there's very little engagement here, but I'm not posting on the nazi platform, so here we are

Generative AI is supposed to change the world and what it seems like to me is that they've invented various forms of The Clapper for the computer

What Really Happened With the DDoS Attacks That Took Down X Elon Musk said a “massive cyberattack” disrupted X on Monday and pointed to “IP addresses originating in the Ukraine area” as the source of the attack. Security experts say that's not how it works.

MUSK: A sophisticated cyberattack from Ukraine took out Twitter's servers

REALITY: Twitter's servers were not secured properly and were publicly visible

Great explainer here from @lhn.bsky.social

www.wired.com/story/x-ddos...

GitHub - unikzforce/wormhole: vxlan/unknown unicast flooding technique + eBPF vxlan/unknown unicast flooding technique + eBPF. Contribute to unikzforce/wormhole development by creating an account on GitHub.

VXLAN implementation in eBPF. Not because we couldn't but because we could.

VXLAN is usually something you leave to hardware or the kernel’s networking stack, but eBPF lets you bypass all that, cutting out CPU overhead and making it faster.

github.com/unikzforce/w...

With successful New Glenn flight, Blue Origin may finally be turning the corner “This is the very beginning of the Space Age.”…

Blue Origin has roared into orbit, finally. So what's next for the company everyone wants to see emerge as a viable competitor to SpaceX?

arstechnica.com/features/202...

Donate to Fund Jonathan's Space Report Library Transition, organized by Jonathan McDowell For 35 years I've been sharing information about space exploration w… Jonathan McDowell needs your support for Fund Jonathan's Space Report Library Transition

Well, big news. I am planning to move the Space Library to a new home. And I need some help - in 35 years I've never asked for funding, donations or subscriptions for my Space Report, to keep it independent, but now I need to raise some additional funds.
www.gofundme.com/f/fund-jonat...

I'm excited to announce Stratoshark, a sibling application to Wireshark that lets you capture and analyze process activity and log messages in the same way that Wireshark lets you capture and analyze network packets. You can try it out and learn more at stratoshark.org.

And just like that: TikTok is coming back...

x.com/TikTokPolicy...

OSI model fundamentals: If it can shock you, blind you, or cook you it's layer 1.

NIST BGP security recommendations by @eldomador.bsky.social : https://csrc.nist.gov/pubs/sp/800/189/r1/ipd

Screenshot of the presentation showing how tc-eBPF enforces a packet path dictated by the control plane using segment routing.

I had missed that Tencent discussed how they use #eBPF since 2022 to perform traffic engineering across their WAN at the granularity of containers.

Recording: www.youtube.com/watch?v=bn6D...
Paper: cs.stanford.edu/~keithw/sigc...

"The more you improve OSPF, the more you get IS-IS"
Peter Paluch

GitHub - retis-org/retis: Tracing packets in the Linux networking stack & friends Tracing packets in the Linux networking stack & friends - retis-org/retis

"Tracing (filtered) packets in the Linux networking stack, using eBPF probes and interfacing with control and data paths such as OvS or Netfilter"

Russian space chief says country will fly on space station until 2030 “Space is an area of activity where there is never a 100 percent guaranteed result.”…

The head of Russia's space program seems remarkably reasonable and level headed.

arstechnica.com/space/2024/1...

AMD’s trusted execution environment blown wide open by new BadRAM attack Attack bypasses AMD protection promising security, even when a server is compromised.

Researchers unveiled an attack that completely undermines security assurances AMD makes to customers using one of its most expensive microprocessor product lines in the cloud.

BadRAM takes minutes to bypass SEV-SNP protections that warn when the VM is compromised

arstechnica.com/information-...

In a not-so-subtle signal to regulators, Blue Origin says New Glenn is ready Blue Origin needs to fly the New Glenn rocket to identify where the vehicle has margin.

The new year is nigh, Jeff Bezos is watching to see who is naughty or nice, and the moon beckons. No pressure, Blue.

arstechnica.com/space/2024/1...

My stomach after 40: ‘Cheese is poison now.’

Me: [dunks bread into a wheel of melted brie]

Snowblind: The Invisible Hand of Secret Blizzard

This one's interesting too, from Black Lotus Labs and Microsoft:

Russian group Turla or Secret Blizzard has been hacking *other* hackers--to take over their infrastructure, launch new attacks, and hide their tracks. Appropriate nesting doll imagery:

blog.lumen.com/snowblind-th...

accidentally typed rm -fr and i’m using that now

Signal alone is not enough. If you are an activist, you need a complete self-defense against surveillance. @eff.org has been maintaining these resources for years: ssd.eff.org

GitHub - SRodi/xdp-ddos-protect: This project provides a BPF XDP program to detect and mitigate DDoS attacks targeting a specific endpoint by monitoring unusually high traffic This project provides a BPF XDP program to detect and mitigate DDoS attacks targeting a specific endpoint by monitoring unusually high traffic - SRodi/xdp-ddos-protect

Drop packets from IPs exceeding a throughput threshold with XDP

github.com/SRodi/xdp-dd...

I understand the satisfaction of "deleting" your Twitter account but I would not. Clear it if you desire. All your data there is not under your control and gets you nothing except a flag in one version of the data that says deleted. You need to deprive usage of your username and connected contexts.

10% off? why not smack me with a tire iron while you’re at it

When I'm not doing $WORK, I help the Hachyderm infrastructure team run hachyderm.io, a large Mastodon instance (55k users/11k MAU). Today, we published an analysis of our tech stack to prepare for access and resilience risks from the incoming US government.

community.hachyderm.io/blog/2024/11...

Paste Quest Visit this link to see the note. Giving the URL to anyone allows them to access the note, too.

@tomsharpe.bsky.social wrote a very good, informed and unbiased (as to answer) piece on Yi Peng 3 and the sabotaged cables in Baltic Sea.

pastequest.com?4cc34df5a09b...

Code found online exploits LogoFAIL to install Bootkitty Linux backdoor Unearthed sample likely works against Linux devices from Acer, HP, Fujitsu, and Lenovo.

Code circulating in the wild hijacks the earliest stage boot process of Linux devices by exploiting a year-old UEFI vulnerability known as LogoFAIL when it remains unpatched. The ultimate objective of the exploit is to install a new Linux bootkit named Bootkitty.

arstechnica.com/security/202...

I hadn’t used the other site for 5+ years because the interesting technical community conversations had died and it was full of misogyny and uncharitable replies.

I heard there was something going on but I think my brain just doesn’t work in a social media way anymore.

Maybe that’s good.

having spent the past few days in silicon valley in various gatherings with our AI overlords, governments, & scholars at the forefront of everything AI, I seriously wonder if the AI industry has become too big to fail

Do you have experience implementing passkeys on your org’s website or network? Have you supported passkey use for end users? Have you tested how passkeys sync/work across platforms or on different sites? If so, I’m eager to speak with you. Please DM me on Signal (DanArs.82) or here. Please boost.