This article is probably not correct. The actual behavior is documented [1]: > BitLocker hashes the user-specified personal identification number (PIN) by using SHA-256, and the first 160 bits of the hash are used as…
That is complete nonsense and not how switched networks work.
Is this LLM slop? One cannot truncate RSA signatures and still check them. The sample hook code is nonsense, it lacks an address to hook (and would break Enigma‘s self-checks). The sentence structure and all lower-case…
That's including the enterprise premium for software, hardware support, and licenses. Building this in-house using open source software (e.g. Ceph) on OEM hardware will be cheaper by an order of magnitude. You of course…
I would welcome if this global legislative push would end up in a more open app ecosystem for iOS overall. BrowserEngineKit is a thin wrapper over XPC and iOS' extension system. The system would be so much better to…
You can update SEP firmware, but only by providing your PIN. This is why iOS prompts for you PIN again before updating. This still effectively prevents Apple from adding backdoor to be installed on phones the user can…
They might just as well send any other .reg file that runs a program (e.g. by creating an autoboot entry, COM server, service, ...) that bricks devices.
Apple unfortunately declared XPC to be a private API on iOS, whereas on macOS it is the foundation for sandboxing custom services. I found no way to sandbox things beyond the sandboxes provided by iOS extension points…
Not storing raw HTML might be a last resort to avoid these kinds of bugs in other software, but a good amount of things need to go wrong for them to happen in the first place. The issue is that your data is rendered…
SysCfg with serial number etc has been on a separate NOR chip for quite some time [1]. I wouldn't be surprised if Apple allowed DFU restore to initialize a blank flash as mere optimization in the production process. [1]…
Sure, there are solutions presented in the installation guide [1]. It usually involves using the cloud or virtualization platform's out of band channel, which Talos all supports, to securely provision a config on first…
The linked msdos source code on GitHub has since been rewritten by Apple /again/ [1], so the article is a bit out of date. This happened 3 months ago, and it now plugs into a private framework named FSKit. I did not…
I was about to send a rational response to explain how furries are just a bunch of LGBTQ folks (though maybe we met different ones), but then I briefly looked at your HN comments history and decided not to. I hope that…
Hi Gigachad! Is there a policy on using portrait photos of oneself at your company? Then the profile photos should indeed be changed, because they're not photos of oneself, but drawings of cartoonish animals. Otherwise…
This is unfortunate. The writing was on the wall already with vSphere+, but I can't really commit to a subscription for VM infrastructure. Broadcom would be able to hold the whole company hostage with price increases.…
We've moved to plain markdown in Git(Lab) as Confluence replacement. A CI pipeline compiles it to HTML and hosts it on the web via Material for MkDocs. It lacks most collaboration options for non-developer users, but we…
Using Atlassian cloud products is a business risk. They previously let customers sit for weeks without access to their data [1]. Cloud-hosted products do get early patches for unsecured /setup routes though [2], so…
The PostgresBuild 2021 slides of OrioleDB [1] (also linked in the GitHub project's readme) mention that there is a 1K LoC patch that adds features to the extension interface. I guess the patch is larger by now in 2023.…
Author of parent comment here: Interesting insight! I love (and somewhat miss) this industry because the game of cat and mice is never over.
Oldest trick in the book, good luck faking the PE signature to match the vendor's certificate ;-) (Jokes aside, the kernel does not provide any information about which application reads a canary page. It's best to just…
Previous discussion: https://news.ycombinator.com/item?id=34909218
(Wrote anti-cheat software in the past.) There are multiple ways to detect this. Hardware breakpoints were already mentioned, but they only work per thread, so if one is sniffing on your memory from another process or…
Just, uh... don't have a custom cross-platform scrollarea? This is a feature the browser provides already. Your page is perfectly usable by just removing `overflow: hidden scroll;` of…
This is great! I hope that this project enables those many FUSE-related applications to return to Homebrew since an open-source FUSE provider is now available again. I am curious though why a NFSv4 server was chosen…
tl;dr this adds a clause to forbid reserve engineering and bypassing "technical limitations" > You agree that you will not work around any technical limitations in the software provided to you as part of the Services,…
This article is probably not correct. The actual behavior is documented [1]: > BitLocker hashes the user-specified personal identification number (PIN) by using SHA-256, and the first 160 bits of the hash are used as…
That is complete nonsense and not how switched networks work.
Is this LLM slop? One cannot truncate RSA signatures and still check them. The sample hook code is nonsense, it lacks an address to hook (and would break Enigma‘s self-checks). The sentence structure and all lower-case…
That's including the enterprise premium for software, hardware support, and licenses. Building this in-house using open source software (e.g. Ceph) on OEM hardware will be cheaper by an order of magnitude. You of course…
I would welcome if this global legislative push would end up in a more open app ecosystem for iOS overall. BrowserEngineKit is a thin wrapper over XPC and iOS' extension system. The system would be so much better to…
You can update SEP firmware, but only by providing your PIN. This is why iOS prompts for you PIN again before updating. This still effectively prevents Apple from adding backdoor to be installed on phones the user can…
They might just as well send any other .reg file that runs a program (e.g. by creating an autoboot entry, COM server, service, ...) that bricks devices.
Apple unfortunately declared XPC to be a private API on iOS, whereas on macOS it is the foundation for sandboxing custom services. I found no way to sandbox things beyond the sandboxes provided by iOS extension points…
Not storing raw HTML might be a last resort to avoid these kinds of bugs in other software, but a good amount of things need to go wrong for them to happen in the first place. The issue is that your data is rendered…
SysCfg with serial number etc has been on a separate NOR chip for quite some time [1]. I wouldn't be surprised if Apple allowed DFU restore to initialize a blank flash as mere optimization in the production process. [1]…
Sure, there are solutions presented in the installation guide [1]. It usually involves using the cloud or virtualization platform's out of band channel, which Talos all supports, to securely provision a config on first…
The linked msdos source code on GitHub has since been rewritten by Apple /again/ [1], so the article is a bit out of date. This happened 3 months ago, and it now plugs into a private framework named FSKit. I did not…
I was about to send a rational response to explain how furries are just a bunch of LGBTQ folks (though maybe we met different ones), but then I briefly looked at your HN comments history and decided not to. I hope that…
Hi Gigachad! Is there a policy on using portrait photos of oneself at your company? Then the profile photos should indeed be changed, because they're not photos of oneself, but drawings of cartoonish animals. Otherwise…
This is unfortunate. The writing was on the wall already with vSphere+, but I can't really commit to a subscription for VM infrastructure. Broadcom would be able to hold the whole company hostage with price increases.…
We've moved to plain markdown in Git(Lab) as Confluence replacement. A CI pipeline compiles it to HTML and hosts it on the web via Material for MkDocs. It lacks most collaboration options for non-developer users, but we…
Using Atlassian cloud products is a business risk. They previously let customers sit for weeks without access to their data [1]. Cloud-hosted products do get early patches for unsecured /setup routes though [2], so…
The PostgresBuild 2021 slides of OrioleDB [1] (also linked in the GitHub project's readme) mention that there is a 1K LoC patch that adds features to the extension interface. I guess the patch is larger by now in 2023.…
Author of parent comment here: Interesting insight! I love (and somewhat miss) this industry because the game of cat and mice is never over.
Oldest trick in the book, good luck faking the PE signature to match the vendor's certificate ;-) (Jokes aside, the kernel does not provide any information about which application reads a canary page. It's best to just…
Previous discussion: https://news.ycombinator.com/item?id=34909218
(Wrote anti-cheat software in the past.) There are multiple ways to detect this. Hardware breakpoints were already mentioned, but they only work per thread, so if one is sniffing on your memory from another process or…
Just, uh... don't have a custom cross-platform scrollarea? This is a feature the browser provides already. Your page is perfectly usable by just removing `overflow: hidden scroll;` of…
This is great! I hope that this project enables those many FUSE-related applications to return to Homebrew since an open-source FUSE provider is now available again. I am curious though why a NFSv4 server was chosen…
tl;dr this adds a clause to forbid reserve engineering and bypassing "technical limitations" > You agree that you will not work around any technical limitations in the software provided to you as part of the Services,…