From @torvalds on #LKML:

Hardcoded security module suggestion - stop the stacking insanity

https://lore.kernel.org/all/CAHk-%3Dwh%2B_xXpnHfUv%3DFwGWcce4XwqwKvtq7LcxK6WKmbf4eGGA@mail.gmail.com/

"'[…]this whole "nested LSM" stuff as a design goal just needs to be all rolled back, and the new design target is "one LSM, enabled statically at build time, without the need for indirect calls."

Because we're now in the situation where the security hooks are actually a source of not just horrible performance issues, but also actual insecurity[…]"'

#Linux #kernel #LinuxKernel

Mitigations for the "native BHI(Branch History Injection)"[1] hardware vulnerability have just been merged into #Linux mainline: https://git.kernel.org/torvalds/c/2bb69f5fc72183e1c62547d900f560d0e9334925

"'BHI attacks may allow a malicious application to influence indirect branch prediction in kernel by poisoning the branch history. […]"

[1] for details, see https://www.vusec.net/projects/native-bhi/

I hate soldering but still would be sometimes nice to have a soldering station at home. What would be a good choice in let's say in less than 500 euros price range? Should also do desoldering (that is my most common use case: desolder old part and solder new part).

Do not need anything too high end, as long as the durability and overall quality are acceptable...

Edit: actually it costed bit less than 60 euros with a discount. The list price is 70 euros:
https://www.amazon.de/dp/B0CSD529PW?psc=1&ref=ppx_yo2ov_dt_b_product_details

The USB HAT with UART-micro-USB bridge I got is https://www.amazon.de/dp/B072Q5S1XH?psc=1&ref=ppx_yo2ov_dt_b_product_details. I ordered couple of these (other for raspberry pi 400).

huge workflow improvements with less than 100 EUR investment :-)

#storj way of billing cloud works for me as my main archive is in local NAS and the amount of stuff in the cloud storage is variable. The first cost me $1.50. also support for S3 API is great thing and makes moving files between cloud, NAS etc. a breeze, when using something like rclone. Totally made sense to migrate from Dropbox...

@briankrebs in practice he can move within the whole EU region freely as long as he does not use a plane.

According to the news, he has to report to the police every other day, and is only allowed to move in a restricted area in the city of Espoo. So if he wants to escape, he has 48h of time window to do that, no idea if he is under surveillance or not.

A Finnish court has decided to let alleged mass extortionist Julius "Zeekill" Kivimaki free pending the rest of his trial, without even an ankle bracelet. This is a guy who was hiding in France under an assumed name and passport when police arrested him and sent him back to Finland to face charges that he extorted thousands of patients of the Vastaamo psych practice in 2020.

https://www.hs.fi/kotimaa/art-2000010206299.html

"The processing of the data breach and blackmail case is scheduled to continue on Wednesday at 9 o'clock.

"The trial will continue, even if he doesn't show up," Vainio formulates Kivimäki's arrival for the upcoming hearings."

They've taken away his passport, but it's not hard to walk out of Finland. Hope they're following him around wherever he goes.

https://krebsonsecurity.com/2023/11/alleged-extortioner-of-psychotherapy-patients-faces-trial/

Overall I think VisionFive2 is overall better board than e.g. BeagleV for kernel development tasks because:

• 2/3 of price
• twice more memory at least in the 8GB version
• Hat that can supply power and UART through micro-USB is about half price of comparable mikrobus and the overall setup is more compact in price.

I had no idea how the CPU’s compare but for my tasks I neither care :-) I guess they help each other to mature in Linux kernel because the hardware platform are from the same family (jh7100 for beaglev and jh7110 for visionfive2). For some other task, e.g. building something around the SBC, the evalution might different.

I came to these conclusions based on working with VisionFive2 and I do not have BeagleV at my hands so that my cause some dilation but at least this board feels like better bang for the buck.

Still would love to get my hands on BeagleV too and get more familiar with it, and yeah, competition is a great thing, and can’t wait for more Beagleboard RISC-V products.

#riscv #visionfive2 #beaglev #beagleboard #raspberrypi #mikrobus

The only wiring I have in it for serial TTY access:

Super-nice additional benefit of this shield: one cable less. Before I needed power cable and USB-TTL for TTY. Now only by connecting micro-USB to the shield it draws the power and provides serial access.

The screenshot has unmodified #BuildRoot master branch version built with visionfive2_defconfig. Seems to be much more stable than lean, at least for the kernel development, than the official SDK, which is quite scary looking construction tbh :-)

Also got this display, right now it is connected to a 7th gen NUC that use to test all x86 patches (because it has full sgx2 support). Display cost less than 50 euros and it is super handy for kernel testing.

oops, wrong way around, never installed these before 🤷

@duxsco ok cool thanks! :-)

No more fighting with a loose TTL-USB-cables: I have USB hub shield with USB-to-UART port :-) Or two of these: one for Raspberry Pi 3B+ and other for VisionFive 2 RISC-V SBC (in the pic). Need to still pile a TPM2 chip to the pins on top of the shield and hopefully it will still work. #arm #riscv #visionfive2 #raspberrypi

I.e. find IP of the keyserver with host/nslookup/ping and then pass it to --keyserver.

I quite often have to use IP for keyserver in #GnuPG's #macOS version. It does not otherwise find the route to the host. Never happens in any other platform...

next step in ai is obviously dynamically self-learning large language models. the current ai is google search with pre-computed aggregation heuristics, and nothing more than inspiring that.

not sure what to think about the next obvious step other than it is inevitably the next step :-)

so to scope the "problem" with the current AI is that it is not an "artist" using its own imagination, it is an "entertainer" following the patterns known to work for most.

@seindal @zwol I could imagine that at the time make + m4 was quickest way to PoC a higher level build system than raw makefile because you get away without having to implement a macro language so i'd guess that autotools was an unfortunate accident :-)

#pelican seems to be in sweet spot for me generating a site because it has first-class #reStructuredText support, i.e. no need to add any plugins it is built-in.

The benefit in it is that if I write anything with reStructuredText it is easy to port as kernel documentation later on. #python

@seindal @zwol reminded me of this presentation where the presenter totally mixes up with the toy example ;-) https://youtu.be/ULZxHSPWn98?t=1005

imho, m4 has its time and place in history and inspired bunch of other tools.

i remember using it ages ago for e.g. static web site generation where it did the job (today i'd probably pick something more modern), and of course still continuing enforced use with horrific autotools from time to time :-)