NerdResa @NerdResa@witches.town
Queer feminist from Berlin. Fights for social justice, does research about the Internet. Network geek. Bisexual. She/her
Wherein Andrew Tanenbaum writes an open letter to Intel about MINIX3 being used in the ME and fails to call them on their shit.
“Your CPU has a secret web server that you are not allowed to access.“ (Also, a full Unix OS)
https://www.networkworld.com/article/3236064/servers/minix-the-most-popular-os-in-the-world-thanks-to-intel.amp.html
How to Hack a Turned-Off Computer, or Running Unsigned Code in Intel Management Engine
"The main system can remain functional, so the user may not even suspect that his or her computer now has malware resistant to reinstalling of the OS and updating BIOS."
You don't even need an Operating System to get infected with malware anymore.
#techramblings Afficher plus
Please only answer if you joined Mastodon within the last 7 days. What would have made the instance list on joinmastodon.org more useful for you?
HI PRESUMED NEW PEOPLE
HERE'S A STARTER KIT
creatrixtiara@vulpine.club's Introductory guide:
My guide on how instances work and a list of instances (a tad old now, but still relevant):
http://telegra.ph/Mastodon-instances-and-the-ones-I-recommend-06-18
And just the pure list of instances if you already know what instances are:
#introduction redux
#NYC #Manhattan #hackerspace member. Grand project to design a concurrent PL with eventually consistent data structures as first-class citizens—for #queer #feminism #reasons. Also, #3dprinting.
Philosophically, think #GraceHopper meets #JaneJacobs meets #AnnemarieMol.
Teetotal, ternary #enby. Antithesis of foodie. Wondering what a social life might be.🤔 #INFJ / 4w5.
Currently writing a #Torg+#nWoD #RPG splatbook ⅋ planning on some #DIY / #smarthome thingies.
Or sumfin.
also twitter: blocks #bisexual from showing photos/results
I'm Theresa, a PhD student in Computer Science, a network geek, a queer #bisexual feminist and activist. Other relevant identities include cis, white, femme, poly.
On here I often write about my research, tech stuff that I came across and that I find interesting (like on #WiFi #opensource #Linux).
I try to make my posts accessible to people who don't feel like they already know everything - Please tell me if I succeed. :)
04-nov-2017: hosting your own mastodon instance workshop (berlin) Afficher plus
For a while now, I've been looking for something that I feel should exist but, AFAICT so far, doesn't:
A #whodunit or #hardboiled detective/#crime story, but set in the #anarchist/far left/squatting scene.
It seems so obvious: Close-knit community with lots of reasons not to involve regular authorities, ripe with conflicts both personal and political, big questions about what justice does look or can look like, cultures of both solidarity and self-reliance, ...
Sadly I have yet to find it.
General request: if you post pictures, please please include alt text describing the image so that everyone, regardless of visual ability, can enjoy your toot.
Please consider asking others to do this. Optionally, reconsider boosting toots if they don't have alt text.
We all have an opportunity to help shape the culture of this place and I'd love, love, love if it were "oh, everyone posts alt text with their images because that's just what you do."
@rysiek @NerdResa @wxcafe However, if anyony (especially, their dog) tries to sell* you their own implementation of crypto, you should be cautious. During the last decade, new class of vulerabilities have been researched (side channel) and ability to avoid them is not yet common.
* "selling" includes putting in FLOSS.
@rysiek @NerdResa @wxcafe
Yeah, I know Erica, and I know we (IIRC) disagree on that point to some extend.
By all means, design and implement crypto (or kernels); just most of it will be terrible and shouldn't be trusted. If you are OK with it being a learning exercise, fine.
If you mean “if you have the skillset, please build less terrible alternatives”, sure.
But please, don't pull a Telegram and make bazillions of users depend on terrible crypto.
"Don't write your own crypto" is more about *designing algorithms/protocols* and much, much less about creating implementations of proven algorithms/protocols.
Everyone and their dog (ok, a bit much ;) ) should write their own *implementation*, so we don't end up in the OpenSSL thing again, and so that they learn.
Almost no-one (especially not their dog!) should design their own crypto algos/protocols. This ends *badly*.
Over at birdsite:
Glorious rant about #crypto and #Linux #security, with a surprise in it:
https://twitter.com/ewindisch/status/926432248970309632
Thanks @wxcafe for finding :)
@tether I see.
Here's hope for some nice creative intervention that makes a few more people agree with such a policy :)
@tether Sorry to disappoint, but I'm pretty sure there will be no such thing, except for like the photography policy which has been there forever.
LB:
For those who do not read German, this #CCC page (about the ethics, motivation and borders of Hacking) is now also available in English (this wasn't always the case, I was just about to try and translate it myself then noticed the update)