Tᴀᴋᴀɴᴀsʜɪ Hᴏʀᴏ @[email protected]

> We are particularly worried about Intel's mitigation plan being PoC-oriented with a complete lack of security engineering and underlying root cause analysis, with minor variations in PoCs leading to new embargoes [...] leaving the public with a false sense of security.

More Intel CPU vulnerabilities, RIDL-NG or RIDL-TAA. 🎉

This is not a brand new attack, but additional undisclosed vulnerabilities discovered by the original MDS attack researchers. Their embargo is now ended.

Attacks include exploits of TSX Asynchronous Abort, Alignment Faults, and flaws in the original MDS mitigation.

https://mdsattacks.com/#ridl-ng

mastodon要加入真正的收藏（bookmark）了。我已经改favourite的翻译了，会反映到下一个版本。

@nebula_moe 经过讨论，Gargron可能近期会合并书签功能：
https://github.com/tootsuite/mastodon/pull/7107

https://mastodon.social/@Gargron/103126815941704719

One thing we know about people who use #apple #goldemansachs card (or GS card with "Apple" logo on it for brand loyalty) is that no matter their gender, they aren't particularly bright. Easily swayed by brainwash, gullible, insecure...

usb charger final boss
61LDDDsm3oL._AC_SL1000_.jpg

记得 2010 年，方氏防火墙的技术细节还都是众所周知的，大多数技术层面的内容都能在公开的论文和专利中找到。甚至有几个技术网站专门分析、转载墙的最新技术动态和小道消息，连硬件平台是数百台曙光服务器都被推断出来了。有的文章甚至像当小说一样，当年我因此学到了许多网络知识。

到了 2013 年之后就不行了，自引入 VPN 握手的匹配机制开始，之后的实现细节都几乎变成黑盒了——无法解释的连接神秘阻断就是那时候开始的，甚至分不清是网络拥堵还是网络审查。与此同时，Shadowsocks 等十分无聊的对称加密代理工具崛起，它们并没有任何技术亮点，只是冰冷的对称加密全部流量。

也差不多就是在那个时候，那几个技术网站也不活跃，不怎么发布技术信息了。当时因为没文章看还郁闷了许久。

而在 2014 年以后，我们就不再理解它了（虽然也并不是没有重要成果问世，例如 2015 年的 32C2 上对 GFW 探针的分析，以及 2017 年对 GFW 状态机的分析），只有偶尔的传言带来的群体歇斯底里。

不过我猜小道消息还存在，只不过现在都在 Telegram 群组上，圈外人看不见。而当年博客的长篇分析也退化了 IM 上的只言片语了。

Regime that steals the world's #oil accuses #china of "stealing"; what it meant was, it might be >copying< (everyone does that) https://www.washingtonpost.com/business/2019/10/26/trump-administration-considers-blacklisting-chinese-companies-that-repeatedly-steal-us-intellectual-property/

#google will discriminate against sites hosted in poor countries https://www.phoronix.com/scan.php?page=news_item&px=Chrome-Label-Slow-Or-Fast

Computer regression/going backwards: #google to offer ('rent'/lend) #games only to rich people with very fast connections (low latency) https://www.gamingonlinux.com/articles/google-reveal-stadia-will-only-have-12-games-available-at-launch-more-later-in-the-year.15393

"Ren Zhengfei doesn't think 5G is such a big deal."

True. More hype/marketing than actual substance. https://www.lightreading.com/mobile/5g/telcos-need-5g-innovation-but-who-will-pay/d/d-id/755530

@Vamp898 @Miaourt No doubt any large mastodon instance struggles with this, probably mstdn.io and similar. Since even my tiny masto.quad.moe did.

It doesn't matter if only 1% of your users are bad, because they'll hunt out those users and scream 100x as loud about it and publicly shame you for doing nothing wrong, but for simply not agreeing with their political and moderation beliefs.

@Vamp898 @Miaourt The mastodon admin community is cancer as a whole, so anything that doesn't conform to being a safe space is constantly shot down for being full of nazis or edgelords.

No instance is perfect, but based on what I've seen, niu.moe is very far from a bad instance

Diffie & Hellman are truly the heroes ahead of the time. 43 years ago, 1976, at the DES review, they had a entertaining debate with NSA employees.

Martin Hellman said,

* 56/64-bit symmetric crypto is insecure, and chosen to benefit NSA.

* 100-200 bits of security should be secure, but is still vulnerable to attacks by quantum computers.

(Glover & Shor's algo were not discovered until the late 90s! We now know 128-bit is pre-quantum secure, 256-bit is post-quantum secure, Martin was completely correct.)

Happy Halloween!