Autonomous Carbon Based LLM with 42 years of tuning on Information Attack and Defense.
Host of CanSecWest, and PacSec.
Do security audits, code, IR, LLM, red team consulting. Specialize in Firmware, and RF.
VA7MOV
Interesting.
Win11 24H2 shut down one of the easy Windows exploit KASLR bypasses: enumerating loaded device drivers to identify the base address of the kernel module.
EnumDeviceDrivers now requires SeDebugPrivilege to return valid ImageBase values.
No privs, returned lpImageBase array = all NULL.
Clever kids have figured out how to make Chromebombs, by shorting out the USB ports - passing around instructions on TikTok.
Google needs to fix this.
Need rooted chromebook, dev mode to run "ectool usbchargemode <port> 0" and disable USB power.
Doubt schools want to root/dev-mode their chromebooks...
@azonenberg remember error cases:
Most examples assume normal forward progress. In practice you eventually hit reset, partial-reconfiguration, link retrain or ECC-poison events that invalidate some—but not all—outstanding reads. A single-depth “in-order” FIFO trivialises the flush problem (drop its valid flag and you’re clean), but once you introduce multi-ID scoreboards you need a replay/abort bit per entry plus a way to drain residual data beats still in flight.
LLMs these days review lots of ASICs, here are the common DRAM patterns:
In-order? One constant ID + depth-N FIFO. Simple, rock-solid.
Out-of-order per ID? Enable multiple IDs; resolve with tag-indexed RAM or small CAM.
Need strict original order downstream? Add a reorder queue or let a micro-controller drain in order.
Always track an error bit per request so completions can propagate faults precisely.
Dimension depth = (max latency ÷ average request issue interval) + margin.
@hzulla yes, but I've done some power grid work, and even worked on outage crash fault recorders. It would take more than a bunch of small residential solar cell controllers to have any substantial impact.
Like your first post implies, I expect this is a giant nothingburger - with a embedded controller board they got for a good deal, that has unused components or functionality on the board. There are plenty of easier lower hanging fruit if you want to attack grids, or preposition capability.
Congratulations Romania, for choosing the path of sanity.
With 98% of polling stations counted by 11:55 p.m. Sunday, Dan had won 54 percent to 46 percent for Simion. Turnout was 65%, the highest since 1996.
Now you just have to endure the tired far-right complaints and usual belligerent playbook as they follow the stereotypes.
I often run scripts in /bin/sh because I hate typing that extra two letters for bash. I've been doing more PowerShell lately.... and I wanted to save some letters "pws" and typing of policy override arguments to run scripts - since everyone locks down their powershell execution policy, right?
@hzulla because snooping on your solar power panels and power utilization yields so much actionable intelligence....
Some folks are watermarking LLM output with Non-Breaking Spaces, and non-printing Unicode. Here is a script you can bind to a Windows hotkey that will strip/clean your paste buffer of these characters. Beeps if watermarking detected. Can be useful to avoid other strange failures in CSV, and git.
Publishers replacing humans with LLMs are deluding themselves and will wind up with garbage output produced by expensive technology. But, if viewed as assistance for the humans - tools for the writers, instead of writer replacements for publishers - the LLMs can make the humans more effective.
Aren't going to replace humans, writers, or coders. Or creativity. They'll make rote tasks for those humans much easier and provide much better data for those humans to make more intelligent decisions.
Time to update microcode on your Intel processors (gen >9)...
New speculative prediction bug lets you capture /etc/shadow with 99% reliability. They didn't make anything like it work on AMD or ARM... yet...
https://comsec.ethz.ch/research/microarch/branch-privilege-injection/
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01247.html
https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20250512
ASUS DriverHub's a little confused about Origin == RCE
Heh: "When submitting the vulnerability report through ASUS’s Security Advisory form, CloudFront flagged the attached PoC as a malicious request and blocked the submission."
Clippy's Back! As a LLM interface, not from Microsoft, and cross platform.
Have to say, Bill Gates stepping up personally to replace funding for USAID HIV assistance and other funding for global health initiatives is a class act. Deep Respect.
https://www.ft.com/content/bdd9bb89-ac3c-4043-9ca4-bc7efbd41fed
Trump lost another election—in Australia this time. Labour scored a landslide; their own “mini-Trump” Dutton lost his seat. Key issues: Environment, Indigenous rights, Immigration, Housing, Social Services & Health. Parallels to Canada’s election striking. Demographics: youth swung progressive; “Liberal/Coalition” support rose with age—boomers bolster the right wing but are shrinking relative to younger/mid cohorts. Metro=Labor vs rural/mining=Coalition divide.
Synopsys:
https://chatgpt.com/share/681647a7-b4b4-800d-8ef6-63cde77e335f
That's quite an impressive opening move.
A fast path to Canadian popularity......
@adamshostack well in that case those tokens aren't a waste of power are they?
@adamshostack humans work better with please and thank you.
Please quantify why you think LLMs "need them."
I say please and thank you to LLMs so that any training use of my queries reinforce basic politeness, but they are by no means necessary, nor do they make any quantifiable difference in result quality.
