Notices by Hélène (helene@p.helene.moe), page 7
-
Embed this notice
Hélène (helene@p.helene.moe)'s status on Thursday, 22-Sep-2022 02:21:05 JST 
Hélène
@chjara :hehecat: -
Embed this notice
Hélène (helene@p.helene.moe)'s status on Thursday, 22-Sep-2022 01:45:25 JST
Hélène
I recognise that NodeInfo, see you soon -
Embed this notice
Hélène (helene@p.helene.moe)'s status on Thursday, 22-Sep-2022 01:41:17 JST
Hélène
@chjara >bison
:mokouDead: -
Embed this notice
Hollow Cанëк (solidsanek@outerheaven.club)'s status on Wednesday, 21-Sep-2022 08:47:10 JST 
Hollow Cанëк
Do you remember?
The 21st of September
Yep that's right, @schappi 's birthday
Happy birthday schappi :happyday: -
Embed this notice
Hélène (helene@p.helene.moe)'s status on Thursday, 22-Sep-2022 01:20:41 JST
Hélène
@amd64sucks what's up -
Embed this notice
Hélène (helene@p.helene.moe)'s status on Thursday, 22-Sep-2022 01:17:43 JST
Hélène
@xue @Moon @chjara it's very predictable and dependent on power usage etc -
Embed this notice
Hélène (helene@p.helene.moe)'s status on Thursday, 22-Sep-2022 00:12:32 JST
Hélène
@ademan sounds like you should grow more -
Embed this notice
Hélène (helene@p.helene.moe)'s status on Thursday, 22-Sep-2022 00:10:56 JST
Hélène
@jk so true... -
Embed this notice
Hélène (helene@p.helene.moe)'s status on Thursday, 22-Sep-2022 00:09:39 JST
Hélène
@feld @inference @Moon the number of bits for ASLR'ing the address space isn't an issue above a certain amount (like even 20bits) as long as you make it so that access faults aren't recoverable at all -
Embed this notice
Hélène (helene@p.helene.moe)'s status on Wednesday, 21-Sep-2022 23:59:36 JST
Hélène
@kaia @disarray yeah you basically don't own it at all, not even on paper -
Embed this notice
Hélène (helene@p.helene.moe)'s status on Wednesday, 21-Sep-2022 23:58:43 JST
Hélène
@feld @inference @Moon ASLR can help against a handful of exploits and usually requires a way to bypass it (ROPchains basically stop working if the code is ASLR'd, so you need a leak + a way to generate the ROPchain after that leak, which usually implies Turing completeness is needed to do math and prepare the exploit, etc)
fake vtables end up suffering from the same problem, heap funnies become a real pain, UAFs are less powerful on their own, etc...
it's really not a useless mitigation, but it really has to be done right, and it almost never is because there's almost always a range of predictable or statically adressed memory on Unix/Win32 systems; they weren't designed with that in mind from the ground up and they prefer to keep backwards compatibility -
Embed this notice
Hélène (helene@p.helene.moe)'s status on Wednesday, 21-Sep-2022 23:52:16 JST
Hélène
@kaia @disarray njalla basically only is a privacy provider, they are a middleman between you and a few domain registrars, not a registrar themselves
people recommend porkbun in general -
Embed this notice
Hélène (helene@p.helene.moe)'s status on Wednesday, 21-Sep-2022 23:51:07 JST
Hélène
@mergan im on my computer :acat_hysteria: -
Embed this notice
Hélène (helene@p.helene.moe)'s status on Wednesday, 21-Sep-2022 23:48:31 JST
Hélène
@feld @Moon PS5 kexploits are newer FreeBSD iirc but I didn't consider them that wild; but I might just be quite biased from experience with other hardware
though the guy is indeed very good, not surprising from a Project Zero hire after all -
Embed this notice
Hélène (helene@p.helene.moe)'s status on Wednesday, 21-Sep-2022 23:47:14 JST
Hélène
@Moon @feld yeah, it's not good design honestly
you should be spawning with restricted privileges and not descalating, agreed -
Embed this notice
Hélène (helene@p.helene.moe)'s status on Wednesday, 21-Sep-2022 23:42:48 JST
Hélène
@feld @Moon oh i've heard about cheri but never looked into it
most reasons i don't trust freebsd is because of the kind of kernel exploits popping out of it fairly frequently since PS4 release (of course, since it runs FreeBSD) and even a bit before that; as well as the overall attack surface and the kernel design (but then again; what else to expect on monolithic kernels)
i should try looking into it, not that i think OpenBSD design is the best for security anyway (it's still a *nix and a monolithic kernel, after all) but they do tend to have safer practices when it comes to their code; though they indeed do not research or protect on the hardware side of attacks
it is also likely that openbsd is just less looked at, anyway -
Embed this notice
Hélène (helene@p.helene.moe)'s status on Wednesday, 21-Sep-2022 23:36:56 JST
Hélène
@chjara @Moon depends too, if it's seeded based on stuff like a non-grounded wire then i would absolutely not trust it
if it's not radioactive or a chaotic system then software PRNG is basically preferable -
Embed this notice
Hélène (helene@p.helene.moe)'s status on Wednesday, 21-Sep-2022 23:32:38 JST
Hélène
@feld @Moon i wouldn't trust FreeBSD when it comes to security honestly, but it's on a case-by-case basis I'd say
OpenBSD most certainly does it right but the PRNG depends on what you're trying to achieve
using strong digest algorithms and ciphers is almost always a good prng source -
Embed this notice
Hélène (helene@p.helene.moe)'s status on Wednesday, 21-Sep-2022 23:31:10 JST
Hélène
@Moon take it this way: we could say any part of what an address starts with is actually vanity
it doesn't make a difference on the search space, it's just that it differs on generation because you're generating random private keys until you get a public key that satisfies what you're looking for (the vanity parts) which is... basically partial bruteforce on a public key which you don't really know -
Embed this notice
Hélène (helene@p.helene.moe)'s status on Wednesday, 21-Sep-2022 23:28:25 JST
Hélène
@chjara @Moon they actually aren't less secure
All GNU social JP content and data are available under the