rene_mobile’s avatarrene_mobile’s Twitter Archive

Most Recent 40 Tweets

Not including replies or retweets or mentions.

Tweets

  1. This will probably be my last direct post to Twitter. My account may or may not stay active, and I may or may not get to delete old posts. Auto-syncing from @rene_mobile@infosec.exchange has now been disabled. Please follow me on the Fediverse for further updates.
    Permalink On twitter.com Twitter logo rene_mobile’s avatar Mood +2 🙂
  2. Success! I can finally - selectively - screen share with a #flatpak-sandboxed #Zoom client (I certainly don't run that thing without a sandbox) running in a #KDE #Plasma session under #Wayland. There are two main parts required: 1. Set enableWaylandShare=true in (1/4)
    Permalink On twitter.com Twitter logo rene_mobile’s avatar Mood +5 🙂
  3. This is German article about the Binarly report of old OpenSSL in UEFI updates. RT heise_security: In einem BIOS-Update fanden Experten mehrere OpenSSL-Versionen, teils mit uralten Sicherheitslücken. Das wirft ein Schlaglicht auf Risiken von PC-Firmware. heise.de/news/UEFI-BIOS-mit-bekannt-unsicherem-Code-gespickt-7351884.html?wt_mc=rss.red.security.security.atom.beitrag.beitrag
    Permalink On twitter.com Twitter logo rene_mobile’s avatar Mood 0
  4. googleprojectzero.blogspot.com/2022/11/mind-the-gap.html has an interesting summary of ARM Mali security issue. Seemingly, this work finally closed a 0-day known and sold for some time that was never reported by that side of the market. Go, #ProjectZero, Go.
    Permalink On twitter.com Twitter logo rene_mobile’s avatar Mood +2 🙂
  5. googleprojectzero.blogspot.com/2022/11/mind-the-gap.html has an interesting summary of ARM Mali security issue. Seemingly, this work finally closed a 0-day known and sold for some time that was never reported by that side of the market. Go, #ProjectZero, Go.
    Permalink On twitter.com Twitter logo rene_mobile’s avatar Mood +2 🙂
  6. TIL: GTK/cairo applications - like #Firefox - don't like font antialiasing together with embedded bitmaps like in #emoji fonts. If e.g. unicode.org/emoji/charts/full-emoji-list.html doesn't display anything in the "Browser" column for you in #Firefox, then disabling antialiasing and/or allowing (1/2)
    Permalink On twitter.com Twitter logo rene_mobile’s avatar Mood +1 🙂
  7. In case anybody wants to play with the PQC key agreement #Google is currently using between internal systems (in addition to classic #X25519) as published at cloud.google.com/blog/products/identity-security/why-google-now-uses-post-quantum-cryptography-for-internal-comms, the code is available as open source: github.com/google/boringssl/blob/master/ssl/test/runner/key_agreement.go
    Permalink On twitter.com Twitter logo rene_mobile’s avatar Mood +1 🙂
  8. CW: #politics #climatecrisis Ok, I need to say this. I am terribly angry and frustrated about the #COP27 failure to make progress in reducing #CO2 emissions. Instead of agreeing on legally binding steps, (1/6)
    Permalink On twitter.com Twitter logo rene_mobile’s avatar Mood -7 🙁
  9. I documented some of my measurements and experiments with #OPNsense #unbound as a #DNS resolver: mayrhofer.eu.org/post/opnsense-unbound-performance/ TL;DR: unbound can be fast, even with blocklists and DNSsec validation, but suffers under heavy load with many concurrent requests.
    Permalink On twitter.com Twitter logo rene_mobile’s avatar Mood -2 🙁
  10. binarly.io/posts/OpenSSL_Usage_in_UEFI_Firmware_Exposes_Weakness_in_SBOMs/index.html Let's try to to better with software supply chain security, please? We are starting a new research lab on that front. If you are interested in pursuing a PhD along these lines, please reach out!
    Permalink On twitter.com Twitter logo rene_mobile’s avatar Mood +7 🙂
  11. Thank you! Now I can happily delete my Twitter account 😅 @internetofshit/1593493390007861248
    Permalink On twitter.com Twitter logo rene_mobile’s avatar Mood +2 🙂
  12. To all my followers: please find my follow-up account at infosec.exchange/@rene_mobile. With my security and privacy hat on, I am not sure how much longer Twitter remains a tenable option at this point. I might be requesting a deletion of all my Twitter account data on short notice.
    Permalink On twitter.com Twitter logo rene_mobile’s avatar Mood +1 🙂
  13. I have _never_ used the official Twitter mobile app, and never will. #Twidere has served me well for years, and is now excellent during the #twittermigration. @stevekrenzel/1589700721121058817
    Permalink On twitter.com Twitter logo rene_mobile’s avatar Mood +3 🙂
  14. If this instance keeps being slow, I might be moving over to infosec.exchange at some point. Luckily, the migration makes this pretty easy, but I would really, really like to be able to move old posts as well.
    Permalink On twitter.com Twitter logo rene_mobile’s avatar Mood +7 🙂
  15. Happy to have our last version of "The Android Platform Security Model" now included in the official August 2021 edition of ACM Transactions on Privacy and Security: dl.acm.org/doi/10.1145/3448609. Fully open access - download, read, share, feel free to use however it's helpful ;-)
    Permalink On twitter.com Twitter logo rene_mobile’s avatar Mood +7 🙂
  16. For helping with the #TwitterMigration, pruvisto.org/debirdify is a nice tool to automatically try to find people to follow on the #Fediverse. The heuristics for locating #Mastodon addresses seem to work pretty well if people include them in their Twitter profiles.
    Permalink On twitter.com Twitter logo rene_mobile’s avatar Mood +6 🙂
  17. #introduction #twittermigration I am a computer scientist with additional interest in physics, philosophy and politics - my messages can therefore be expected to cover these in addition to a heavy focus on computer/network security. At the moment, I am a Professor at (1/2)
    Permalink On twitter.com Twitter logo rene_mobile’s avatar Mood +1 🙂
  18. Although no parser ever messed up pure UTF-8 so far 😅 (Legacy protocols like DNS are hard to move.) @hashbreaker/1588135464145297409
    Permalink On twitter.com Twitter logo rene_mobile’s avatar Mood -1 🙁
  19. The real, main advantage of Android (and the reason I have been working with/on it since 2008) is exactly this: that it is an open platform that supports innovation, flexibility, and user choice. Single gatekeepers are always a problem. 1/ @richminer/1587186280940593155
    Permalink On twitter.com Twitter logo rene_mobile’s avatar Mood +3 🙂
  20. Following many new people on Mastodon these days and will try to boost as I see interesting topics come in. This will probably be a bit fluid for the next weeks. Still trying to stick to (mostly mobile, network, and digital ID) security, humor, and a bit of politics (1/2)
    Permalink On twitter.com Twitter logo rene_mobile’s avatar Mood +5 🙂
  21. ... on platforms that are not using a reasonably modern Android 😉 @matthew_d_green/1586459364168069120
    Permalink On twitter.com Twitter logo rene_mobile’s avatar Mood +2 🙂
  22. I am incredibly proud of our students and researchers putting this together. @SIGFLAG_CTF was already successful before the "pause" in the last 2 years, but that restart is massive and shows the heightened interest in security. Kudos to everybody involved, and welcome to y'all. @SIGFLAG_CTF/1586109043793629184
    Permalink On twitter.com Twitter logo rene_mobile’s avatar Mood +11 🙂
  23. For the last 10 years, whenever forced to create a #PayPal account to pay for something online, I have made it a priority to close it immediately afterwards. Too many unpleasant memories collected over time. @jeremyknauff/1584919295225729028
    Permalink On twitter.com Twitter logo rene_mobile’s avatar Mood -4 🙁
  24. Padding is hard. Use CTR 😉 @RealTimeWWII/1585373345474048000
    Permalink On twitter.com Twitter logo rene_mobile’s avatar Mood +1 🙂
  25. These are surprisingly informative dashboards. Well done, @BMKlimaschutz . @BMKlimaschutz/1583029221214937088
    Permalink On twitter.com Twitter logo rene_mobile’s avatar Mood 0
  26. Licenses for auto-generated code will be even harder with ML models doing the generation. Who own the copyright? Whose IPR is involved? Which license is the compilation under, given that the generated code may have been "inspired" by code from a multitude of different sources? 1/ @DocSparse/1581461734665367554
    Permalink On twitter.com Twitter logo rene_mobile’s avatar Mood +2 🙂
  27. 🤦‍♂️ @matthew_d_green/1580934181290659840
    Permalink On twitter.com Twitter logo rene_mobile’s avatar Mood 0
  28. Passwordless logins are a _big_ thing. Please watch this space. @ShaneHuntley/1580216935429525505
    Permalink On twitter.com Twitter logo rene_mobile’s avatar Mood +2 🙂
  29. Because mastodon.technology is unfortunately shutting down, I am moving to a new account: @rene_mobile@mas.to. The same posting policies and automatic syncing through moa.party apply.
    Permalink On twitter.com Twitter logo rene_mobile’s avatar Mood 0
  30. Translates nearly literally for German as well 😅 @__femb0t/1576536273501966338
    Permalink On twitter.com Twitter logo rene_mobile’s avatar Mood 0
  31. Narrator's voice: no, they cannot. @ShaneHuntley/1572030994521427968
    Permalink On twitter.com Twitter logo rene_mobile’s avatar Mood -1 🙁
  32. This is just brilliant. @ancient_james/1571123546033889280
    Permalink On twitter.com Twitter logo rene_mobile’s avatar Mood +4 🙂
  33. Today I was reminded again that the #2 cause for network problems (still long after the evergreen #1 DNS) is contentious between BGP and PMTU discovery / MTU black holes. @rene_mobile/1545670612038860800
    Permalink On twitter.com Twitter logo rene_mobile’s avatar Mood -2 🙁
  34. One of the unpredictable consequences of the whole #NFT craziness is that, nowadays, when I search for some of the more obscure @nftables incantations, I feel a much stronger tendency to bang my head against something.
    Permalink On twitter.com Twitter logo rene_mobile’s avatar Mood +2 🙂
  35. There's something to this. I can see how incentives for PoS might actually align with contact discovery through blockchain constructs. (PoS with money attached is highly problematic, if the stake is social contracts, may less less so. Maybe.) @matthew_d_green/1563293395233443841
    Permalink On twitter.com Twitter logo rene_mobile’s avatar Mood 0
  36. +100 Since my own PhD days, I have seen this as one of the worst parts of being in computer science academia (there are many good ones, but this one is deeply frustrating). Now, as a member of (too many) PCs, I keep losing arguments over accepting papers because of "novelty". 1/ @vardi/1562932318708310016
    Permalink On twitter.com Twitter logo rene_mobile’s avatar Mood -4 🙁
  37. TIL: If #KDE gets blurry fonts after an upgrade (e.g. to @ubuntu 22.04), then # rm ./.config/kwinrc; kwin --replace is the magic incantation to fix it. (No, I have not debugged it any further...)
    Permalink On twitter.com Twitter logo rene_mobile’s avatar Mood -3 🙁
  38. My @github profile github.com/rmayr has been 404ing for a while ("This page is taking too long to load."). Playing around with profile settings checkboxes didn't change anything. Dear Lazyweb: what am I missing?
    Permalink On twitter.com Twitter logo rene_mobile’s avatar Mood 0
  39. This is your regular service announcement that container apps in Android need to be treated with care. There are some (limited) use cases for them, but often the security trade-offs are not worth it. It's much safer to use e.g. Android (work) profiles instead.
    Permalink On twitter.com Twitter logo rene_mobile’s avatar Mood +1 🙂
  40. I'm sorry for all the users who have lost their savings in those recent issues, and so I need to say it again: reversibility of traditional bank transactions is a _feature_, not a bug. People in the loop to correct mistakes is a positive. Because other bugs *will* happen. @0xfoobar/1554627762807349249
    Permalink On twitter.com Twitter logo rene_mobile’s avatar Mood -3 🙁