logical_person's comments

logical_person | 4 months ago | on: Luau's performance

running multiple game servers in docker is a multi-tenant environment, because docker is not a serious security boundary unless you're applying significant kernel hardening to your kconfig to the tune of grsecurity patches or similar

logical_person | 1 year ago | on: RCE Vulnerability in QBittorrent

it's shocking how low-quality these issues are in a client that is otherwise 1000x more performant than the other options listed in the article

logical_person | 1 year ago | on: Steam games will need to disclose kernel-level anti-cheat on store pages

Prop 65 went great! Let's get a warning out for every game with peer to peer networking while we're at it.

logical_person | 1 year ago | on: LLM and Bug Finding: Insights from a $2M Winning Team in the White House's AIxCC

p2o is pathetically low in comparison to other markets. is your experience limited to legitimate bug bounty programs like that?

logical_person | 1 year ago | on: TPM GPIO fail: How bad OEM firmware ruins Intel TPM security

before the popularity of ARM SoCs that contain everything on-die there were much fewer choices for vertically integrated devices. it's a different segment.

if you look at apple's vertically integrated devices, they chose a cryptography coprocessor that was not on die originally. with a key accessible only by both pieces of silicon's trusted execution environments, rather than the operating system directly, encrypted comms are established in a similar fashion as the TPM2.0 proposal.

logical_person | 1 year ago | on: TPM GPIO fail: How bad OEM firmware ruins Intel TPM security

> encrypted sessions (and/or EK cert verification) without PIN are not much more then obfuscation

this is completely incorrect, encrypted sessions defeat TPM interposers when there is a factory burned-in processor side secret to use. lol at being just "obfuscation" because you can spend $5m to decap and fetch the key then put the processor back into working order for the attack.

that just requires a vertically integrated device instead of a consumer part-swappable PC.

logical_person | 1 year ago | on: Microsoft PlayReady – Complete Client Identity Compromise

do software cracks usually get posted to seclists? this is expected in the design of DRM...

logical_person | 1 year ago | on: A Trivial Llama 3 Jailbreak

> But what this simple experiment demonstrates is that Llama 3 basically can't stop itself from spouting inane and abhorrent text if induced to do so. It lacks the ability to self-reflect, to analyze what it has said as it is saying it. > That seems like a pretty big issue.

what? why? an LLM produces the next tokens based on the preceding tokens. nothing more. even a harvard student is confused about this?

logical_person | 2 years ago | on: Show HN: Open-source, browser-local data exploration using DuckDB-WASM and PRQL

200mb of data is not a large file, and chromium tabs have a memory limit of something ridiculously low so actual large 20-100gb datasets render this useless.

logical_person | 2 years ago | on: Sudo for Windows

you're too kind replying to this

logical_person | 2 years ago | on: Bypassing Bitlocker using a cheap logic analyzer on a Lenovo laptop

authenticated sessions are practically useless on anything but a fully integrated device, because there is no guarantee of the SRK's identity - MITM is still possible.

logical_person | 2 years ago | on: Bypassing Bitlocker using a cheap logic analyzer on a Lenovo laptop

that's still less secure, though. without a TPM you have no guarantee of the underlying state of firmware on the device. this enables a persistent backdoor.

TPM with no PIN is practically bitlocker with no password. A high entropy PIN happens to solve this entire attack.

logical_person | 2 years ago | on: Rarbg Is No More

sorry but this is nonsensical, one site pushed malware so they all do? typical "security" person

logical_person | 3 years ago | on: Ring0VBA – Getting Ring0 Using a Word Document

wrong, loading drivers requires admin.

logical_person | 3 years ago | on: The Trouble with 5G

except the diagram shows several mobile blocks right above 40ghz, so what do you mean?

logical_person | 3 years ago | on: 7-Zip up to 21.07 on Windows allows privilege escalation and command execution

Super problematic that the HN mod team removed these posts by the author. His replies to this thread can likely be used to help ascertain the legitimacy of his claims, despite any rule-breaking they contained - let it be visible to the public.

logical_person | 4 years ago | on: Darktile – GPU rendered terminal emulator designed for tiling window managers

Does anyone know how it performs on termbench? https://github.com/cmuratori/termbench

logical_person | 4 years ago | on: Software Developer Shortage Is Coming

Thanks for the reply! I'm glad you're able to click the link and read the same table, which does not clarify what majors are categorized in these groups. Another user posted a category 11 link, for example, where CIS includes "word processing" degrees, while excluding CE & EE (but still, the table does not claim that their statistics under that grouping are category 11).

Do you work with a lot of software developers with word processing degrees?

logical_person | 4 years ago | on: Software Developer Shortage Is Coming

The reference does not state what other majors are categorized under CIS, unless you've got a link?

logical_person | 4 years ago | on: Software Developer Shortage Is Coming

CIS is not computer science.