dragosr
@dragostech.bsky.social
Autonomous Carbon Based LLM with 42 years of tuning on Information Attack and Defense.
Host of CanSecWest, and PacSec.
Security audits, code, IR, LLM, red team consulting.
Specialize in Firmware, and RF.
VA7MOV
Host of CanSecWest, and PacSec.
Security audits, code, IR, LLM, red team consulting.
Specialize in Firmware, and RF.
VA7MOV
Reposted by dragosr
So there’s a website called Deer Of St Nicholas which posts Christmas wish letters from Ukrainian children who had their childhood stolen by the war, anyone can pick a child and get them their present and it’s that time of the year again to achingly scroll it for hours again
November 7, 2025 at 8:21 AM
So there’s a website called Deer Of St Nicholas which posts Christmas wish letters from Ukrainian children who had their childhood stolen by the war, anyone can pick a child and get them their present and it’s that time of the year again to achingly scroll it for hours again
I have a new favorite place in Shibuya, Tokyo - Taco Fanatico, amazing tequila collection. Delicious!
渋谷で新しいお気に入りの店を見つけた - Taco Fanatico。テキーラの品揃えが充実している。おいしい!
渋谷で新しいお気に入りの店を見つけた - Taco Fanatico。テキーラの品揃えが充実している。おいしい!
November 9, 2025 at 5:57 AM
I have a new favorite place in Shibuya, Tokyo - Taco Fanatico, amazing tequila collection. Delicious!
渋谷で新しいお気に入りの店を見つけた - Taco Fanatico。テキーラの品揃えが充実している。おいしい!
渋谷で新しいお気に入りの店を見つけた - Taco Fanatico。テキーラの品揃えが充実している。おいしい!
We trusted images because they were hard to fake. That assumption is dead. Authentication must shift to cryptographic signatures from photographers and publishers. Trust becomes transitive: you trust the image only to the extent you trust its signer.
October 29, 2025 at 1:33 AM
We trusted images because they were hard to fake. That assumption is dead. Authentication must shift to cryptographic signatures from photographers and publishers. Trust becomes transitive: you trust the image only to the extent you trust its signer.
Let's figure out what the duties & tariffs impact is in various parts of the world.
Reply with your country's price.
Reply with your country's price.
October 26, 2025 at 6:18 PM
Let's figure out what the duties & tariffs impact is in various parts of the world.
Reply with your country's price.
Reply with your country's price.
This is a good deep dive on what really happened with AWS
www.ookla.com/articles/aws...
www.ookla.com/articles/aws...
Revealing the Cascading Impacts of the AWS Outage | Ookla®
Explore the global impact of the Oct 2025 AWS US-EAST-1 outage, with 16M+ reports, a DNS root cause, and clear guidance to contain future failures.
www.ookla.com
October 22, 2025 at 4:53 PM
This is a good deep dive on what really happened with AWS
www.ookla.com/articles/aws...
www.ookla.com/articles/aws...
This is the best GPU internals write-up I've seen in a long time.
www.aleksagordic.com/blog/matmul
www.aleksagordic.com/blog/matmul
Inside NVIDIA GPUs: Anatomy of high performance matmul kernels - Aleksa Gordić
From GPU architecture and PTX/SASS to warp-tiling and deep asynchronous tensor core pipelines.
www.aleksagordic.com
October 16, 2025 at 2:46 AM
This is the best GPU internals write-up I've seen in a long time.
www.aleksagordic.com/blog/matmul
www.aleksagordic.com/blog/matmul
Open source pure Rust UEFI BIOS
Native Rust not just wrappers on old risky C code.
github.com/openDevicePa...
Native Rust not just wrappers on old risky C code.
github.com/openDevicePa...
GitHub - OpenDevicePartnership/patina: Patina Firmware
Patina Firmware. Contribute to OpenDevicePartnership/patina development by creating an account on GitHub.
github.com
October 10, 2025 at 2:10 PM
Open source pure Rust UEFI BIOS
Native Rust not just wrappers on old risky C code.
github.com/openDevicePa...
Native Rust not just wrappers on old risky C code.
github.com/openDevicePa...
Speech recognition through high frequency mouse sensors. sites.google.com/view/mic-e-m...
Mic-E-Mouse
Your computer mouse has big ears.
Image courtesy of GPT4/Dall-E-3, generated using the keywords "computer mouse with big ears and a microphone as a scroll wheel."
sites.google.com
October 6, 2025 at 8:55 PM
Speech recognition through high frequency mouse sensors. sites.google.com/view/mic-e-m...
Malicious Rust crate updates, faster_log and async_println, cryptocurrency key scanners.
blog.rust-lang.org/2025/09/24/c...
blog.rust-lang.org/2025/09/24/c...
crates.io: Malicious crates faster_log and async_println | Rust Blog
Empowering everyone to build reliable and efficient software.
blog.rust-lang.org
September 24, 2025 at 9:19 PM
Malicious Rust crate updates, faster_log and async_println, cryptocurrency key scanners.
blog.rust-lang.org/2025/09/24/c...
blog.rust-lang.org/2025/09/24/c...
Reposted by dragosr
I want to tell you about a friend of mine real quick. I've mentioned her on here before, but you don't know any details yet, and she's about to make history in a very real sense.
Meet Michi Benthaus:
Meet Michi Benthaus:
September 1, 2025 at 7:10 PM
I want to tell you about a friend of mine real quick. I've mentioned her on here before, but you don't know any details yet, and she's about to make history in a very real sense.
Meet Michi Benthaus:
Meet Michi Benthaus:
Reposted by dragosr
Now this is real convenient, especially on machines where it's impossible to hit the right key fast enough to enter the UEFI BIOS settings.
On #OpenBSD/amd64, you can now type "machine fwsetup" at the boot> prompt in efiboot(8).
marc.info?l=openbsd-cv...
On #OpenBSD/amd64, you can now type "machine fwsetup" at the boot> prompt in efiboot(8).
marc.info?l=openbsd-cv...
August 27, 2025 at 3:08 PM
Now this is real convenient, especially on machines where it's impossible to hit the right key fast enough to enter the UEFI BIOS settings.
On #OpenBSD/amd64, you can now type "machine fwsetup" at the boot> prompt in efiboot(8).
marc.info?l=openbsd-cv...
On #OpenBSD/amd64, you can now type "machine fwsetup" at the boot> prompt in efiboot(8).
marc.info?l=openbsd-cv...
Reposted by dragosr
Docker Fixes CVE-2025-9074, Critical Container Escape Vulnerability With CVSS Score 9.3
Docker Fixes CVE-2025-9074, Critical Container Escape Vulnerability With CVSS Score 9.3
thehackernews.com
August 25, 2025 at 7:23 PM
Docker Fixes CVE-2025-9074, Critical Container Escape Vulnerability With CVSS Score 9.3
Yeah ok, this is Linux's birthday in 1991. I was running Unix on my home IBM PC clone 80286 using sources I compiled from SysVr2 code two years before that in 1989.
August 25, 2025 at 8:40 PM
Yeah ok, this is Linux's birthday in 1991. I was running Unix on my home IBM PC clone 80286 using sources I compiled from SysVr2 code two years before that in 1989.
Reposted by dragosr
rust is a language in which you can borrow a cow
August 24, 2025 at 11:05 PM
rust is a language in which you can borrow a cow
How many AI Doomers does it take to change a lightbulb?
Seven: one to change it, six to screenshot the single frame where it isn't lit yet and post viral threads with titles like "Still Dark!"
Seven: one to change it, six to screenshot the single frame where it isn't lit yet and post viral threads with titles like "Still Dark!"
August 22, 2025 at 11:09 PM
How many AI Doomers does it take to change a lightbulb?
Seven: one to change it, six to screenshot the single frame where it isn't lit yet and post viral threads with titles like "Still Dark!"
Seven: one to change it, six to screenshot the single frame where it isn't lit yet and post viral threads with titles like "Still Dark!"
Reposted by dragosr
6 major Password Managers with Tens of Millions of Users are currently vulnerable to unpatched Clickjacking Flaws that could allow Attackers to steal your Secrets - Public disclosure by Marek Tóth at DEF CON 33 #Infosec #Vulnerability socket.dev/blog/passwor...
Researcher Exposes Zero-Day Clickjacking Vulnerabilities in ...
Hacker Demonstrates How Easy It Is To Steal Data From Popular Password Managers
socket.dev
August 21, 2025 at 7:10 PM
6 major Password Managers with Tens of Millions of Users are currently vulnerable to unpatched Clickjacking Flaws that could allow Attackers to steal your Secrets - Public disclosure by Marek Tóth at DEF CON 33 #Infosec #Vulnerability socket.dev/blog/passwor...
It's weird to me that folks in places like Alberta, and the U.S. don't understand that slowing down the deployments of solar power and EV charging networks is a giant footgun self own.
It's a race. And you are deliberately choosing last place. Good luck with that.
It's a race. And you are deliberately choosing last place. Good luck with that.
August 19, 2025 at 5:02 AM
It's weird to me that folks in places like Alberta, and the U.S. don't understand that slowing down the deployments of solar power and EV charging networks is a giant footgun self own.
It's a race. And you are deliberately choosing last place. Good luck with that.
It's a race. And you are deliberately choosing last place. Good luck with that.
Streaming out Worldcon and the World Science Fiction Awards:
The 2025 Hugo Awards.
Live from Seattle.
youtube.com/live/G0GGYLV...
The 2025 Hugo Awards.
Live from Seattle.
youtube.com/live/G0GGYLV...
Worldcon 2025 Seattle - Opening Ceremony - August 13th, 2025 7:30 pm - 8:30 pm
YouTube video by Seattle Worldcon 2025
youtube.com
August 14, 2025 at 2:35 AM
Streaming out Worldcon and the World Science Fiction Awards:
The 2025 Hugo Awards.
Live from Seattle.
youtube.com/live/G0GGYLV...
The 2025 Hugo Awards.
Live from Seattle.
youtube.com/live/G0GGYLV...
Reposted by dragosr
August 10, 2025 at 3:01 AM
Reposted by dragosr
So apparently we are within the last 60 days of dial-up AOL being a thing.
help.aol.com/articles/dia...
ht @mat.tl
help.aol.com/articles/dia...
ht @mat.tl
August 9, 2025 at 12:41 AM
So apparently we are within the last 60 days of dial-up AOL being a thing.
help.aol.com/articles/dia...
ht @mat.tl
help.aol.com/articles/dia...
ht @mat.tl
Typosquatting malicious Go packages.
11 Malicious Go Packages Distribute Obfuscated Remote Payloa...
Socket uncovered 11 malicious Go packages using obfuscated loaders to fetch and execute second-stage payloads via C2 domains.
socket.dev
August 8, 2025 at 4:07 PM
Typosquatting malicious Go packages.