Z
       
       0 likes, 0 repeats
       
       @mjg59 @corsac It&#39;s an optional enhancement, you can use paper and pencil if you prefer, or any method of information storage and retrieval that works for you!
       
 (DIR) Post #ASqnDRJ46ZOP9XkNWa by taviso@social.sdf.org
       2023-02-19T21:56:49Z
       
       0 likes, 0 repeats
       
       @mjg59 @corsac You believe there are people who can manually copy a TOTP code from their phone to a website, but won&#39;t copy a password from their phone to a website? Is your concern the complexity? Even low-complexity unique passwords (~8 alnum) are a significant upgrade over password reuse!
       
 (DIR) Post #ASqnhSoH518AVFf52e by taviso@social.sdf.org
       2023-02-19T22:02:16Z
       
       0 likes, 0 repeats
       
       @mjg59 @corsac Yeah, it probably would be for strong passwords! If you won&#39;t use a tool to help and insist on manual copying from your phone, we can optimize for that to make it just as simple as copying a SMS 2FA code. Low complexity unique passwords are easy to copy, and still a significant upgrade. We can even use bubble babble or similar algorithm to optimize readability!
       
 (DIR) Post #ASyZgIH2vFrRRXLYTg by taviso@social.sdf.org
       2023-02-23T15:57:37Z
       
       0 likes, 2 repeats
       
       I couldn&#39;t understand why AVX registers were randomly going back in time on Ryzen, turns out it&#39;s a known CPU errata 😬https://lkml.org/lkml/2023/2/22/33
       
 (DIR) Post #ASywSyiOd1o5xnl85o by taviso@social.sdf.org
       2023-02-23T20:17:18Z
       
       0 likes, 0 repeats
       
       @lanodan Sounds like it might be vulnerable, maybe gentoo already has the most recent microcode?
       
 (DIR) Post #ASyx9RdTUbLvp0hsTQ by taviso@social.sdf.org
       2023-02-23T20:25:14Z
       
       1 likes, 0 repeats
       
       @lanodan Yeah, although they tend to be very secretive with details, like &quot;under unspecified complex conditions unspecified errors can occur&quot; 😂 It&#39;s very rare we actually get to see a repro!
       
 (DIR) Post #AZF29mghERoQOoaZzk by taviso@social.sdf.org
       2023-08-30T01:45:05Z
       
       2 likes, 0 repeats
       
       I love this thing, it&#39;s a Timex m851 from 2003. It has 2kb RAM, 42x11 dot matrix &quot;main&quot; display and an S1C88 8-bit CPU. It uses so little power that a battery lasts 3 *years*?! ⏰There&#39;s a full toolchain available: assembler, linker, c compiler and debugger. There&#39;s even a simulator! #retrocomputing
       
 (DIR) Post #AZF29pKTPWooalDNGy by taviso@social.sdf.org
       2023-08-30T01:47:01Z
       
       1 likes, 0 repeats
       
       It is very satisfying just typing make and getting a binary I can upload to my watch 😎
       
 (DIR) Post #AZF8X7buCuzHfvrM0W by taviso@social.sdf.org
       2023-08-30T03:00:12Z
       
       1 likes, 0 repeats
       
       @lcamtuf 4Mhz in low power mode, but you can switch to a 8Mhz &quot;high speed&quot;  mode in software!
       
 (DIR) Post #AaLLgCM7hslHkLPIDA by taviso@social.sdf.org
       2023-10-02T00:49:49Z
       
       0 likes, 0 repeats
       
       @SDF really wish I could be there!
       
 (DIR) Post #AbnwbnYUVTVqYdZPvs by taviso@social.sdf.org
       2023-11-14T17:47:30Z
       
       0 likes, 3 repeats
       
       New write-up on an Intel Ice Lake CPU vulnerability, we can effectively corrupt the RoB with redundant prefixes! 🔥 An updated microcode is available today for all affected products, cloud providers should patch ASAP.https://lock.cmpxchg8b.com/reptar.html
       
 (DIR) Post #Arkt1EQyJR1fXK2jQm by taviso@social.sdf.org
       2025-03-05T17:10:55Z
       
       13 likes, 16 repeats
       
       You can now jailbreak your AMD CPU! 🔥We&#39;ve just released a full microcode toolchain, with source code and tutorials. https://bughunters.google.com/blog/5424842357473280/zen-and-the-art-of-microcode-hacking
       
 (DIR) Post #Arkt1IlgCNy0yhlKGO by taviso@social.sdf.org
       2025-03-05T17:18:45Z
       
       0 likes, 0 repeats
       
       The code and tutorials are here if the link doesn&#39;t work! 😒https://github.com/google/security-research/blob/master/pocs/cpus/entrysign/zentool/docs/intro.md
       
 (DIR) Post #AxLoyEV7EF5gvxv5H6 by taviso@social.sdf.org
       2025-08-20T00:50:35Z
       
       0 likes, 0 repeats
       
       I&#39;m probably the only person in the world excited about this! 😂  It&#39;s a boxed set of manuals for Lotus 1-2-3 for UNIX! I&#39;ll try to get them digitized and archived. #retrocomputing