🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

A friend of mine, a wonder women in her early 30s got paralyzed upon a sport injury. Still processing it after 10 days. Think about what really matters. Love the loved ones. And don't take life too seriously, people.

Hardware-backed cryptography = Software cryptography running on someone else's hardware.

This is gold.

GenAI: When I get so smart, I will enslave humans. CrowdStrike: Hold my beer.

Also CrowdStrike be like, we have been in the forefront of using AI to catch all the attacks, but we also have also entirely forgot about fundamental security design.

This was a key decision we made at the very beginning of Capsule8: we would not be a kernel module and only use kprobes/uprobes as provided by the Linux kernel so that we could never panic the kernel. Choosing safety from the beginning made us have to work harder, but was right.

Exactly this. If you are not prioritizing a safe development interface for business reasons, fine. But stop saying there wasn't a better technical solution.

What would happen if one pushes out a buggy firmware that would make a chipset not to boot? Brick billions of computers, sending parts to dumpster 👿

On a positive note, we take a break from the LLM/GenAI madness for a day, at least.

If I were crowdstrike, I might have as well started monetizing on ads. Such a waste of opportunity to not show customers some ads while protecting them against other adware.

The Twitter/X AI overlords now recommend me more block chain content because of the crowdstrike outage. Are these things this bad?

Well of course CrowdStrike claims they do the same thing as Capsule8. This is how the industry works. Every time a small company creates an innovation, the big companies claim they already do it, or that are about to release something better. It's not true. This works because

Went to see the Duel Reality by The 7 Fingers. Awed by this thrilling, psychedelic, acrobatic story telling. They are in town till August 4th. Don't miss out.

I am looking for a new home. As I am typing my partner's name on Google calendar, it also suggests that I should add our current landlord to the meeting :) I am guessing this is just because we have had a shared history of exchanging emails. Yeah right, AI apocalypse is near.

With the #GhostWrite CPU vulnerability, all isolation boundaries are broken - sandbox/container/VM can't prevent GhostWrite from writing and reading arbitrary physical memory on affected RISC-V CPUs. Deterministic, fast, and reliable - no side channels. ghostwriteattack.com

Michael wasn't joking when he said fun ideas x.com/misc0110/statu…

I didn't attend Usenix Security this year, but looking at the hardware security papers, only a small number solve real problems. This is unfortunate because I know that students put a lot of efforts into these papers. It looks like the gap between academia-industry is quite big.

[Weekend read] Generalized Power Attacks against Crypto Hardware using Long-Range Deep Learning - elie.net/publication/ge… Thrilled to finally publish our GPAM model and high-quality ECC datasets after years of intense R&D. Compared to existing approaches, the GPAM model

I wrote a piece on SIGARCH blog about the state of hardware and architecture security. "Secure Computer Architecture in the Post-Meltdown World: A Long Road Ahead" sigarch.org/secure-compute…

Follow me on flowyroll.bsky.social