GNU social JP
  • FAQ
  • Login
GNU social JPは日本のGNU socialサーバーです。
Usage/ToS/admin/test/Pleroma FE
  • Public

    • Public
    • Network
    • Groups
    • Featured
    • Popular
    • People

Notices by Demi Marie Obenour (alwayscurious@infosec.exchange), page 2

  1. Embed this notice
    Demi Marie Obenour (alwayscurious@infosec.exchange)'s status on Monday, 03-Mar-2025 04:49:50 JST Demi Marie Obenour Demi Marie Obenour
    in reply to
    • Rich Felker
    • Colin B.
    • theearthisapringle

    @dalias @swordgeek @theearthisapringle A lot of browser vulnerabilities are JS engine bugs, and those are much harder to mitigate unless one disables JS altogether.

    In conversation about 3 months ago from infosec.exchange permalink
  2. Embed this notice
    Demi Marie Obenour (alwayscurious@infosec.exchange)'s status on Monday, 03-Mar-2025 04:20:37 JST Demi Marie Obenour Demi Marie Obenour
    in reply to
    • Rich Felker
    • Colin B.
    • theearthisapringle

    @dalias @swordgeek @theearthisapringle The problem is the security patch gap. If one diverges too far from upstream then one risks not being able to release security patches in time.

    In conversation about 3 months ago from infosec.exchange permalink
  3. Embed this notice
    Demi Marie Obenour (alwayscurious@infosec.exchange)'s status on Monday, 03-Mar-2025 04:12:20 JST Demi Marie Obenour Demi Marie Obenour
    • Rich Felker
    • Colin B.
    • theearthisapringle

    @swordgeek @theearthisapringle @dalias I’d avoid downstream forks of browsers unless they have a record of pulling updates from upstream within days of upstream updates.

    In conversation about 3 months ago from infosec.exchange permalink
  4. Embed this notice
    Demi Marie Obenour (alwayscurious@infosec.exchange)'s status on Thursday, 27-Feb-2025 08:04:44 JST Demi Marie Obenour Demi Marie Obenour
    in reply to
    • Rich Felker

    @dalias 5 requests per 10 seconds seems like something that a human could easily be hit by accident when looking through commit logs.

    In conversation about 3 months ago from infosec.exchange permalink
  5. Embed this notice
    Demi Marie Obenour (alwayscurious@infosec.exchange)'s status on Friday, 21-Feb-2025 05:23:22 JST Demi Marie Obenour Demi Marie Obenour
    in reply to
    • Rich Felker

    @dalias Are you thinking of specific functionality or just overall priorities?

    In conversation about 3 months ago from infosec.exchange permalink
  6. Embed this notice
    Demi Marie Obenour (alwayscurious@infosec.exchange)'s status on Tuesday, 21-Jan-2025 00:28:22 JST Demi Marie Obenour Demi Marie Obenour
    in reply to
    • Greg K-H
    • 🐧sima🐧
    • Alan Jenkins

    @gregkh @sima @sourcejedi Is this because dev_t was 32 bits back then?

    In conversation about 4 months ago from infosec.exchange permalink
  7. Embed this notice
    Demi Marie Obenour (alwayscurious@infosec.exchange)'s status on Tuesday, 21-Jan-2025 00:27:37 JST Demi Marie Obenour Demi Marie Obenour
    in reply to
    • Greg K-H
    • 🐧sima🐧

    @gregkh @sima The problem is that whether a device should be trusted depends on what slot it is plugged into 😞. Are there systems that do expose slot information? If so, which ones are they, and is there a way for userspace to get it on these systems?

    In conversation about 4 months ago from infosec.exchange permalink
  8. Embed this notice
    Demi Marie Obenour (alwayscurious@infosec.exchange)'s status on Monday, 13-Jan-2025 15:42:13 JST Demi Marie Obenour Demi Marie Obenour
    in reply to
    • Greg K-H
    • 🐧sima🐧
    • Alan Jenkins

    @gregkh @sima @sourcejedi Even if the path is never reused, the device major and minor number can still be reused. Right now I think one needs a custom FUSE filesystem if one wants opening e.g. /dev/disk/by-diskseq/1 to be race-free, and that’s bad.

    In conversation about 5 months ago from infosec.exchange permalink
  9. Embed this notice
    Demi Marie Obenour (alwayscurious@infosec.exchange)'s status on Monday, 13-Jan-2025 15:40:38 JST Demi Marie Obenour Demi Marie Obenour
    in reply to
    • Greg K-H
    • 🐧sima🐧

    @gregkh @sima Some more questions:

    1. Which entry in sysfs correspond to physical (as opposed to logical) topology? Is it the path under /sys/devices?
    2. How can I go from this path to a PCI bus/slot/function?
    3. Will this path change when other cards are added or removed or if the system firmware is updated?
    4. Is there a way for driver probing to be deferred until after userspace can check the device against the actual topology of the machine? That would allow checking if the device that claims to be a serial port in slot X is actually supposed to be a serial port, or if it is a GPU passed through to a VM that the VM compromised and is now pretending to be a serial console. In the latter case the device would never be allowed to be used except for passthrough.
    In conversation about 5 months ago from infosec.exchange permalink
  10. Embed this notice
    Demi Marie Obenour (alwayscurious@infosec.exchange)'s status on Sunday, 12-Jan-2025 18:45:57 JST Demi Marie Obenour Demi Marie Obenour
    in reply to
    • Greg K-H
    • 🐧sima🐧
    • Alan Jenkins

    @gregkh @sima @sourcejedi I really wish that the kernel never reused /dev nodes or major:minor numbers. RIght now, one must do verification after calling open() if one wants to avoid race conditions. Of course, lots of programs do not do that.

    In conversation about 5 months ago from infosec.exchange permalink
  11. Embed this notice
    Demi Marie Obenour (alwayscurious@infosec.exchange)'s status on Sunday, 12-Jan-2025 18:42:33 JST Demi Marie Obenour Demi Marie Obenour
    in reply to
    • Greg K-H
    • 🐧sima🐧

    @sima @gregkh What should one use to get a persistent identifier for PCI devices? Anyone doing PCI device passthrough that persists across reboots needs this.

    In conversation about 5 months ago from infosec.exchange permalink
  12. Embed this notice
    Demi Marie Obenour (alwayscurious@infosec.exchange)'s status on Sunday, 12-Jan-2025 18:42:32 JST Demi Marie Obenour Demi Marie Obenour
    in reply to
    • Greg K-H
    • 🐧sima🐧

    @sima @gregkh What is actually wanted is to be able to detect the physical topology of the system, as determined by what card is plugged into what slot.

    In conversation about 5 months ago from infosec.exchange permalink
  13. Embed this notice
    Demi Marie Obenour (alwayscurious@infosec.exchange)'s status on Tuesday, 05-Sep-2023 19:38:33 JST Demi Marie Obenour Demi Marie Obenour
    in reply to
    • Greg K-H

    @gregkh Are you saying that people who cannot reboot every week should not use Linux?

    That’s a valid position to have, but if it is accurate, it needs to be much more widely known so that embedded systems vendors know not to use Linux for their uptime-critical products.

    In conversation Tuesday, 05-Sep-2023 19:38:33 JST from infosec.exchange permalink
  • After

User actions

    Demi Marie Obenour

    Demi Marie Obenour

    Software developer and security researcher. I work for Invisible Things Lab; opinions my own. Follows are not endorsements.

    Tags
    • (None)

    Following 0

      Followers 0

        Groups 0

          Statistics

          User ID
          167753
          Member since
          5 Sep 2023
          Notices
          33
          Daily average
          0

          Feeds

          • Atom
          • Help
          • About
          • FAQ
          • TOS
          • Privacy
          • Source
          • Version
          • Contact

          GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.

          Creative Commons Attribution 3.0 All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.