Readit News logoReadit News
oddlama commented on OpenFLOW – Quickly make beautiful infrastructure diagrams local to your machine   github.com/stan-smith/Ope... · Posted by u/x0z
b0a04gl · 2 months ago
what if we can make these diagrams synchronized with reality. you need the diagram to pull from the same source of truth as your actual infrastructure - whether that's terraform state, kubernetes manifests, or service discovery. that way diagrams become less historical artifacts and more of living documentation
oddlama · 2 months ago
I've written something like this for NixOS a while back [1], which generates infrastructure diagrams directly from the source of truth (albeit not as pretty as isoflow). I'm sure this could be applied to other declarative tech stacks aswell!

[1]: https://github.com/oddlama/nix-topology

oddlama commented on Bypassing disk encryption on systems with automatic TPM2 unlock   oddlama.org/blog/bypassin... · Posted by u/arjvik
staff3203 · 8 months ago
On my system, I used `tpm2-measure-pcr=yes` in `/etc/crypttab.initramfs`, then used `--tpm2-pcrs=0+2+7+15:sha256=0000000000000000000000000000000000000000000000000000000000000000` with `systemd-cryptenroll`.

As soon as a volume is decrypted, initrd will write `volume-key` to PCR 15, so any further executables can no longer access the data stored in the TPM.

oddlama · 8 months ago
This is great if you only have a single disk, but if you have multiple encrypted disks that are unlocked in the initrd this way, then if you can gain control flow by faking data on the last decrypted disk you can still gain access to all the previously unlocked partitions.

Of course you cannot unseal the secret from the TPM anymore.

Posted by u/oddlama 8 months ago
Bypassing disk encryption on systems with automatic TPM2 unlockoddlama.org/blog/bypassin...
oddlama commented on Variadic generics, again   poignardazur.github.io//2... · Posted by u/lukastyrychtr
BobbyJo · 2 years ago
I cant think of a single real use case for variadic generics.

When you're talking about functions operating on mixed, variable length, types, what meaningful logic can you actually apply, that doesn't fall into requiring the types to implement an interface anyway?

When you're talking about struct/classes/etc, what do you need over and above defining a class/record/dataclass? It would seem to me, you're just skipping the part where you give your tuple a name, but is that even a good idea to do?

To be clear, I did not find the examples in the post convincing, as they represent mostly wrappers/adapters for implementing or consuming arbitrary types, but there are no examples for how that might actually be useful downstream.

oddlama · 2 years ago
I can think of plenty real world usecases. Take for example a network interface that can send or receive predefined packet structs.

Imagine each packet requires a size header. When you want to send multiple packets at once, you now want to optimize that and only write a single initial header to the interface, preceding the data.

With variadic generics, you can enable a syntax like `interface.write_packets(packet1, packet2, packet3, /* ... */);` which writes the packets in the desired optimized way. It can internally construct a serializable data tuple from the variadic generics and add the correct header only to the beginning.

Without variadic generics a similar syntax is only possible with macros, which means that it cannot be implemented as a reusable trait.

> It would seem to me, you're just skipping the part where you give your tuple a name, but is that even a good idea to do?

Sometimes you explicitly don't want to require naming the tuple for flexibility, like in the example above.

oddlama commented on Stanford researchers find only 3% of HTTP runs on port 80 [pdf]   lizizhikevich.github.io/a... · Posted by u/data_wiz
cebert · 3 years ago
I respectfully disagree that verifying your domain is pointless. Without proper verification, you leave yourself vulnerable to a range of risks, such as man-in-the-middle attacks and DNS spoofing. These attacks can allow bad actors to intercept your web traffic and inject malware into content or modify it. Recent security breaches have highlighted the importance of domain verification, and I believe that all users should take steps to verify their domains, such as implementing SSL/TLS certificates or using a domain verification service.
oddlama · 3 years ago
And additionally I would't want anyone on my network path to be able to read what data I exchange - even if it is a static site.
oddlama commented on The IAB loves tracking users but hates users tracking them   shkspr.mobi/blog/2023/01/... · Posted by u/edent
maccard · 3 years ago
How many leaks have you found with this approach?
oddlama · 3 years ago
Not parent, but I'm doing the same thing and I have had 5 leaks out of (currently) 387 accounts over the past 4 years (which is when I started doing this).

Oh and none of the involved entities ever acknowledged the leaks. I'd also be highly interested in the rates other people encounter.

oddlama commented on Finding Nice MD5s Using Rust   blog.youmu.moe/posts/find... · Posted by u/zdw
ErikCorry · 3 years ago
The bug was in profanity?
oddlama · 3 years ago
I haven't looked at the project but would assume that several people generated their wallets by using this tool. The attackers were thus able to generate keys for existing wallets by simply bruteforcing the measly 31 bits that were used in the tool's random initialization.
oddlama commented on Saving power on an ESP8266 web server using delays   tablix.org/~avian/blog/ar... · Posted by u/lioeters
amelius · 3 years ago
What is the simplest circuit to accurately measure power use?
oddlama · 3 years ago
Just a battery would be the simplest option. Just measure time until empty.

If you want higher time resolution, there are several fully integrated hall effect current measurement ICs out there, like for example the ACS723.

If you need even better accuracy or resolution and you can spare 100 bucks, just buy one of the Nordic Power Profiler Kits.

oddlama commented on Eufy “local only” cameras upload facial recognition data to the cloud   9to5google.com/2022/12/01... · Posted by u/Armic
rikroots · 3 years ago
This article triggers some thoughts for me, as a person who has developmental prosopagnosia[1].

In my ideal utopia I will wear (normal) glasses which include a tiny camera in the frame. When I'm in a gathering of people I would be able to frown or scrunch my nose which would trigger the camera to take an image of the person I'm looking at. The image uploads somewhere where some facial recognition software runs and returns a name to me - possibly in audio form (like a whisper in my ear). The image is not retained, but I would have the information I need to start/continue a conversation with that person without looking like an idiot for not remembering who they were in the first place.

There's barrel-loads of privacy concerns around this ideal utopia of mine. But I'm selfish and fed up with my disability which has, in the past, caused me serious social anxiety.

[1] - Also known as face blindness: https://www.nhs.uk/conditions/face-blindness/

oddlama · 3 years ago
Nothing here requires uploading the image to some form of cloud service. Do the recognition locally - maybe on a phone connected via Bluetooth. Never have any information leave the device and you will have significantly less privacy concerns.
oddlama commented on GPS vs. Glonass vs. Galileo   gpsrchive.com/Shared/Sate... · Posted by u/cokernel_hacker
oddlama · 3 years ago
If anyone wants to learn about GPS from the ground up, there's an excellent website with interactive explanations by Bartosz Ciechanowski that I can wholeheartedly recommend [1].

His blog also covers other topics in a similar style - it's a real treasure trove.

[1] https://ciechanow.ski/gps/

o

u/oddlama

KarmaCake day206January 8, 2020View Original