#EU vs #browser vendors: “one has to be able to pick browser and search engine”. Actually that does not solve anything, and shows only that politicians know nothing about #software. More effective enforcement would be “one has to be able to pick a provider for the sync feature of a browser”.

Two relatively recent incidents that have limited the choice here:

1. #Chromium was blocked from #Google sync.
2. #GNOME Web was blocked from #Firefox sync.

#politics

So, in case you’ve ever wondered, this is how you map anonymous memory with vm-memory crate:

//! Copyright (c) Jarkko Sakkinen 2024

#![deny(clippy::all)]
#![deny(clippy::pedantic)]

use vm_memory::{GuestAddress, GuestMemoryMmap};

fn main() {
    let mem: GuestMemoryMmap<()> =
        GuestMemoryMmap::from_ranges(&[(GuestAddress(0u64), 8192usize)]).unwrap();
    println!("{:?}", mem);
}

The type parameter is for Bitmap.

I’ll do a small test program for each type of memory that we need in Enarx and after that make the changes to the project itself. Changes are simple but the code base is large so this is fastest way to formalize a decent patch.

So next step is /dev/kvm test.

#rust #rustlang #mmap #kvm

#Anonym has the same #privacy bug as #Signal:

1. Claim that they run confidential computing environment.
2. Does not periodically piggyback x.509 of the CPU attestation back to the browser so that it could be compared to the #Intel and #AMD CA’s.

Objectively we can thus come to the conclusion that it is belief system based #security.

Especially this is weird given the collaboration with a browser vendor.

Even for AGPL code confidentiality can be faked by emulating necessary opcodes with a modified QEMU.

The whole core idea of confidential computing is based on exactly to the ability for client to verify that the payload is unmodified. This is just fake marketing.

The security promise is exactly as truthful as it was for ANON phones that FBI sold to crooks ;-)

#Mozilla #Firefox #infosec

Compiled #enarx first time for a long time. I'm looking into how feasible it would be to switch the ad-hoc mmap abstraction to rust-vmm/vm-memory crate. #Rust #rustlang

#foot is a super nice #terminal that I just learned to exist: https://codeberg.org/dnkl/foot

#wayland only. has all the modern mandatory stuff but not extras.

During holidays I found about #IBM Plex: https://www.ibm.com/plex/

Love this font! Best thing from IBM in years.

I'd guess that some years and we are predestined to see a triumph of #AI exploitation.

I'd guess there's opportunities in that area for behavioral exploitation, making it do unwanted things.

Even more so there's opportunities for scavenging "confidential leaks" from large LM's, to downright reverse engineering. Sometime in-house codebase might be seeded by mistake to a public LM...

Or hackers could exploit your network and instead of copying any data they would use LM as an indirect path to scavenge good quality enough information to meet the goals.

If I was working on offensive security like for some intelligence department, I'd put a lot of resources on exploiting the AI assistants for instance. Exploiting that functionally would open countless doors.

#infosec

Of all of call codebases I've seen, compiled and successfully tested including Symbian OS, AOSP, Chromium etc. I think just as a build #Servo is one of the worst I've seen so far. It has a nice site, progress and everything but IMHO getting nice and easy build should be a primary target.

I'll give another shot tomorrow on compiling that mess :-)

I tried for fun to do my first trials on macOS because I thought that it is Rust so everything must be great. Was a mistake that I still regret ever doing that. I don't even want to begin how badly planned it is. I'll give it a shot with my Fedora system next time.

I already said this once but if you do your work in #GNOME, for most casual business use GNOME Web is a functional tool. And it has the #Firefox sync.

I turn Firefox on, only on my leisure time. The name rings to me like s.. night club in 1st place.... i.e. not something I should eagerly use for committing any business.

Has been pretty obvious equation in my case longer than the ad-gate.

It reminds to be seen ofc whether/if Mozilla starts to do same with Firefox as Google did with Chrome, i.e. I would not hold my breath of the sync feature working forever in this open manner.

Fedora turns on Firefox prototype advertiser measurement crap by default. You probably want to turn it off. People might want to file bugs for other distributions if they've done the same.

https://bugzilla.redhat.com/show_bug.cgi?id=2297635

#firefox #privacy #fedora #redhat #linux

with all these #AWS, #Azure etc. developer certificates around, I wonder if there is a "zero certificates for life" #certificate that I could apply for somewhere?

My apartment is about 7 min walk from central railway station of Tampere and I get these all the time. I really have to fight myself of not fuzzing in...

One of the best foods ever: Georgian national dish hatsapuri. Competes strongly with Portugalian street food classic prego in my charts.

Now that I leaned to use Goblin with Mach-O binaries, and how I find my way to symbol address through those ways, I think as next step I'll write a my-purposes-only disassembler using Goblin and Capstone's #Rust bindings.

I have sort of this fuzzy big picture in my head what I might want to do with that and perhaps with using Aya EBPF sheanigans but have to do bunch or trials and errors first

Sort of interesting territory experiment anyhow despite successes and failures. Generally I'm more interested on Rust when it comes to kernel what can be done in QA side from user space than kernel code per se.

🤷

Tampere Sunday sightseeing

some funkier stuff produced some years ago https://analrecords.bandcamp.com/track/scum-cums #psytrance #suomisaundi

What I think of Biden/Trump? Pretty much the same feeling that I had when I did this track with my Slovakian-Finnish friend Vlado in 2020: https://globalfishmafia.bandcamp.com/track/i-dont-feel-anything

I was in Portland OR when 2016 elections happened, which was pretty cool I think or once in a lifetime historical experience, mind the result. Or actually, it is not my concern what I might mind the result. I only focus taking stand in the votes where I have a legit standing point in the first place.

E.g. I have a voting ticket for Finnish parliament, EU and LF deciding bodies. So I focus on those and deal with sometimes unfortunate reality.

#politics

songs that stick in your brains forever once you hear them for the first time https://www.youtube.com/watch?v=NlgmH5q9uNk

Binary parsing with #Rust and #goblin https://jarkko.codeberg.page/2024/07/13/binary-parsing-with-goblin.html

The next step is to use #Capstone bindings to disassemble the victim symbol.

#rustlang

For people concerned about #Mozilla #Firefox: #GNOME Web supports Firefox Sync out of the box.