fhqghds's comments

fhqghds | 5 years ago | on: Secretive – macOS native app to store SSH keys in the Secure Enclave

Note that GP said -A -- this means the agent gets forwarded, and processes on the malicious server can ask the agent to perform authentication operations.

Touch to auth means the agent (or hardware token) asks the user to to confirm they are expecting an authentication request to come in.

This allows you to forward your agent to a host and have slightly more protection against malicious processes on the host using your key.

fhqghds | 5 years ago | on: Why the US military usually punishes misconduct but police often close ranks

The take away from this should be:

Look how fucking horrible behavior can be when even when the organization has a publicly stated stance of holding members accountable, and occasionally actually does so.

Now imagine the fucking horrible behavior that doesn't even manage to get surfaced in an organization that takes a public stance of not holding members or itself accountable.

The military is far far from perfect. The police still manage to be worse. And that's fucking terrifying.

fhqghds | 5 years ago | on: United States wants HTTPS for all government sites, all the time

short answer: massive amounts of inertia

long answer: there are a lot of reasons...

one is that our network is obscenely open and used in weird ways.

public ips handed out to all the things via dhcp. dynamic hostnames (generated from the dhcp request) on a subdomain of our .gov for all the things. similarly static ips and top level dns records on our .gov are passed out like candy.

the border is heavily firewalled, and all networks are heavily sniffed and monitored, but everyone has a public ip with a .gov hostname. the network users consist of thousands of academics and scientists who use the network in fun an interesting ways, frequently without tls.

changing this culture is likely way more difficult than making config changes on bind and dhcpd

I've slowly learned to stop asking, and just try to keep my sobbing down during calls

fhqghds | 5 years ago | on: United States wants HTTPS for all government sites, all the time

as someone who works on such things at a .gov, this has been in the works for years, and will likely remain in the works for years

the level of push back against it is absolutely epic.

the .gov I work on has even been considering moving most services off of .gov to another tld (such as .us) in order to avoid having to comply...

fhqghds | 5 years ago | on: Japan Captures TOP500 Crown with Arm-Powered Supercomputer

yyyeah... no.

A major part of what makes these machines special is their interconnect. Fujitsu is running a 6D torus interconnect with latencies well in the sub-usecond range. The special sauce is ability of cores to interact with each other with extreme bandwidth at extremely low latencies.

fhqghds | 5 years ago | on: Japan Captures TOP500 Crown with Arm-Powered Supercomputer

Get ready for a surprise then: all those FLOPS are coming from the ARM cores.... This beast has no GPUs:

https://postk-web.r-ccs.riken.jp/spec.html