duk

@[email protected]
49 Followers
71 Following
663 Posts
computer stuff - mostly cybersecurity & compilers

-mllvm -trap-unreachable evangelist
GitHubhttps://github.com/duk-37
duk4d ago
Eric Lengyel4d ago
New blog post: A Decade of Slug
This talks about the evolution of the Slug font rendering algorithm, and it includes an exciting announcement: The patent has been dedicated to the public domain.
https://terathon.com/blog/decade-slug.html
duk6d ago
Show threadKevin BeaumontMar 11

So @xaitax has cracked Microsoft Recall, he's got access to the encrypted database and has automated dumping of screenshots and all text from screenshots.

I've looked at most recent Recall and yep, you can just read the database as a user process. The database also contains all manner of fields which aren't publicly disclosed for tracking the user's activity.

No AV or EDR alerts triggered, world's #1 in infostealer 😅

* you can just read it in plain text

dukMar 10
AddisonMar 10
I encourage you to look at the responses here. GOS folks do tend to flounder when responding a bit, but many of the threads demanding "action" or "response" here seem to focus on undercutting the legitimate concerns of GOS by repeatedly bringing up topics that attack the legitimacy of GOS in general (e.g., previous interactions with other developers). This is a theme on threads of theirs -- GOS brings up legitimate concern, people come in to concernbait about specific topics to make GOS folks look fixated on drama rather than the actual security claims of GOS (due to, admittedly, poor social media practices on GOS's part; it would almost be better if they just didn't engage with this concernbait). Also, people advertising their own solutions and platforms seemingly unrelated to the post at hand.

I'm not a particularly conspiratorial person, but I must point out that this looks like consistent delegitimizing campaigning, specifically designed to take advantage of how GOS interacts on social media.

RE: https://grapheneos.social/users/GrapheneOS/statuses/116200110686604617
dukMar 2
Zhuowei ZhangMar 1
Who called it "prompt injection" and not "Escape from Markov"
dukFeb 28
Andy WingoFeb 27
five syllable horror stories
dukFeb 8
had a thought and was happy (albeit not surprised) to be correct: the FDA does, in fact, have legal definitions for what the words "excellent" or "good" mean in relation to nutrition content

https://www.ecfr.gov/current/title-21/chapter-I/subchapter-B/part-101/subpart-D/section-101.54
Federal Register :: Request Access

dukFeb 7
Show threadAddisonFeb 7
And, irony of ironies, an AI-generated summary and review of this post has cropped up: https://www.letsdatascience.com/news/security-researchers-question-generative-ai-vulnerability-cl-92a2dfd6

awesome, cool, really contributing to the discussion
dukFeb 6
Show threadMatthew GarrettFeb 6
It doesn't matter whether C is good or not. It matters that if I write code in two languages that aren't C, and I want it to all be part of the same process, I need to care about C. C pervades all. You cannot escape it. C will outlive all of us. The language will die and the ABI will persist. The far future will involve students learning about C just to explain their present day. Our robot overlords will use null terminated strings. C will outlive fungi.
dukFeb 5
benjojoFeb 5
I present: The HSM alignment chart
dukJan 18
Aled;cdJan 17

Its a well known fact that the 4 CPU architectures are x86-64, aarch64, riscv64, and s390x

Nobody has ever actually directly observed s390x but, like dark matter, we can infer its existence through compiler support