EUCLEAK, C3, MTR, XFCE, BLAKE3-AEAD, SymCrypt, Duplicati

1. Yubikey (@ Wikipedia) cloning attack called EUCLEAK by Ninja Lab, which also applies to many other devices using the same chip. Great example how hard it is to make HSM (@ Wikipedia) modules safe. And if you have more competent and capable extraction team, they'll probably get past even better protections. Like the attacks previously published by IBM against many "secure chips". Not surprising at all, pretty much expected outcome. If the information is there, it can be extracted, yet it can be made quite hard to do.

2. OpSec: C3 / CCC - Cover, Concealment, Compartmentalization (@ Wikipedia) - Nothing new, just a reminder. The last one is the most important and of course the hardest one to achieve and maintain successfully.

3. I just tested Python Garbage Collector (GC) out of curiosity and at least Python 3.12 garbage collector deals well with self and cross references and releases memory as expected. Older versions of Python didn't manage those as well. This is nice, yet I personally avoid creating such data structures.

4. Ubuntu 24.04 LTS mtr 0.95 seems to be broken. When used with parameters report or report-wide output mode, it triggers buffer overflow.
   Command: mtr -w 1.1.1.1
   Response: *** buffer overflow detected ***: terminated Tested versions: e89876064b3aa0c9b6c1df1b321265cae3e6cc06da8637bbce7df8aa0aa7188d and ca0cd71f68f9b7bef0a28177d9ef859d04302e3f29b91c7f75ad74626914a44b @/usr/bin/mtr

5. Xubutun / XFCE / Desktop Environment - Snap to other windows / screen borders. Another example of bad code. Both options are enabled. Does it work? No? What I need to do, is disable the options and re-enable those, and then it works. - Thank you for that as well! Quite classic trolling! Ref: XFCE (@ Wikipedia)

6. X - More frustrating classics, X generates URLs for content, but when you try to search the content with the provided URL it always fails. Amateurs, someday they might be able to hire someone whom can write working URL handling and fix issues like this. Ref: Ex-Twitter

7. BLAKE3-AEAD (@ lib.rs) - This one made me smile, I've had very similar thoughts and I've written a few test programs doing something very similar with Python. 

8. Microsoft adds new cryptographic algorithms to SymCrypt the ML-KEM aka FIPS 203 previous known as CRYSTALS-Kyber. kw: ML-KEM-512, ML-KEM-768, ML-KEM-1024

9. Power saving and cost minimization - Wrote a fish shell script which can stop and start docker container called "testbox": - Every day start the textbox at 10 pm - During Sat and Sun, stop the testbox at 7 am - During Mon - Fri, stop the testbox at 4 pm - Do not start or stop the testbox, if the status of the is already correct check docker containers - Script is run by cron once every hour - Check remote API for pricing information: - If this API "power-pricing-api" returns string "400", stop the testbox container, even if it would otherwise be running based on the time schedule. - If the API returns "200" and the textbox should be running based on the scheduler and it's not running, start the text box to resume operation. - Don't check the API unnecessarily outside the time frame when the container should be running. - Test box run some stuff which consumes quite much bandwidth and maxes out CPU, so I want to only run it when it's cheap to run and when it doesn't bother me. - Same script now works at other locations to fire up systems using magic packets on LAN, when it's good to time to start the systems. Nothing new,  I've used similar scripts with VPS / cloud spot pricing for ages. But it was nice to apply same logic with local physical hardware being turned on or off. kw: Smart Grid, Smart Home Energy Management Systems (SHEMS), Home Energy Management Systems (HEMS), Automated Demand Response (ADR) Systems, Smart Home, Home Automation Systems

10. Duplicati finally fixed the dangerous flaw, which caused - backup test to report the backup being good, but when you actually tried to restore the backups it would fail (@ forum.duplicati.com). It took quite a while, but now the issue is fixed in the latest canary and it works!

11. Basic comparison between: NB-IoT, Sigfox, LoRaWAN vs NB-IoT and LTE-M. Reminded my self about key usage scenarios and pros and cons per technology option. Each of those technologies have it's own slightly different sweet spots and different environments which it's designed and best used for, as well as serious cons if incorrectly chosen. Basically those are still spread on the classic spectrum - latency / bandwidth / energy consumption.

12. Something not so different? Spike Missile (@ Wikipedia)

2025-03-09