More

eggnet · 2026-06-12T21:16:26 1781298986

TLS also allows for the contents of a boot image to be hidden from others.

naturalmovement · 2026-06-12T22:41:04 1781304064

Ok, but so what?

You guys are out here protecting against ghosts but at the same time making the really important stuff 10x harder and more vulnerable to bugs.

eggnet · 2026-06-08T13:18:11 1780924691

The lack of ads, and the algorithm for sorting the feed.

I think the spectrum runs from social media, to forum, to news feed… maybe other things. HN isn’t toxic.

eggnet · 2026-06-07T18:29:28 1780856968

I assume it would be chrome debug, and their chrome plugin, like it is on macos and windows. They could punt arbitrary app control easily enough.

eggnet · 2026-06-07T14:44:20 1780843460

That happens with execve(). clone() allows you to not copy the page table prior to the execve() call.

trumpdong · 2026-06-08T13:12:53 1780924373

Which argument to clone does that?

eggnet · 2026-05-18T01:10:10 1779066610

There are microcode updates for this already https://www.amd.com/en/resources/product-security/bulletin/a...

negura · 2026-05-18T01:28:55 1779067735

but is it possible to verify that the cloud provider has applied the update?

wmf · 2026-05-18T04:16:59 1779077819

The SEV-SNP attestation includes the microcode version. https://www.amd.com/content/dam/amd/en/documents/developer/l...

eggnet · 2026-05-18T01:53:36 1779069216

Yes, it is. You do have to have some infrastructure you trust somewhere to validate an attestation report from the confidential VM.

nvme0n1p1 · 2026-05-18T01:39:41 1779068381

/proc/cpuinfo shows the current microcode version

edelbitter · 2026-05-18T10:15:57 1779099357

/proc/cpuinfo shows whatever the hypervisor said, often simply "microcode : 0x1000065"

https://github.com/torvalds/linux/commit/518e7b94817abed94be... https://github.com/qemu/qemu/blob/ac6721b88df944ade0048822b2...

negura · 2026-05-18T02:24:00 1779071040

i don't think the information that unprivilleged VMs can obtain from that is necessarily reliable. for example with Xen as hypervisor only dom0 is privilleged (as management console for the system) and still it needs to call dedicated tooling in order to read or manage CPU features like clock speed or frequency scaling

eggnet · 2026-05-17T19:02:47 1779044567

That’s for rx, not tx. When you close a socket with data in the send buffer, that does not trigger a RST. If you just close the socket normally.

pdonis · 2026-05-17T19:09:23 1779044963

> When you close a socket with data in the send buffer

That's not what's happening here. The server is closing the socket when there's data from the client that it hasn't read.

Joker_vD · 2026-05-17T19:18:10 1779045490

Yep, and that makes implementing addition of "Connection: close" in an HTTP reply at the HTTP/1.1-server's side somewhat tricky: you ideally need to read all of the pipelined requests from the client before closing the connection, which is usually something you'd rather not do. But if you just close it, you risk your client getting a partial reply, so you better add "Content-Length"/"Transfer-Encoding: chunked" in your reply as well... but one common reason to do connection-close reply is when you don't know the content-length beforehand, so — I hope you implemented chunking correctly :)

jmalicki · 2026-05-17T21:56:01 1779054961

Even if you just close it, and it RSTs, and you implement chunked etc. properly, the client can't even necessarily read all of the information already sent to the client.

If the client does a read() after the RST gets there, any data in the receive window is gone, any packets that might have been dropped and need to be resent are gone, etc.

toast0 · 2026-05-17T20:41:46 1779050506

More explicit connection closing indications are one of the nice things of http/2. Of course, it's bundled with the silly multiplexing :(

eggnet · 2026-04-22T21:38:17 1776893897

Signal doesn’t provide anything in the message other than… “there are pending messages.” Signal wakes up, fetches them, then generates notifications on the phone itself.

eggnet · 2026-04-11T17:13:17 1775927597

That doesn’t solve the problem. You have to configure Signal to not send the information in the notification.

commandersaki · 2026-04-11T22:03:02 1775944982

“We learned that specifically on iPhones, if one’s settings in the Signal app allow for message notifications and previews to show up on the lock screen, [then] the iPhone will internally store those notifications/message previews in the internal memory of the device,” a supporter of the defendants who was taking notes during the trial told 404 Media

Doesn't indicate this is an issue when you have it set to preview when unlocked.

eggnet · 2026-01-13T21:42:25 1768340545

Will Foxconn and other Chinese manufacturers be less involved in Vietnam? How much less?

eggnet · 2026-01-01T23:37:12 1767310632

I assume you're joking, but this is just sales tax.

Retric · 2026-01-02T00:14:18 1767312858

Tariffs are quite different than a sales tax because they can select winners and losers in a market. Cane sugar vs sugar beets etc. https://en.wikipedia.org/wiki/Sugar_beet

However, they don’t have to be high enough to change who wins, even small ones adjust how much foreign subsidies manipulate the market. Foreign governments should consider how much US corn syrup impacts domestic consumption for example as a separate issue from how it impacts domestic sugar production.

China’s currency manipulation has second order effects that benefits Americans. We don’t necessarily want China to stop, instead the goal should be to minimize the harm while extracting maximum benefits. A small tariff that caused them to double down on currency manipulation would be a massive win.