Notices by CyberFrog (froge@social.glitched.systems), page 2

@mattly@hachyderm.io many MANY years ago, when I was first getting involved in security and had just started a github account (long since deleted) I got an email from someone who scraped my details from a repo where I did security patches

they offered me a significant amount of money for some relatively simple XSS related bypass methods in the (back then) actively maintained XSS auditor code of chromium

I refused of course, but to this day, I wonder how many millions of people are being exploited because some random person got an email and some money

anyone know some good FOSS #astrophotography software? I want a fancy telescope and camera to take pictures of the sky with tracking, but I also want free software... not sure if I'm going to have to write that myself

@ryanc@infosec.exchange I'm not sure if they've switched to nftables by default yet, they might have, maybe it's worth checking if they have any nftables rules defined or something weird

@ryanc@infosec.exchange if the distro is new and uses nftables, like fedora or something, it might be doing strange things like that 👀

@ryanc@infosec.exchange but also nftables is syntactically very similar, which helps a lot at least lol

@ryanc@infosec.exchange I learned something cursed when researching the transition of these things, which is that the linux kernel can load both iptables and nftables rules at the same time, on the same machine, and nftables rules take precedence but fall back to iptables afterwards

imagine trying to debug a system that you thought was using iptables but actually has a secret nftables rule inserted before iptables even sees the packet.. all the iptables rules would be totally correct, because the filtering happens earlier on 🙃

@dushman@hollow.raccoon.quest 10/10 even has a funny warning lol

@Hyolobrika@social.fbxl.net @dushman@hollow.raccoon.quest you get banned, skill issue tbh

@meso@the.asbestos.cafe @dushman@hollow.raccoon.quest @thegreatape@hollow.raccoon.quest @david@hollow.raccoon.quest yeah the GPUs don't die faster, this is my point, the hardware runs fine, LTT actually spent months of their life and lab equipment to test these things and the hardware works fine even if you abuse it at 100c with 100% load for years

like I am saying it's fine because the effect you're talking about here literally doesn't exist, used GPUs don't die faster, they're fine lol

@dushman@hollow.raccoon.quest @david@hollow.raccoon.quest @thegreatape@hollow.raccoon.quest tbh 98c on a modern desktop is fine, on a laptop that's kinda bad for the... everything else

But on a desktop the chips just thermal throttle super hard and your performance gets a lot worse instead of the CPU breaking, a lot of new intel chips have like 110c thermal limits lol

@dushman@hollow.raccoon.quest @david@hollow.raccoon.quest @thegreatape@hollow.raccoon.quest I am 99% sure having the CPU that hot won't actually degrade it at all, you should go check out analysis of second hand CPUs that have been used for crypto mining at like 100% load at these temperatures for 3+ years straight

the chips literally lose like 1% performance, maybe less, which is within error margins... They're literally built to run at high temps on 100% load for years, chips don't actually degrade from being run this way, they throttle themselves way before that's ever an issue

@patrickcmiller@infosec.exchange pfft sure, they pledge a lot of stuff, I'll care when I see some results for once tbh

@patrickcmiller@infosec.exchange tfw rebranding defense in depth so it sounds cool and has new buzzwords for the marketing team to sell

@soatok@furry.engineer to be fair this happens more than it should, OpenSSL for example ships default fallback code which will do most of their crypto without any constant time instructions... this is a particularly big issue on RISC-V chips, see the below github issue.

IMPORTANT DISCLAIMER: OpenSSL does this due to hardware limitations, not because they feel like doing it, unlike matrix devs ;)

https://github.com/openssl/openssl/issues/20980

@aral@mastodon.ar.al this is why it rubs me the wrong way when people ignore my technical advice

am I basically nobody? yes
am I still offering sound and important advice that experts should listen to? also yes

often when I'm ignored for long enough people begin realizing that despite my lack of status I know what the hell I'm saying still lol

@aral@mastodon.ar.al of course, I just genuinely appreciate the project, it's rare to find cool people who build cool tech that helps with world like this :blobowo:

this is VERY cool tech, shoutout to @aral@mastodon.ar.al for keeping the web (or should I say 'small web') alive with projects like Kitten, a simple and straightforward framework that gets out of your way and lets you build powerful impressive things for each other and the world

https://kitten.small-web.org/

@aral@mastodon.ar.al @jdormansteele2@mastodon.social At the risk of being dragged into a political argument for a passing comment, I do have to point out that perhaps the several other nations with the ability to use nukes, but the restraint to choose not to, are perhaps going to be fine... Besides I was mostly commenting on the idea that the USA alone ended up defeating nazi germany, historically that's not really the case, although they helped they weren't the cause of the loss (talk to your local history buff about why)

@aral@mastodon.ar.al @jdormansteele2@mastodon.social I'm sure the rest of the entire planet and human race will figure it out, this reeks of US exceptionalism lol