Why clone a yubikey when you can simply steal it and leave an identical looking one that just doesn't work and the user is just going to be confused for a bunch of time without realising that someone else has their 2FA token now
Went to get money to pay our cleaner and absent mindedly retrieved my card and put it in my wallet and walked off without actually collecting the money and somehow despite being at 16th and Mission it was still there when I sprinted back 45 seconds later?
My enthusiasm for Fediverse remains massively constrained for one very simple reason: when I click on someone's post I don't see all the replies unless I click a different button, and if I click that one it becomes much more difficult for me to reply to any of the replies, and I am *not* going to reply to anything without checking that I'm not repeating something someone has already said so I simply don't reply
Rust advocates should demonstrate the viability of the language by replacing an entire kernel. One that meets accepted architectural goals. One that is at the core of the free software movement.
What the fuck is SBAT, why did it break your dual-boot setup, it's not strictly my fault but if you need a scapegoat whatever: https://mjg59.dreamwidth.org/70348.html
Microsoft breaking a bunch of dual-boot systems by revoking insecure versions of grub during a standard Windows update is, uh, not great and was not supposed to happen, but it's worth mentioning that systems broken by this were running known insecure bootloaders and anyone running a distro that's actually on top of security updates was unaffected
The promised writeup of how I discovered that the Feeld dating app was protecting private data by doing client-side filtering: https://mjg59.dreamwidth.org/70061.html
(you have an SSH server with a wall time that is not correlated with anything, you have a client, you have a CA that issues SSH certs. You want the server to be able to verify that the cert is fresh, but can't use validity dates because you have a different idea of time. So, server does TPm2_GetTime(), sticks the attestation in the SSH banner, client retrieves that, passes it to the CA, CA puts it in the cert, client gives the cert to the server, server knows cert was issued after that time)
I know it's a running joke that all my problems are solved with a TPM but today I spent a bunch of time working with coworkers trying to figure out a secure way to solve a problem and realised that TPM2_GetTime() solves it perfectly
Former biologist. Actual PhD in genetics. Security at https://aurora.tech, OS security teaching at https://www.ischool.berkeley.edu. Blog: https://mjg59.dreamwidth.org. He/him.