Also worth noting EECploit means rowhammer works even on machines with ECC memory as well. If it has a non-Core series Intel CPU, it's basically vulnerable. This is going to be a real doozy.

To be clear, not only execute from javascript, but execute in a timely manner (46s to discover addresses + a targeted rowhammer attack). This is going to be a real problem.

So, now that someone has found a better version of SPECTRE and Meltdown that you can execute from Javascript, what are we going to do? Source:

@Liam Not until that is the most valuable avenue for them to pursue as a business interest, which means more work for us making people realize how important good security practices are.

Deveyus boosted


I'm a just a dude that makes #web apps using #Angular and #dotnet.

I'm still blazing the trail that is my life and hope I'm also able to make positive impact on peoples lives around me.

Small background in #ElectricalEngineering
and enjoying life in the great state of #Texas, USA.

I have a love for all things #Tech such as #Smartphones, #Software and #IoT. Along with #podcasts and #music. I'm a sucker for #AudioGear as well.

Also, shout out to @Deveyus for introducing me to #Mastodon.

@woland Oh, we KNOW the reason, it was out to get you, after the NSA turned it with bribes of all the hot locks they'd give it access.

@maxeddy Sounds prone to race conditions, I'd setup some form of scheduler for the coughing.

@kornel @leip4Ier Thank you for the very useful and awesome information.

@leip4Ier Yeah, the style the language takes on when writing it has actually been a big barrier for me. Though on the other side, I'll be glad to be out of the versioning and build mess that Go often has too so maybe it's worthwhile for me.

@leip4Ier I use Go mainly as a library language that my work in node/typescript calls into for really expensive stuff, especially high concurrency or remote machines. I have been wondering if it would be worth it to learn to replace it because of this. Most of my gains tend to be in concurrency.

@leip4Ier I haven't tried yet, but I hear concurrency in Rust is as good or better...

@leip4Ier I think it mostly has to do with the fact that concurrency in go, with it's wonderful channel structure makes things amazingly easy, more than anything. :)

@darrenpmeyer Grabbed arcolinux, gonna give the i3 based version a try

Today in technology that amazes me:

The "Popcorn" button on my microwave, does in fact, not burn my popcorn or leave a ton of it unpopped.

Looking to try a relatively minimal but still capable of GUI linux implementation to build out some tooling on, any suggestions?

@sillystring Do you find not having the typical knifepoint annoying at all? I can't imagine living without one!

@gen3sec This is really all I use now, I just don't really care about what's on twitter, the signal to noise is so high as to be worthless to me. I've interacted more on here than I ever did on twitter, and I've not even been here a month!

@ybnormal Nah, you're not crazy. Some of those places even have rather nasty policies on what they do with your information.

@leip4Ier It really hurt, it's one of those great in practice, terrible in execution type things. I've since moved almost completely away from Go for my work, and use Typescript on Node for most things, it's simply faster and more uniformly usable. If I need something that can really crunch I write an external utility in Go, and call it from Typescript. Go in general feels like a whole language of "the rules of optimization".

@x_cli I am from the US, a particularly cheap part of it, that's about 30% more than we make here at minimum wage, which is tight, but livable if you're careful with money. I imagine the cheaper parts of france aren't too far off of here, but your cities that should be about right, I'd imagine?

Show more
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.