31 Matching Annotations
  1. Mar 2024
  2. Jul 2023
    1. One way of verifying a block device is to directly hash its contents and compare them to a stored value. However, attempting to verify an entire block device can take an extended period and consume much of a device's power. Devices would take long periods to boot and then be significantly drained prior to use. Instead, dm-verity verifies blocks individually and only when each one is accessed. When read into memory, the block is hashed in parallel. The hash is then verified up the tree. And since reading the block is such an expensive operation, the latency introduced by this block-level verification is comparatively nominal.

      This is the performance benefit to using dm-verity.

  3. Dec 2022
    1. Online life is all about maximizing the quantity of connections without much concern for their quality.

      ? Pure speculation.

  4. Feb 2022
    1. It is a regime that prioritizes individual success over collective flourishing. It refuses to recognise anything - job, place, person - that is not profitable.

      Curious to see the argument here

    1. We need to forget, but we first must feel safe forgetting.

      That is the limit: if you are convinced your note-taking app is as good as a trash can, then no safe feeling for you. No "mental safety to forget". Still you have helped your real brain to remember via the writing process. That is not loss.

    1. we have persuasive technology pointed at more than three billion minds, optimizing for advertising revenue and addiction. It undermines human dignity and freedom at the most basic level: the agency to direct our attention towards what’s important to us. At this scale and pervasiveness, it damages our well-being and productivity, and it debases our shared capacity for solving the world’s hardest problems. It’s sick. It’s disrespectful of the human spirit. And I believe there’s a good chance that future generations will literally judge this as crimes against humanity.

      Quite violent. But it reflects what people feel about "Attention Economy". The violence and the pain is a recurring theme from those who try to escape.

  5. Jan 2022
    1. One way of verifying a block device is to directly hash its contents and compare them to a stored value. However, attempting to verify an entire block device can take an extended period and consume much of a device's power. Devices would take long periods to boot and then be significantly drained prior to use. Instead, dm-verity verifies blocks individually and only when each one is accessed. When read into memory, the block is hashed in parallel. The hash is then verified up the tree. And since reading the block is such an expensive operation, the latency introduced by this block-level verification is comparatively nominal.

      This is the performance benefit to using dm-verity.

  6. Nov 2021
    1. The schema in "Types of Protectors" page 8, it should be "Unwrap key ..." and not "Unwrapped key ..."

    1. A full-featured software TPM is a large and complicated software stack

      To the point of being a security risk. Some TPM had vulnerabilities due to the number of functions and their complexity to implement.

  7. Aug 2021
    1. visitors toured Democracity, a metropolis of multilane highways that took its citizens from their countryside homes to their jobs in the skyscraper-packed central city

      Democracity ...

    2. advertising agency told readers that under “private capitalism, the Consumer, the Citizen is boss,” and “he doesn’t have to wait for election day to vote or for the Court to convene before handing down his verdict. The consumer ‘votes’ each time he buys one article and rejects another.”

      To be linked with the following paragraph where he explain how marketing and advertising, the "invisible government" drives the "citizen" more like a dog than a "boss".

  8. Apr 2021
    1. Shows that there is a balance to be found between keeping everything secrets and giving some insight.

      Some information are more useful for security than for attackers

    2. OAuth access tokens are now 178

      The 40 characters were all random, but now:

      • 4 first characters are "ghX_"
      • 6 last are the CRC32

      Total: 10 non-random characters.

      But they allowed uppercase characters in the random string, hence the total entropy is higher, even if only 30 characters are random instead of 40.

    1. Data collection

      How they collected the API definitions over the Web is impressive. Big data at play.

    2. found that it was actual a local file read vulnerability

      A HTTP 301 indicating local file read vulnerability. Good point.

    3. Mostly Blackbox testing, where you do not already have the API definition. (or you do not trust that your documents match what is really implemented).

    4. content discovery tooling

      All the tools relate to fuzzing

    5. ffuf with a large wordlist

      Fast web Fuzzer

    1. Via https://www.densediscovery.com/issues/133 Not the best article on the subject.

    2.  2014 study found that one in 10 people in the United Kingdom did not have a close friend; in a 2019 poll in the United States, one in five of the millennials surveyed reported being friendless

      Does not seem very scientific ...

  9. Apr 2020
    1. Only providing shortcuts is not really useful. Better remember the true command.

  10. Jan 2019
    1. Generation of diagrams and flowcharts from text in a similar manner as markdown. PlantUML equivalent in Javascript

  11. Jun 2016
    1. We see plans like the R3 Consortium as a counter-productive grab to maintain centralized control. There are already reports and rumors that things aren't going according to plan.
    2. As a conclusion, it's better to rely on a private blockchain than no cryptographic system at all. It has merits and pushes the blockchain terminology into the corporate world, making truly public blockchains a bit more likely for the future.
    3. Bitcoin Magazine spoke with  some well-known blockchain thinkers on their opinions of what the uses for a private blockchain might be. 

      No use cases, but conflicting opinions from experts

    4. they are totally orthogonal, both can coexist in the same time, and therefore there is no need to oppose them as we can often see it.
    5. The consortium or company running a private blockchain can easily, if desired, change the rules of a blockchain, revert transactions, modify balances, etc. In some cases, e.g. national land registries, this functionality is necessary