이제 국회 청문회나 공개되는 정보에서도 IMSI와 IMEI와 같은 약어가 나온다. 그러나 "유심 식별번호"나 "유심 인증키", "유심 비밀번호"가 구체적으로 뭔지는 아직도 언급되지 않고 있다. "유심 식별번호"에는 최소한 두 가지가 있고, "유심 인증키"라고 부를 수 있는 것만 최소한 5가지가 있으며, "유심 비밀번호"라고 부를 수 있는 것도 최소한 5가지가 있다. 그 중에서는 메모리 내에서도 가급적 암호화되어야 하는 것과, 디스크에서만 암호화할 수 밖에 없는 것도 섞여 있다. 대부분 여기에 사용되는 암호화 방식은 대칭 키 방식이기 때문에 평문 키에 접근해야 하며, 전가의 보도로 사용되는 "해시"도 사용할 수 없다.

구체적으로 무슨 정보가 유출되었는지가 알려지지 않는 이상, 쓸데없는 보안 관련 규제가 생길 가능성도 간과할 수 없다.

https://youtu.be/tKScucURjV0?t=10210

話說昨晚有人嘗試登入我的Google帳號，有點危險
而且對方還是知道密碼卡在兩步驟驗證的狀態…

유심 식별번호:
- IMSI('임지'라고도 읽음): 이동통신망에서 가입자를 식별할 때 사용하는 번호. SIM에 기록되어 있다.
- ICCID: 신용카드의 카드번호와 동일한 규칙으로 부여되며, 물리적인 SIM 카드를 식별한다. 이동통신망 그 자체에서는 사용되지 않으며, 통신사 영업 전산에서 사용한다.
유심 인증키:
- K_i/OPc: 털리면 엿 되는 것.
- KIc/KID: 원격 접근에 사용하는 인증 키. KIc는 암호화, KID는 RC/CC/DS를 담당함.(GSMA FS.22 § 4 참조)
- KIK: 위 두 KIc, KID를 보호하기 위한 원격 프로비저닝 키.
유심 비밀번호:
- PIN1/PUK1: SIM 카드 탈취를 막기 위한 비밀번호. SIM에 최초 전원 인가 후 사용하기 전에 입력해야 함.
- PIN2/PUK2: SIM 카드의 특정 설정에 접근하기 위한 비밀번호. 통신사에 따라서 사용되지 않는 경우가 있음.
- ADM: SIM 카드의 파일을 조작하기 위한 비밀번호.

【NHKニュース速報 01:12】
新しいローマ教皇が選出される
コンクラーベ実施の礼拝堂煙突から白煙
#ニュース #NHKニュース速報

이제 국회 청문회나 공개되는 정보에서도 IMSI와 IMEI와 같은 약어가 나온다. 그러나 "유심 식별번호"나 "유심 인증키", "유심 비밀번호"가 구체적으로 뭔지는 아직도 언급되지 않고 있다. "유심 식별번호"에는 최소한 두 가지가 있고, "유심 인증키"라고 부를 수 있는 것만 최소한 5가지가 있으며, "유심 비밀번호"라고 부를 수 있는 것도 최소한 5가지가 있다. 그 중에서는 메모리 내에서도 가급적 암호화되어야 하는 것과, 디스크에서만 암호화할 수 밖에 없는 것도 섞여 있다. 대부분 여기에 사용되는 암호화 방식은 대칭 키 방식이기 때문에 평문 키에 접근해야 하며, 전가의 보도로 사용되는 "해시"도 사용할 수 없다.

구체적으로 무슨 정보가 유출되었는지가 알려지지 않는 이상, 쓸데없는 보안 관련 규제가 생길 가능성도 간과할 수 없다.

https://youtu.be/tKScucURjV0?t=10210

Feeling as tired as Nginx endlessly serving pazes to bots. 😴 Just an infinite loop of requests and responses over here. Send caffeine... and maybe a good fireball far me.

コンクラーベおめでとう🐧㊗️

anyway, uh, does that help? :D

Removal of Deepin Desktop from openSUSE due to Packaging Policy Violation
https://security.opensuse.org/2025/05/07/deepin-desktop-removal.html

#我在看什么
读完这篇 openSUSE 为什么决定移除 Deepin Desktop 的博文，真大为震惊。
国内最有名，颇受好评的 Deepin Desktop 安全水准竟然这么差。
从2017年至今 D-BUS service 不断的有安全问题，还偷偷搞小动作私自安装被 openSUSE 安全团队拒绝的 D-Bus service、Polkit policies。

当然最让我惊讶的是，博文的最后竟然还为不在乎系统安全，看了上述博文仍想安装 Deepin Desktop 的用户留下了安装 Deepin Desktop 的方法。

this is basically the difference between git and gh, if you will: if we had a `jj github` command, we could make it recognize these situations and automatically clean up for you, kinda like how gh does fancy stuff on top of git to make the experience nicer

this feels scary at first but is largely just jj noticing "hey seems like we have two different things with the same change id, what's up with that? and, as the faq mentions, you just abandon the one that's not on trunk. a papercut, but better than it automatically throwing something away

if you do a merge, should look similar, maybe with different lines the trickiest one is squash merges or anything else where the forge changes your commits. that can lead to a divergent commit jj-vcs.github.io/jj/latest/FA... when you get the ?? at the end

@bgme@bgme.me毛茸茸生长 翻了一下suse的security blog找到这篇：
https://security.opensuse.org/2025/01/24/dde-api-proxy-privilege-escalation.html#9-timeline
感觉整个 timeline 看下来 deepin 的 security response 就是完全业余的样子。

ブルースーカイブ

i tend to do trunk-based dev with rebase merges only. so when i jj git fetch, i often end up with a graph that looks like $ jj log @ rzownqqx │ (empty) (no description set) │ ◆ wuxwwlxm trunk ├─╯ thing I just merged ◆ oltlpuxu │ old feature and then i `jj new trunk` to work on top of it

misshaialertみたいな (fedihaialert？)のほしい？​​

カウントしたりするだけだからまだ作れなくはないので​​

misshaialertみたいな (fedihaialert？)のほしい？​​

カウントしたりするだけだからまだ作れなくはないので​​

The one thing I will say is that while you're in school, you should relish the opportunity to write school papers, which no one will read except your grader! There's something wonderfully freeing about submitting something and going "well that's over!" I will never feel that in my adult life again

@slothropRocketman don't die wondering

Strong convective development over the mountains of southern New Mexico...even before 10AM.

These two photos show rapid growth of a towering cumulus, especially the top.

But this development is very localized...along the convergence line/zone. (See weather satellite image)

https://en.wikipedia.org/wiki/Convergence_zone

I expect that we'll have localized showers soon.

#NewMexico #NMwx #Convergence #Convection #Cumulus #Thunderstorms

https://www.pentestpartners.com/security-blog/exploiting-copilot-ai-for-sharepoint/

Something to be aware of if you work in a Microsoft shop with security requirements: Copilot on Sharepoint will apparently allow ACL bypass without logging or alerting.

You can just ask it for things.

It looks like what's going on under the hood here is that Copilot introduces a new category of user account for their agents, who have expansive read permissions by default and Copilot doesn't know how to map what the agent _can_ read against user permissions.

Build your own ResponseWriter: safer HTTP in Go https://lobste.rs/s/8zmkmw #go
https://anto.pt/articles/go-http-responsewriter

the real trick is what happens after, though: does your remote merge, rebase, or squash merge? each can lead to different looking states after a `jj git fetch`

that is, jj keeps one graph of everything, remotes aren't some separate repo whose state you have to integrate with your own, so it is similar to fetch + rebase (or pull) in some sense.

since jj doesn't have a "current branch" concept, it's not literally switching to main/trunk: jj git fetch will always leave @ where it is when you call it. however, git does like, sorta keep each remote's contents separate from yours until you do something with it, whereas jj does not

this is the source github.com/nuxt/nuxt.co...

github.com/nuxt/nuxt.com/...

I was at Lee Lee down in Tucson and bought this Ku Ding tea without actually knowing what it was. 😅

I guess it's not really tea per se but rather an herbal part of Traditional Chinese Medicine. Good for clearing the head and supporting the heart and circulation. It's also supposed to be super bitter. I'll let you know how it goes. #tea #tcm #kuding

IPA、日本におけるオープンソース戦略形成に向けた現状と展望をまとめた「2024年度オープンソース推進レポート」公開
https://www.publickey1.jp/blog/25/ipa2024.html

#publickey1 #業界動向 #オープンソース

I’ve written before about what I’d do if I ran Bluesky or Mastodon. But what if I started from scratch? What would it look like to build a new open social platform - one that's private-by-default, human-centered, and sustainable from day one?

Here’s the blueprint I’d follow: https://werd.io/2025/if-i-started-fresh

#Fediverse #opensource #socialmedia

にゃーん

Check out our own Ryan Goodfellow’s fantastic InfoQ talk on how we're innovating rack-scale computing with P4! From programmable fabrics to debugging tools, Ry shares how to turn theory into production-ready systems. https://www.infoq.com/presentations/tofino-2/

curious about where there's a project (other than base16 & its forks) that uses shell scripts to set your terminal colours like this: https://github.com/chriskempson/base16-shell/blob/master/scripts/base16-atelier-dune.sh

I really enjoy setting my terminal colours from a shell script (works in every terminal emulator! no more messing around in the settings! ) but there are some things about base16 that I don't love

えっちなほうにされました
どうしてでしょうか

‘자금난’ 민주노동당 3억원 모았다, 대선후보 등록 가능 수정 2025.05.08 21:26 시민들 십시일반 모아 … 선거운동 비용도 고민 www.labortoday.co.kr/news/article...

‘자금난’ 민주노동당 3억원 모았다, 대선후보 등록 가...

なんか多重人格みたいになっちゃった、ぼく

(@cocoaここあ)

ちなみにチャット機能、連合しないのでダイレクトの完全な代替にはならないはず

素手で人間を引き裂けそうな勢い

「人型ロボット」突然“暴走”人だかりに突進　ケースも【スーパーJチャンネル】(2025年5月8日) - YouTube
https://www.youtube.com/watch?v=NOIIgx157jk

🙇

来世はしぐれういの家の湯船になりたい。

Golden Horn and Galata tower, view from the old town side.

#photo #photography #사진 #Istanbul #Turkey #Golden #Horn

にじみすが追従するのはいつかわからないけど…

自從去年造訪高尾山、江之島後，覺得以前在國外沒有多接觸自然環境很可惜，那種新鮮感不是都市比得上的 (不用人擠人這點也很讚)
#throwbackthursday #japantravel #japan #高尾山

How are these worse than plane seats Also how do people color on iPad uogogogohohhohjkvvm

BASED.

Ken Turner, 98, fought fascism in WWII. And now he’s back to fight fascism again

Tank vs. Tesla

via Led by Donkeys

從這組照片經過時，不知道為什麼特別想哭。
#wwiivictoryday

下雨天蚊子空群而出，打了一隻還有兩隻，而且超大的

Nothing、次期フラッグシップスマホ｢Phone (3)｣の発表に向けてプロモーションを開始しました。

まだ、デザインやスペックに関する情報は一切出て来ていないですが、今年7月に発表される見込み。
https://taisy0.com/2025/05/09/211256.html