CUB3D

@[email protected]
20 Followers
111 Following
56 Posts
Show threadCUB3D5d ago
@whitequark On Shannon specifically: NX is enabled, it has stack cookies and they started enabling some LLVM sanitizers. No CFI/PAC/ASLR. Slightly better than other modems, but whether their custom RTOS actually implements any of it *correctly* is anyone's guess.
CUB3DMar 9
EMF ticket acquired
CUB3DFeb 27
Alex RussellFeb 27

If you are in the UK, I'd like to beg 5-10 minutes of your time to file comment with the Competition and Markets Authority (CMA) about the proposed (toothless) "Interoperability Commitments" from Apple and Google.

These are dramatically weaker guidelines than even the EU's DMA, and Apple (particularly) has been utterly contemptuous there, ducking compliance for more than a year. Why is the UK rewarding scofflaw behaviour over these predatory practices?

https://open-web-advocacy.org/blog/apples-interoperability-commitments-to-the-uk-cma-promise-nothing/

/cc @pluralistic

Apple’s Interoperability Commitments to the UK’s CMA Promise Nothing - Open Web Advocacy

Open Web Advocacy
CUB3DFeb 25
Aled;cdFeb 25
I think there's someone at TI who's whole job is to come up with new and fucked up ways to involve a windows executable in any given download
CUB3DFeb 25

Decided to try and reproduce the bugs from this talk[0] to try and figure out some spooky undocumented QDSP6 instructions my decompiler was running into. Now either I've got a fundamental misunderstanding, or their PoC as given doesn't work the way they claim it should. 😕

Anyone know of any public Qualcomm PoCs that /do/ work?

[0] https://youtu.be/KxdfX9NxfA4

Xiling Gong - Exploiting Qualcomm WLAN and Modem Over the Air - DEF CON 27 Conference

YouTube
CUB3DJan 24
Sven Slootweg, low-spoons mode ("still kinky and horny anyway")Jan 24

An uncomfortable number of my software projects are driven by one very specific phenomenon: I try to help people work with some piece of FOSS software they keep having trouble with, and I increasingly realize that the maintainers have so little interest in improving the reliability of the software, even despite literally offering to do the work for them, that my time is better spent building a replacement for it that does work reliably than to keep throwing time and energy at the same reoccurring problems for a decade without ever having any hope of them getting fixed.

It has escalated to "making a Linux distro" by this point.

CUB3DDec 31
Show threadKevin BeaumontDec 30

MongoDB have a blog out about #MongoBleed

Notably:

- Internal find at MongoDB

- they notified customers of the issue and patch availability on December 23rd

- A security vendor published technical details on December 24th, Christmas Eve

- Somebody at Elastic, a direct competitor, published an exploit with full secret extraction feature on December 25th, Christmas Day

That was an impossible situation for orgs - the security industry poured fire on them and set their own customers on fire.

CUB3DDec 11
Show threadHoshino Lina (星乃リナ) 🩵 3D Yuri Wedding 2026!!!Dec 11

@nyan_satan @amarioguy It's a complete, fully functional, certified Vulkan 1.4 and OpenGL4.6 conformant driver across 5 different chips and 2 different firmware versions. Which is used by almost 100000 people and has never oopsed in production. And I single handedly wrote all of it myself, which is unheard of for kernel GPU drivers.

But thank you for your comment 🤷‍♀️

CUB3DNov 21
lnlNov 21
Happy auxiliary compressor day, to those who celebrate. 🥳
CUB3DNov 19
q3k Nov 19

Throwback to my 2014 'centrifuge' that I built at @hswaw .

The brick is a critical part.