Gabe Edwards

@gabedwrds

Infosec consultant, writes witty bash one-liners, OSCP/OSCE. 🏳️‍🌈🇨🇦

Seattle, WA
Joined January 2008

Tweets

You blocked @gabedwrds

Are you sure you want to view these Tweets? Viewing Tweets won't unblock @gabedwrds

  1. Retweeted

    Kathryn, , did not bypass code review. She didn't disrupt anyone's work. She didn't target an individual. She didn't violate any policy I'm aware of. She linked to an NLRB notice from an extension that exists to show links to policies. This only makes sense as retaliation.

    Show this thread
    Undo
  2. Retweeted
    17 Dec 2019

    Kathryn was on my team. There was zero reason why she should have asked anyone else on the team for authorisation to make changes to this extension. That's not how we do things.

    Undo
  3. 2 Nov 2019

    Ooh, spotted the BOAC 747 across from my gate at LAX. It is a pretty thing.

    Undo
  4. 19 Sep 2019

    Checking for consensus in the infosec community: Would you want your front door lock to be controlled by an app and cloud service? This would be online, not just local bluetooth. RTs for reach appreciated.

    Undo
  5. Retweeted
    13 Aug 2019
    Replying to

    Hello. As one of the organizers of DEF CON, I can say that the challenges to securing our elections are no longer technical — we know how to fix it. The problems are now purely political — people in power benefit from these vulnerabilities & don’t want things to get fixed.

    Undo
  6. Retweeted

    After 1 hour of looking at my new smart lock, I am now able to remotely unlock every front door in the apartment complex.

    Show this thread
    Undo
  7. Retweeted
    5 Aug 2019

    Most iOS spouseware and stalkerware works by downloading iCloud backups.

    Undo
  8. 24 Jul 2019

    That was 4 days ago and it hasn't broken again yet. AMD released new microcode and then pulled it due to other bugs, so no real fix yet. Applications can still call RdRand from userspace so who knows what else will break.

    Show this thread
    Undo
  9. 24 Jul 2019

    4b. Try to rebuild grub.cfg from the Fedora 29 USB. Nope, that uses RdRand too. It's a complex config and typing in commands at the grub prompt fails. Hours later, piece together a working cfg from the raw /boot/efi partition. Booted with nordrand, grub2-mkconfig works again.

    Show this thread
    Undo
  10. 24 Jul 2019

    4. Run grub2-mkconfig > grub.cfg add that nordrand arg. Bad move. That probes LVM devices which also uses RdRand. System gets unresponsive (all the blocked kworkers?) and I reboot, but now grub.cfg is empty so grub doesn't know how to load anything. No backup copy.

    Show this thread
    Undo
  11. 24 Jul 2019

    3. Time passes. I set up Wireguard. It receives a handshake packet and calls get_random_u32 which blocks a kernel worker forever. I forgot to include nordrand in kernel args while configuring VFIO. Need to add that to the default config.

    Show this thread
    Undo
  12. 24 Jul 2019

    2. Can't mount /home. It's LUKS2 while root is v1. cryptsetup just hangs forever on LUKS2 volumes. Some debugging later, it's getting stuck on a call to libjson-c so we rebuild that without RdRand and all's well.

    Show this thread
    Undo
  13. 24 Jul 2019

    1. Total failure to boot. We forgot about the known systemd issue. Boot a Fedora 29 live USB, chroot the system and install the patched systemd from . OK, should be fine now?

    Show this thread
    Undo
  14. 24 Jul 2019

    Thread: Let's make a list of all the fun ways AMD's Zen 2 RdRand failure has messed up this Fedora 30 system. The instruction reports success (CF=1) but returns 0xFFFFFFFFFFFFFFFF (almost?) every time.

    Show this thread
    Undo
  15. 19 Jul 2019

    current status: can't mount /home because the new 3900X's RdRand instruction fails and Fedora's libjson is compiled to use RdRand... cryptsetup needs libjson for LUKS2? (╯°□°)╯︵ ┻━┻

    Undo
  16. 29 Jun 2019

    Nice talk by just now too at . Manufacturer-bundled laptop support software is as hilariously/depressingly insecure as always.

    Undo
  17. 29 Jun 2019

    Once every few years I see a con talk about something new to me that absolutely blows my mind. This was one of those. Really well done.

    Undo
  18. 17 Apr 2019

    I have to say something positive for once: I bought a Miata recently and it’s everything the internet said it would be. Absolutely brilliant fun.

    Undo
  19. 9 Mar 2019

    ...wow, the “Havana Club” knockoff they sell in the States really is trash

    Undo
  20. 1 Feb 2019

    Canadian expats in Seattle: Skillet's a good restaurant but their poutine is bullshit. Go to for the real thing.

    Undo

Loading seems to be taking a while.

Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.

    You may also like

    ·