pvaneynd @pvaneynd@octodon.social

Report that #letsencrypt is handling a vulnerability:

"[Investigating] The tls-sni challenge has been disabled due to strong credibility of a vulnerability report."

https://letsencrypt.status.io/pages/incident/55957a99e800baa4470002da/5a55777ed9a9c1024c00b241

Impact to #golang

"Welp, the #golang autocert (https://golang.org/x/crypto/acme/autocert …) @letsencrypt package is now broken because it relies on tls-sni-01, which just got emergency shut down:"

https://twitter.com/bradfitz/status/950932394407702528

Finding a CPU Design Bug in the Xbox 360

https://randomascii.wordpress.com/2018/01/07/finding-a-cpu-design-bug-in-the-xbox-360/

<<The recent reveal of Meltdown and Spectre reminded me of the time I found a related design bug in the Xbox 360 CPU – a newly added instruction whose mere existence was dangerous.>>

Believe it or not I had sort of prepared a neat little tootstorm on OoO and speculative execution when I realised that what is really needed is an analysis on what tradeoffs were chosen as opposed to yet another OoO description.

What seems to be missing from everything I have read are two points:

a) speculative execution and OoO go back a long time (IBM S/360 model 85),
b) they are essential for performance: you simply cannot get “the numbers” otherwise.

Some of you might be old enough to…

btw, read the project zero post on spectre/meltdown if you haven't already. it's really clever. https://googleprojectzero.blogspot.co.uk/2018/01/reading-privileged-memory-with-side.html

people: "we can build a nationwide internet through the wireless!"

me, an RF engineer with years of tactical mesh network PHY experience, multiple radio licenses, and an apartment two blocks from her corner office at a leading manufacturer of wideband SDR hardware: "good fuckin' luck"

@Wolven Thank you! She’s been a little more active and playful today so that’s pretty wonderful. ❤️