Olivia
Online
hixichen
@xichen0425
security developer/building platform security service,ex-uber,ex-vmware tanzu, 工作后出国,居住在西雅图,intj
Redmond, WA
Joined February 2014
803 Following
284 Followers
530 Posts
@aiandcloud cloudflare还有vpn/secrets store,从security角度来说… cloudflare优势大, btw, tailscale会迎来agent时代的好时光
听到的时候觉得很神奇,不要二把手和三把手,真的可以这么直白么
特朗普总统与习近平主席会晤,开场致辞全文:
“习主席,非常感谢你。首先,这是我很少见到的殊荣。我想我特别被那些孩子们所打动。他们很开心,也很漂亮。阅兵显然也是好得不能再好了,但那些孩子们真是令人惊叹,他们代表了太多,我也知道他们对你来说意味着很多。
你和我认识已经很长时间了。事实上,这是我们两国历史上所有总统之间最长久的关系。这对我来说是一种荣幸。我们之间的关系非常棒。即使有困难,我们也能和睦相处并解决问题。我会给你打电话,你也会给我打电话,每当我们遇到问题时,人们可能不知道,每当遇到问题,我们都会很快解决。我们将共同拥有一个美好的未来。
对中国以及你所做的工作充满敬意。你是一位伟大的领导人。我对每个人都这么说,你是一位伟大的领导人。有时候人们不喜欢我这么说,但我还是要说,因为这是事实。我只说实话。
我只想代表我们这个庞大且伟大的代表团说,我们有最伟大的商人,世界上规模最大、最好的商人。我们有非常出色的人才,他们都在这里。我们邀请了世界前三十名,他们每一个都答应了。我不要公司里的二把手或三把手,我只想要最高层。他们今天来这里是为了向你和中国表达敬意,他们期待着开展贸易和做生意。这对我们双方都将是完全互惠的。
所以我非常期待我们的讨论,这是一次重要的讨论。有人说这可能是有史以来规模最大的一次峰会。他们不记得有过类似的事情。我可以说,在美国,人们没有在谈论(除此之外)别的事情。
但很荣幸能和你在一起,很荣幸能成为你的朋友。中美关系将会比以往任何时候都要好。非常感谢。
缺乏了有机中间体,原子化的个人太容易被煽动和娱乐化,所以中国国内主动的选择了集体、保持了大量有基本盘的中间组织
@RJDAIGOGO 与其说是民主制度,不如说是德谟克拉西制度,在社会原子化的后现代,德谟克拉西的消亡几乎是必然的
xfrm , need to be disabked
🚨 DirtyFrag (Linux kernel) — container → host root.
The public one-liner mitigation is incomplete. It blocks modprobe but leaves autoload-by-alias open.
Real fix needs all three layers:
cat >/etc/modprobe.d/dirtyfrag.conf <<'EOF'
install esp4 /bin/false
install esp6 /bin/false
install rxrpc /bin/false
blacklist esp4
blacklist esp6
blacklist rxrpc
alias net-pf-33 off
alias xfrm-type-2-50 off
alias xfrm-type-10-50 off
EOF
⚠️ Does NOT unload already-loaded modules. rmmod or reboot the node.
✅ Bonus: setting allowPrivilegeEscalation: false on the pod blocks the exploit at the container level. Verified.
securityContext:
allowPrivilegeEscalation: false
Safe for: HTTP, gRPC, DBs, kube-proxy, Istio, WireGuard, VXLAN. Breaks: strongSwan, Cilium IPsec, kernel AFS/RxRPC.
Pre-flight: ip xfrm state, ss -a -A rxrpc. Empty → ship it.
🔗 https://t.co/97mO7eMDBH
Every user session generates training data.
https://t.co/ERAhd412li
https://t.co/ERAhd412li
@oneill_c Every user session generates training data.👍
https://t.co/YPONx4IZSz
Post-training is where the magic happens for custom models, but the engineering overhead to train at the frontier is massive. With Baseten Loops SDK, we're solving the training-to-inference bottleneck. We've built an async RL and SFT framework that enables companies to train with RL at the frontier and pairs perfectly with our inference platform.
Sign up for early access: https://t.co/emom3pf1Qb
@orimanabu just curious, did they really verify the exploit script, after fix? alias net-pf-33 off
alias xfrm-type-2-50 off
alias xfrm-type-10-50 off
the alias needs to be off- verified
🚨 DirtyFrag (Linux kernel) — container → host root.
The public one-liner mitigation is incomplete. It blocks modprobe but leaves autoload-by-alias open.
Real fix needs all three layers:
cat >/etc/modprobe.d/dirtyfrag.conf <<'EOF'
install esp4 /bin/false
install esp6 /bin/false
install rxrpc /bin/false
blacklist esp4
blacklist esp6
blacklist rxrpc
alias net-pf-33 off
alias xfrm-type-2-50 off
alias xfrm-type-10-50 off
EOF
⚠️ Does NOT unload already-loaded modules. rmmod or reboot the node.
✅ Bonus: setting allowPrivilegeEscalation: false on the pod blocks the exploit at the container level. Verified.
securityContext:
allowPrivilegeEscalation: false
Safe for: HTTP, gRPC, DBs, kube-proxy, Istio, WireGuard, VXLAN. Breaks: strongSwan, Cilium IPsec, kernel AFS/RxRPC.
Pre-flight: ip xfrm state, ss -a -A rxrpc. Empty → ship it.
🔗 https://t.co/97mO7eMDBH
DirtyFrag2:
cat >/etc/modprobe.d/dirtyfrag.conf <<'EOF'
module autoload/direct load.
install esp4 /bin/false
install esp6 /bin/false
install rxrpc /bin/false
blacklist esp4
blacklist esp6
blacklist rxrpc
alias net-pf-33 off
alias xfrm-type-2-50 off
alias xfrm-type-10-50 off
EOF
Dirty Frag LPE fix: option1:
pod spec:
securityContext:
allowPrivilegeEscalation: false
so nice,dynamic inject secrets
Inspect and filter every HTTP request leaving your microVM.
New post on @slicervm's proxy: secret injection without sentinels, OAuth that actually works, and stage-by-stage policy you can change mid-flight with code.
https://t.co/DfPPgLO9Pz
yeah, to patch oci cluster,the complied kernel module, you have to grub , then restart ,painful
RHELの直系ではない AmazonLinux 2023 は CONFIG_CRYPTO_USER_API_AEAD=m だった。ただ直系である Rocky Linux、AlmaLinux、Oracle Linux は CONFIG_CRYPTO_USER_API_AEAD=y なので
# grubby --update-kernel=ALL --args="initcall_blacklist=algif_aead_init"
してOS再起動が必要
给父母吹风机也换成了laien,效果不错. 下次回国买个这个电动剃须刀试试
“中国制造”正从单纯的代工转向原创设计和高技术的“中国品牌”输出。徕芬(Laifen)就是一个例子。
这家总部位于中国深圳的科技公司,凭借高速吹风机在市场上成名,号称“戴森平替”。最近推出的P3 Pro 电动剃须刀,外观极具现代感、工艺精密、动力强劲,引起市场广泛关注。甚至被誉为“剃须刀界的劳斯莱斯”。
@evilcos 不给其他选项,提高唯一选项的易用性
Simple vibe coding work, I donot understand why so many people prefer long live keys? https://t.co/W7XBhjqjUQ
re: Vercel hack
This should be our wakeup call to get rid of API keys, just like we "got rid" of passwords with OAuth & passkeys
There's a fix. Of course there's a fix! It's called OIDC Federation, it works beautifully, but it still hasn't replaced API keys in the mainstream.
In short, your infra (Vercel, AWS, etc.) generates short-lived JWTs. You then tell your services (database, AI provider, etc.) to trust those JWTs instead of the API keys. No static secrets required.
These JWTs have a lifetime of <1h, and rotate automatically. Simpler + safer
Is it time?
Last Seen Users on Sotwe
ชอบเย็ดสาวใหญ่สาวอ้วน
Seen from Thailand
Cherry Wu
Seen from United Kingdom
Qatar🇶🇦
Seen from Thailand
teman dekatmu
Seen from Indonesia
ครูโจ้
Seen from Thailand
budak sekolah
Seen from Malaysia
Asian Sex Video Productions 73.3K
Seen from Turkey
Mariana
Seen from Mexico
arham mohammad
Seen from Singapore
OxO
Seen from Korea
Trends for you
Most Popular Users
Elon Musk
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.2M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
87M followers
Taylor Swift
@taylorswift13
80.8M followers
Lady Gaga
@ladygaga
72.3M followers
Kim Kardashian
@kimkardashian
69.5M followers
Virat Kohli
@imvkohli
68.8M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.5M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.4M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60.1M followers