Readit News logoReadit News
r1ch commented on The RCE that AMD won't fix   mrbruh.com/amd/... · Posted by u/MrBruh
jimrandomh · 7 days ago
If this is as described, it's a pretty major failure of security-vulnerability report triage, and rises to the level where security departments at major corporations will be having meetings about whether they want to ban AMD hardware from their organizations entirely, or only ban the AMD update application. If this had gone the "brand name and a scored CVE" route, it would probably have gotten a news cycle. It might still get a news cycle.

The threat model here is that compromised or malicious wifi hotspots (and ISPs) exist that will monitor all unencrypted traffic, look for anything being downloaded that's an executable, and inject malware into it. That would compromise a machine that ran this updater even if the malware wasn't specifically looking for this AMD driver vulnerability, and would have already compromised a lot of laptops in the past.

r1ch · 7 days ago
Anyone can request a CVE, this is sadly the most likely path towards getting it fixed.
r1ch commented on Notepad++ hijacked by state-sponsored actors   notepad-plus-plus.org/new... · Posted by u/mysterydip
kwar13 · 11 days ago
Would've been good if it named the hosting provider. That's the most informative part.
r1ch · 11 days ago
Every shared hosting provider has this risk. Critical projects should be using dedicated or VPS hosting, preferably with encrypted filesystems too as even datacenter techs can fall victim to social engineering.

I'm pretty surprised that they got away with unsigned updates and shared hosting as long as they did. I wonder how many similar popular projects are out there on dodgy infrastructure.

r1ch commented on Vitamin D and Omega-3 have a larger effect on depression than antidepressants   blog.ncase.me/on-depressi... · Posted by u/mijailt
r1ch · 15 days ago
Please do not take 5000mg/day of Vitamin D. The author confuses IU and mg which is very dangerous.
r1ch commented on Copy-Item is slower than File Explorer   til.andrew-quinn.me/posts... · Posted by u/hiAndrewQuinn
someguyiguess · 2 months ago
What about Cat 8? I know it’s not really used in consumer grade applications but is it in TIA/EIA standards?
r1ch · 2 months ago
Yes, that's standardized but is only rated for up to 30 meters at the higher speeds you get from it, so it's not very useful outside of server room / data center applications and you probably want to be using fiber at that point.
r1ch commented on Copy-Item is slower than File Explorer   til.andrew-quinn.me/posts... · Posted by u/hiAndrewQuinn
kg · 2 months ago
> SFTP is an encrypted protocol, so maybe those CPU cycles add up to a lot of extra work over time or slowdown. That… shouldn’t feel convincing to anyone who gives it more than 15 seconds of thought, but we all live with our eyes wide shut at times.

FWIW, I previously spent some time trying to get the maximum possible throughput when copying files between a Windows host and a Linux VM, and the encryption used by most protocols did actually become a bottleneck eventually. I expect this isn't a big factor on 1gbps ethernet, but I've never measured it.

r1ch · 2 months ago
The bottleneck with SFTP / SCP / SSH is usually the server software - SSH can multiplex streams, so it implements its own TCP-style sliding windows for channel data. Unfortunately OpenSSH and similar server implementations suffer from the exact same problems that TCP did, where the windows don't scale up to modern connection speeds, so the maximum data in-flight quickly gets limited at higher BDPs.

HPN-SSH[1] resolves this but isn't widely deployed.

[1] https://www.psc.edu/hpn-ssh-home/

r1ch commented on Copy-Item is slower than File Explorer   til.andrew-quinn.me/posts... · Posted by u/hiAndrewQuinn
r1ch · 2 months ago
OP mentions using "Cat 7" cables - please don't buy these. Cat 7 isn't something that exists in TIA/EIA standards, only in ISO/IEC and it requires GG45 or TERA connectors. Cat 7 with RJ45 connectors isn't standardized, so you have no idea what you're actually getting. Stick with pure copper Cat 6A.
r1ch commented on Trick users and bypass warnings – Modern SVG Clickjacking attacks   lyra.horse/blog/2025/12/s... · Posted by u/spartanatreyu
spartanatreyu · 2 months ago
It's easy to prevent clickjacking attacks by not allowing your website to be embedded in an iframe.

You can do that by either adding a header to your network requests, o̶r̶ ̶b̶y̶ ̶a̶d̶d̶i̶n̶g̶ ̶t̶h̶e̶ ̶f̶o̶l̶l̶o̶w̶i̶n̶g̶ ̶m̶e̶t̶a̶ ̶t̶a̶g̶ ̶t̶o̶ ̶y̶o̶u̶r̶ ̶p̶a̶g̶e̶:̶

̶<̶m̶e̶t̶a̶ ̶h̶t̶t̶p̶-̶e̶q̶u̶i̶v̶=̶"̶X̶-̶F̶r̶a̶m̶e̶-̶O̶p̶t̶i̶o̶n̶s̶"̶ ̶c̶o̶n̶t̶e̶n̶t̶=̶"̶D̶E̶N̶Y̶"̶>̶

EDIT:

According to MDN, it will only work by adding it to your headers. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/...

r1ch · 2 months ago
The modern way to do this is with the Content-Security-Policy: frame-ancestors directive: https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/...
r1ch commented on How to Run WordPress completely from RAM   rickconlee.com/how-to-run... · Posted by u/indigodaddy
matt_heimer · 4 months ago
Its not the the data is only cached by Cloudflare in one place, its that it is cached at the edge node nearest to the user that last made the request. Geographically different users will likely hit a completely different edge node that needs to hit your origin to populate its cache.

Cloudflare has a free tiered caching option that helped my site. Instead of cache missing on local edge nodes always having to hit the origin, the edge node can sometimes pull the data from another Cloudflare server. It reduced load on my origin.

Agree with needing to tune and validate caching, one of the biggest changes my PHP site was tuning apc/OPcache sizes.

r1ch · 4 months ago
Cloudflare will actually slow down TTFB for small, less popular sites since they don't maintain a keepalive connection to the origin. This means you pay an additional TCP/TLS setup cost from the Cloudflare POP to the origin which is worse than a direct connection. I also tried testing a smart-placed worker and cloudflared, neither of which seemed to help.
r1ch commented on Cloudflare Radar: AI Insights   radar.cloudflare.com/ai-i... · Posted by u/tosh
notatoad · 5 months ago
>Cloudflare are positioning themselves as the gatekeepers

i don't really understand how people on this website seem surprised to find out that cloudflare is in the business of blocking unwanted website traffic.

this is literally what their business is and has always been

r1ch · 5 months ago
Ironically the AI crawlers I do want to block - the million-IP-strong residential botnets that fake their user agents - Cloudflare doesn't detect at all.
r1ch commented on DSLRoot, proxies, and the threat of 'legal botnets'   krebsonsecurity.com/2025/... · Posted by u/todsacerdoti
ATechGuy · 6 months ago
Mind sharing what kind of mitigations you put in place and how well they worked?
r1ch · 6 months ago
At first they were easily detectable using HTTP header analysis - e.g. pretending to be Chrome but not sending the headers that Chrome always sends. Now it's a combination of TLS / HTTP protocol level analysis and application layer - e.g. we send a cookie on the user's "normal" page view and check it exists on the higher-resource usage pages they might later visit - the bots don't care about normal viewing patterns and try to hit the higher-resource pages on their first visit, so they get blocked.
r

u/r1ch

KarmaCake day3688April 1, 2014
About
System admin working for esports websites. Also into software development, live streaming, reverse engineering and other fun stuff. See https://r1ch.net/ for more.

[ my public key: https://keybase.io/r1ch; my proof: https://keybase.io/r1ch/sigs/pcrLB7IUV_tZ-u-B7hUSOD-5ke3L2JSthNhI1izUmI4 ]

View Original