Renaissance man. Dad. Pirate. I dreamt I was a Big10 CISO once.
@Viss Wait- if I'm understanding this correctly, if this FTC provision stands, it is either unconstitutional, as supported by the (compromised) Supreme Court Citzen's United ruling (paraphrasing all mine: "money is speech, and cannot be limited by the fed"). I like it because I think it totally cannot coexist with Citizen United, and I'd give them this if that trash-ass decision were reversed.
Probably good to ping actual knowledgable attorney to weigh in on my ramblings lol. Ken? @Popehat
@dfjkl it was! The pins in the hardware interface turned out to be fine, it had just filled up over time with spuzz, which then made it hard to connect. Well, and then after I used it for a while the battery died. It still sits in the dock cranking music in my garage.
Whee! I removed all my shit from the cloud and finished last year :) <--- this is the new version of superiority complex equal to "I don't watch TV" but today I will be that guy lol
@jmjm yeahp.
@cR0w well it didn't mention a race condition, but I kind of smell one. So let's go with that.
I am still nowhere, really. But maybe I get somewhere with this approach, heh.
Target: Find, pick or detect target processes with known optimized-for-power10-executable running.
Exploit: We will also be optimized for power10, whee! Build with "-mcpu=power10"
Approach: (not sure this is 100%, but this is what I'll try 1st)
We need to keep tickling v20-v31 to see if we can overwrite something useful, or read an input value from other processes using these registers
Spam/fuzz calls to strcmp. Try string values that are pointers to memory locations you control.
Put interesting instructions there.
Check for segfault/crash or flow hijack in target process.
Check also to see if our strcmp calls throw ??? unrecognized values on the heap- could be leaking stuff?
Refine and repeat.
Revised list of things I am now staring at
Power10 technology exploitation (IBM's article, not mine lolol)
https://www.ibm.com/docs/en/openxl-c-and-cpp-aix/17.1.1?topic=guide-power10-technology-exploitation
Power10 Performance Best Practices
https://www.ibm.com/support/pages/system/files/inline-files/power10_performance_best_practices.pdf
Matrix Multiply Accelerate built-in functions
https://www.ibm.com/docs/en/openxl-c-and-cpp-lop/17.1.1?topic=functions-matrix-multiply-accelerate-built-in
@spaf For sure! Once they start to eat their own, the entertainment value sure picks up.
@cR0w Oooh nice. Still trying to understand the possibilities here. Leaking input strings sounds useful. This is part of their new "Matrix Multiply" MMA hotness. Nose down, staring intently at "__builtin_vsx_stxvp" https://www.ibm.com/docs/en/openxl-c-and-cpp-lop/17.1.1?topic=access-builtin-vsx-stxvp
Emojis! I miss ascii. I am probably too old for this :hacker_s: :hacker_h: :hacker_i: :hacker_t: :hacker_s: :hacker_h: :hacker_o: :hacker_w:
The DoD Cyber Crime Center DoD DIB Collaborative Information Sharing Environment program just sent me a notice that they are cancelling their collaboration efforts(with higher ed, at least?) and tossing all applications in the bin.
"Due to recent changes in strategic priorities within the Department of Defense, DC3 will no longer offer the Cyber Resilience Assessment (CRA) or Adversary Emulation Test (AET) services."
"Strategic priorities" being what? Pete Hegseth's cringe bullshit? What a joke. This was their attempt at reaching out to address problems with research CUI.
Everything commercial is (and has been for the last 30 years) set up as a pretext to lure people in and get their data. Once they have what they want, and you no longer have control of any of it, well, game over, right?
All of the sudden your information is commoditized; whether sold, breached, taken by AI for "training", repackaged, recombinated, redistributed.
2 solutions, one is lol and familiar to us as always:
1) don't participate, be a luddite, absorb the weird stares from everyone witnessing your recalcitrance. Guard your shit. 50% of the societal things you encounter will not work out for you, but you will be safe, at least from the things that don't just gather data on you latently. Maybe move into the desert, since it'll feel that way anyway. I like the desert.
2) Misinformation will poison everything and make what's been gathered worthless. Really rooting for this one. AI ouroboros FTW
What else?
Archimedes and me are so down.
Sayonara shop truck, hello iron block 59 Chevy LS build. Also, hooray for my 4' breaker bar.
@krypt3ia These fools did to us once. We see it coming this time. Unfortunately we have enough experience to guess intelligently that fascism will be the logical end state for all social media done "at scale".
So either a) they don't wish to acknowledge this or b) they are so full of themselves that they think they can control it "this time" or c) they and their shareholders secretly love it because "ooooh the controversy and tension alone make us so much $$$$"
In any case, fuck them.
@chillybot I like rocks. Little geological wonders, each an intensely local and detailed record of the history that formed them. I fill my pockets sometimes.
Put her up before COVID. Visited her for the first time in a long while yesterday. Should get her out of mothballs and road-ready. It's been a long time since we've rock and rolled.
@rridley @jack_daniel
Another vote for Porkbun. I ditched Gandi in favor of them last year
Wisdom from a dream I had: My best friend from back home, since passed, looking pretty happy in his kayak with his obligatory big ole cigar. He explained to me that sometimes a hat can be a bucket, and sometimes a bucket can be a hat. That's some deep shit, John. Deep.
"Successful candidates should have a Ph.D. in Cybersecurity, Computer Science, or a closely related field" lol.
They should also demand that everyone address them as "doctor", one hand shoved into their blouse like napoleon as they hoist a pinky up to the corner of their upturned lip.
the fuck outta here with that.
