Solar Designer
@solardiz
Followers
13K
Following
31
Statuses
14K
@Openwall founder, @oss_security maintainer, @lkrg_org co-author. RTs don't imply agreement with points of view.
Joined August 2012
RT @oss_security: CVE-2025-26519: musl libc: input-controlled out-of-bounds write primitive in iconv() for the vuln…
0
4
0
RT @oss_security: CVE-2025-24531: pam_pkcs11: Possible Authentication Bypass in Error Situations PAM_IGNORE strikes…
0
2
0
RT @GavinSBaker: Really cool - had not seen the “Accelerator in Memory” and fully agree that compute-in-memory may be the ideal solution to…
0
30
0
RT @oss_security: Much info on the AMD Microcode Signature Verification Vulnerability is finally public (with more planned for March) https…
0
3
0
RT @_MatteoRizzo: Our newest research project is finally public! We can load malicious microcode on Zen1-Zen4 CPUs!
0
219
0
RT @alexobenauer: I have two things to share with you today. First, we're starting a publishing company. Second, I wrote a book about com…
0
49
0
@eestokesOSS @mbacarella "impossible to do in CUDA" doesn't imply "had to drop down to PTX". I don't see how PTX would help allocate GPU resources differently. It's intermediate assembly language that compute kernels can be written in, but allocation of SMs is done prior to their invocation. @stratechery
0
0
0
@Chick3nman512 @CraigHRowland Sure. In upstream libxcrypt ranking (which is what typical Linux distros use these days), bcrypt is not obsolete and is still listed as STRONG (except for the bug-compatibility-only $2x$ mode).
1
0
1
RT @carrigmat: Complete hardware + software setup for running Deepseek-R1 locally. The actual model, no distillations, and Q8 quantization…
0
4K
0
RT @sysdig: 🦈 Meet Stratoshark—Wireshark for Cloud☁️ From #OpenSource pioneers @LorisDegio & @GeraldCombs, Stratoshark extends @WiresharkN…
0
50
0
"The preview of -fbounds-safety is now accessible to the community! -fbounds-safety is a language extension to enforce a strong bounds safety guarantee for C."
RFC: Enforcing Bounds Safety in C (-fbounds-safety). We have enough of important C code that we can't simply rewrite it in Rust, but we have to make it safer. This is the most practical approach I've seen so far to improve spatial memory safety in legacy C code (that won't require new hardware features).
0
5
13
RT @oss_security: CVE-2025-23222: dde-api-proxy: Authentication Bypass in Deepin D-Bus Proxy Service is part of the…
0
2
0
RT @oss_security: Oracle January 2025 Critical Patch Update - These should be brought to oss-security. - MySQL: 39…
0
1
0
RT @oss_security: CVE-2025-0395: glibc: Buffer overflow in the GNU C Library's assert() by @Qualys - the buffer ove…
0
3
0
RT @oss_security: CERT/CC VU#199397 - Insecure Implementation of Tunneling Protocols (GRE/IPIP/4in6/6in4) https://t…
0
2
0
RT @oss_security: CVE-2024-13176: OpenSSL: Timing side-channel in ECDSA signature computation Could allow recoverin…
0
2
0
@MortenLinderud @mjg59 Here's a new blog post describing a closely related attack: I think this answers my question above - yes, the referenced proposal by Lennart Poettering addresses this risk, however "[...] not merged into the systemd main branch yet" (perhaps it is by now).
0
0
0
RT @lukOlejnik: We are very, very far from useful quantum computers. It's not even clear how to reliably benchmark the progress. https://t.…
0
5
0