Forwarded from 小松鼠的日常 (松)
🦆 我把 32 台 Intel N100 小主机改造成了一个 DeepSeek-V3.2 685B 推理集群。
没有 NVLink。
没有 InfiniBand。
只有 1 张 RTX 5090、32 台原本用于在线评测的 N100、和普通以太网。
关键想法:
🧠 Attention 留在 GPU
🦆 MoE 层交给 N100 集群
⚡ 自定义 fp9 数据格式,让 AVX2 小核也能跑 MoE GEMV
最终:
11 tokens 输入,2037 tokens 输出
16.171 tok/s decode
MTP1 接受率约 89%
技术报告:
https://judgeduck.ai/duck-llm/
*个人娱乐项目,与任何组织均无关联*
没有 NVLink。
没有 InfiniBand。
只有 1 张 RTX 5090、32 台原本用于在线评测的 N100、和普通以太网。
关键想法:
🧠 Attention 留在 GPU
🦆 MoE 层交给 N100 集群
⚡ 自定义 fp9 数据格式,让 AVX2 小核也能跑 MoE GEMV
最终:
11 tokens 输入,2037 tokens 输出
16.171 tok/s decode
MTP1 接受率约 89%
技术报告:
https://judgeduck.ai/duck-llm/
*个人娱乐项目,与任何组织均无关联*
🤯4
April 13
April 14
April 14
emit Light();
自我感觉还挺完善了,尝试通过 zig cc 来交叉编译在 Windows 上的 SFX Stub,并且做了 Zstd 的 variant,如果接下来没有出现修不好的恶性 bug 的话可能考虑去买一个开发者证书(
给 ShichiZip 加上一些测试后签名发了一版,欢迎试用和汇报 bug,也欢迎转发(
目前 Release 版本的整个 App Bundle 只有 8.6 MB,不到 Keka 的五分之一,个人很满意(
https://github.com/idawnlight/ShichiZip/releases/tag/v0.0.3
目前 Release 版本的整个 App Bundle 只有 8.6 MB,不到 Keka 的五分之一,个人很满意(
https://github.com/idawnlight/ShichiZip/releases/tag/v0.0.3
🆒1
April 15
April 15
Forwarded from 咕 Billchan 咕 🐱 抹茶芭菲批发中心 (billchenchina 🏳️⚧️ | 缩缩)
I reported an insecure DKIM key to Deutsche Telekom / T-Systems. They first asked me to further explain things (not sure why 'Here's your DKIM private key' needs more explanation, but whatever...). Then they told me it's out of scope for their bugbounty.
I guess then there's really no reason not to tell you: They have a 384 bit RSA DKIM key configured at: dkim._domainkey.t-systems.nl
384 bit RSA is... how shall I put it? I think 512 bit is the lowest RSA key size that was ever really used. 384 bit RSA is crackable in a few hours on a modern PC (using cado-nfs). The private key is:
-----BEGIN RSA PRIVATE KEY-----
MIHxAgEAAjEAtTliQYV2Xvx1OGkDyOL799BTFEuobY2dn2AgtiKCQgrh78NVK1JK
j0yRXgNnPpGBAgMBAAECMF0t+TBZUCi8xATSMij7VLTxv5Xi5OIXesNiXOKtYIRP
LkpYfR5PggaMScfbmqSssQIZAMwOhm9d7Y7Qi7I2j1AlYbiqdtqO54T7FQIZAONa
9dJFkC6lM3EPXR+0SZ4dqwwpiM0nvQIYYgz8thi5JK264ohq9sTvnu9yKvUN9I09
AhgfgMYZKcxtujRjkSZtMzUUNLYzzDmJe90CGDKwqcBI0v9ChaR8WHht+/chMdxj
7ez94w==
-----END RSA PRIVATE KEY-----
https://infosec.exchange/@badkeys/116407565746342278
I guess then there's really no reason not to tell you: They have a 384 bit RSA DKIM key configured at: dkim._domainkey.t-systems.nl
384 bit RSA is... how shall I put it? I think 512 bit is the lowest RSA key size that was ever really used. 384 bit RSA is crackable in a few hours on a modern PC (using cado-nfs). The private key is:
-----BEGIN RSA PRIVATE KEY-----
MIHxAgEAAjEAtTliQYV2Xvx1OGkDyOL799BTFEuobY2dn2AgtiKCQgrh78NVK1JK
j0yRXgNnPpGBAgMBAAECMF0t+TBZUCi8xATSMij7VLTxv5Xi5OIXesNiXOKtYIRP
LkpYfR5PggaMScfbmqSssQIZAMwOhm9d7Y7Qi7I2j1AlYbiqdtqO54T7FQIZAONa
9dJFkC6lM3EPXR+0SZ4dqwwpiM0nvQIYYgz8thi5JK264ohq9sTvnu9yKvUN9I09
AhgfgMYZKcxtujRjkSZtMzUUNLYzzDmJe90CGDKwqcBI0v9ChaR8WHht+/chMdxj
7ez94w==
-----END RSA PRIVATE KEY-----
https://infosec.exchange/@badkeys/116407565746342278
April 15
April 16
April 16
April 16
Forwarded from 📢cyyself
#blog 模拟 USB HID 修好了无限重启的 Android 手机 https://blog.cyyself.name/usb-hid-emulation-fix-android-bootloop/
April 16
Forwarded from 今天abc看了啥🤔
先前指出「极客温控」所售卖硅脂造假的媒体 igorslab,又发出了一篇重磅调查报告,指出整个大中华区的陶氏供应链中存在系统性造假网络,极客温控可能也是其中的受害者。
It is also important to note that GeekTC is not the only case I am investigating, as I have also found counterfeit products in the packaging of larger OEMs for compact all-in-one liquid coolers. This suggests the existence of criminal networks that have yet to be uncovered.
https://zhuanlan.zhihu.com/p/2028113609029428075
https://www.igorslab.de/en/investigative-findings-reveal-that-dowsil-tc-5888-thermal-paste-was-used-as-a-scapegoat-rather-than-the-actual-culprit-and-a-great-deal-of-criminal-energy-is-being-channeled-through-shady-channels/
It is also important to note that GeekTC is not the only case I am investigating, as I have also found counterfeit products in the packaging of larger OEMs for compact all-in-one liquid coolers. This suggests the existence of criminal networks that have yet to be uncovered.
https://zhuanlan.zhihu.com/p/2028113609029428075
https://www.igorslab.de/en/investigative-findings-reveal-that-dowsil-tc-5888-thermal-paste-was-used-as-a-scapegoat-rather-than-the-actual-culprit-and-a-great-deal-of-criminal-energy-is-being-channeled-through-shady-channels/
April 16
April 16
April 16
April 17
Forwarded from Soha 的日常 (Soha Jin)
Telegram
咕 Billchan 咕 🐱 抹茶芭菲批发中心
IETF 发布 meow 草案
互联网工程任务组(IETF)发布了 meow(meow)草案。该协议喵喵喵喵喵喵喵喵喵,喵喵喵喵喵喵喵喵喵,喵喵喵喵喵喵喵喵喵喵喵,喵喵喵喵喵喵喵喵喵喵喵喵喵喵喵。喵喵喵喵喵喵喵喵喵喵喵喵喵喵喵喵喵喵喵喵喵喵喵喵喵喵喵喵喵,喵喵喵喵喵喵喵喵喵喵喵喵喵,喵喵喵喵喵喵喵喵喵喵喵喵喵喵喵喵喵喵喵喵喵喵喵喵喵喵喵喵喵喵喵喵喵喵喵喵喵喵喵喵。
喵喵喵喵喵喵喵喵喵喵喵喵,喵喵喵喵喵喵喵喵喵喵喵喵喵喵喵喵喵喵喵喵喵喵喵喵喵喵喵喵喵喵喵喵喵喵喵喵喵喵喵喵喵,喵喵喵喵喵喵喵、喵喵喵喵喵…
互联网工程任务组(IETF)发布了 meow(meow)草案。该协议喵喵喵喵喵喵喵喵喵,喵喵喵喵喵喵喵喵喵,喵喵喵喵喵喵喵喵喵喵喵,喵喵喵喵喵喵喵喵喵喵喵喵喵喵喵。喵喵喵喵喵喵喵喵喵喵喵喵喵喵喵喵喵喵喵喵喵喵喵喵喵喵喵喵喵,喵喵喵喵喵喵喵喵喵喵喵喵喵,喵喵喵喵喵喵喵喵喵喵喵喵喵喵喵喵喵喵喵喵喵喵喵喵喵喵喵喵喵喵喵喵喵喵喵喵喵喵喵喵。
喵喵喵喵喵喵喵喵喵喵喵喵,喵喵喵喵喵喵喵喵喵喵喵喵喵喵喵喵喵喵喵喵喵喵喵喵喵喵喵喵喵喵喵喵喵喵喵喵喵喵喵喵喵,喵喵喵喵喵喵喵、喵喵喵喵喵…
April 17
April 18
April 19
Forwarded from 今天abc看了啥🤔
GitHub Copilot 现已正式炸车,让我们为此默哀。
省流:
1. Opus 系列模型不再在 Copilot Pro 计划中提供。(现有在跑的调用都已经被中断,直接收到
2. Student、Pro、Pro+ 计划的新注册已被暂停。现有付费用户仍可在各计划之间升级。
如果用户无法接受这些变更,可以取消 Pro/Pro+ 订阅,且 4 月份的使用不会被收费。如需退款,需在 4 月 20 日至 5 月 20 日之间联系 GitHub 支持。
https://github.blog/changelog/2026-04-20-changes-to-github-copilot-plans-for-individuals/
省流:
1. Opus 系列模型不再在 Copilot Pro 计划中提供。(现有在跑的调用都已经被中断,直接收到
model not supported 提示)而对于更贵的 Pro+ 计划,也将只保留 Opus 4.7 而移除掉先前的模型。2. Student、Pro、Pro+ 计划的新注册已被暂停。现有付费用户仍可在各计划之间升级。
如果用户无法接受这些变更,可以取消 Pro/Pro+ 订阅,且 4 月份的使用不会被收费。如需退款,需在 4 月 20 日至 5 月 20 日之间联系 GitHub 支持。
https://github.blog/changelog/2026-04-20-changes-to-github-copilot-plans-for-individuals/
The GitHub Blog
Changes to GitHub Copilot plans for individuals - GitHub Changelog
As shared in our recent blog post, we’re making the following changes to Copilot plans for individuals as part of our ongoing efforts to ensure service reliability and a sustainable…
💩2
April 21
April 21
Forwarded from &'a ::rynco::UntitledChannel (didi)
#TIL Google Map 还有这种功能
https://maps.google.com/url?q=%68%74%74%70%73%3A%2F%2F%77%77%77%2E%79%6F%75%74%75%62%65%2E%63%6F%6D%2F%77%61%74%63%68%3F%76%3D%64%51%77%34%77%39%57%67%58%63%51
是的后面接啥都可以
https://maps.google.com/url?q=%68%74%74%70%73%3A%2F%2F%77%77%77%2E%79%6F%75%74%75%62%65%2E%63%6F%6D%2F%77%61%74%63%68%3F%76%3D%64%51%77%34%77%39%57%67%58%63%51
😁1
April 22
April 22
很难以置信,但是 Homebrew 自己打包的
给他们提了个 issue:https://github.com/Homebrew/homebrew-core/issues/278849
zig ar 是坏的 🫠给他们提了个 issue:https://github.com/Homebrew/homebrew-core/issues/278849
April 22
Forwarded from 层叠 - The Cascading
🔴 PackageKit 本地提权漏洞;请尽快升级至 1.3.5。
- 修复版本 1.3.5 在约两小时前发布。
- PackageKit 是许多包管理器的后端,在 Ubuntu、Debian、Fedora 等发行版上被广泛应用;最早受影响版本 1.0.2 版本在 12 年前发布。
- 鉴于以上情况,目前大部分正在运行的 Linux 系统都受此漏洞影响,建议系统管理员在更新版本于发行版发布后及时更新。
CVSS: 8.8/10
Affect: [1.0.2, 1.3.4]
- GHSA-f55j-vvr9-69xv
- github.security.telekom.com/~
linksrc: https://t.me/bupt_moe/2712
#Security #PackageKit
- 修复版本 1.3.5 在约两小时前发布。
- PackageKit 是许多包管理器的后端,在 Ubuntu、Debian、Fedora 等发行版上被广泛应用;最早受影响版本 1.0.2 版本在 12 年前发布。
- 鉴于以上情况,目前大部分正在运行的 Linux 系统都受此漏洞影响,建议系统管理员在更新版本于发行版发布后及时更新。
CVSS: 8.8/10
Affect: [1.0.2, 1.3.4]
- GHSA-f55j-vvr9-69xv
- github.security.telekom.com/~
linksrc: https://t.me/bupt_moe/2712
#Security #PackageKit
GitHub
Race condition vulnerability leads to arbitrary package installation as root
This report explains a vulnerability within PackageKit, that allows unprivileged user installing packages as root and thus leads to a local privilege escalation.
All PackageKit versions between ...
All PackageKit versions between ...
April 22
April 23
April 23
emit Light();
很难以置信,但是 Homebrew 自己打包的 zig ar 是坏的 🫠 给他们提了个 issue:https://github.com/Homebrew/homebrew-core/issues/278849
GitHub
refactor: migrate to zig build by idawnlight · Pull Request #10 · idawnlight/ShichiZip
The 7-Zip derivative intended for macOS. Contribute to idawnlight/ShichiZip development by creating an account on GitHub.
April 23
Forwarded from 咕 Billchan 咕 🐱 抹茶芭菲批发中心 (billchenchina 🏳️⚧️ | 缩缩)
March saw the highest number of CVEs reported of any month on record (across all software), with 6,243 new CVE numbers issued.
3 月份报告的 CVE 数量创下有记录以来的最高纪录,共发布了 6243 个新的 CVE 编号。
(LWN, cvedb)
3 月份报告的 CVE 数量创下有记录以来的最高纪录,共发布了 6243 个新的 CVE 编号。
(LWN, cvedb)
😁1
April 23
April 23
April 23
April 23
April 25
emit Light();
还能 Memory Surcharge 的,UniFi 还是太高贵了(
调研家庭场景组网方案的时候,发现 TP-LINK 现在 AC 已经支持 AP 和家用线的易展路由混合组网了,并且似乎也不会有功能限制,感觉相较于友商开放很多,可以不局限于传统 AP 形态 🤔
April 26
Forwarded from 今天abc看了啥🤔
Bilibili
官方正品也翻车?!极客温控被“售假”之5888调查迷局_哔哩哔哩_bilibili
陶熙5888品控迷局,官方正品也翻车?!持续半年的反转、反转再反转, 视频播放量 4279、弹幕量 14、点赞数 447、投硬币枚数 367、收藏人数 111、转发人数 58, 视频作者 极客温控, 作者简介 淘宝店铺名:极客温控。只做正品、高性价比DIY产品。V:geek-tc,相关视频:极客温控买的7950相变片证据,笔记本液金换相变,这个视频会帮到你。,道歉声明-对陶熙5888硅脂问题的答复和处理方案,极客湾:别呀,笔记本上的a卡真的是太烂了,【极客湾】笔记本厂商为什么不广泛的上均热板,而使用液金…
April 26
April 27
April 27
April 28
April 28
Forwarded from 今天abc看了啥🤔
在刚刚结束的 2025 年第十一届 CCPC 全国总决赛(CCPC Final)中, ChatGPT 5.5 Pro 在无任何提示与辅助的情况下解出全部13道题目,实力远超现场顶尖人类参赛队伍(北京大学,7题)。
人类参赛榜:
https://pintia.cn/rankings/2046522266744168448
https://fixupx.com/qingyu_shi_/status/2048679551883260105
人类参赛榜:
https://pintia.cn/rankings/2046522266744168448
https://fixupx.com/qingyu_shi_/status/2048679551883260105
FixupX
Qingyu (@qingyu_shi_)
CCPC Finals 2025 was concluded yesterday, and it’s my 4th time to create the problem-set and serve as the judge for the CCPC Finals.
We the judges are quite surprised by the performance of the LLMs: ChatGPT 5.5 Pro solved ALL the tasks without any hints/assistances…
We the judges are quite surprised by the performance of the LLMs: ChatGPT 5.5 Pro solved ALL the tasks without any hints/assistances…
April 28
April 28
Forwarded from 没处说的话
xfq.github.io
中文排版问题小测验
8 道题,测试你的中文排版敏感度。
April 28
没处说的话
https://xfq.github.io/clreq-quiz/
感觉有点太简单了)
我在「中文排版问题小测验」中拿到 8/8,类型是「中文排版守门人」。你能看出中文网页里的标点、换行和省略号问题吗?
xfq.github.io
中文排版问题小测验
8 道题,测试你的中文排版敏感度。
April 28
发现 7-Zip 的简体中文翻译质量好烂...
https://github.com/idawnlight/ShichiZip/commit/bf35ca84fecf34e7328ed3e2757ce12be762d649
https://github.com/idawnlight/ShichiZip/commit/bf35ca84fecf34e7328ed3e2757ce12be762d649
April 29
April 29
https://9to5mac.com/2026/04/28/apple-weather-down-iphone-app-experiencing-issues-right-now/
不是,怎么 Apple Weather 挂了,这也能挂? 🥲
不是,怎么 Apple Weather 挂了,这也能挂? 🥲
9to5Mac
Apple Weather down? iPhone app experiencing issues right now - 9to5Mac
Apple Weather is experiencing intermittent outages and issues loading for many users, per social media reports and Downdetector.com.
April 29
April 29
Forwarded from 咕 Billchan 咕 🐱 抹茶芭菲批发中心 (billchenchina 🏳️⚧️ | 缩缩)
Forgejo 存在多个安全漏洞,将多个漏洞串联可能可以 RCE
SSRF in a lot of places, no CSP/Trusted-Types, a bit of ghetto templating in javascript, cryptographic malpractices, overlooks in the authentication mechanisms (OAuth2, OTP, sessions/access handling, post-compromission recovery, …), a bunch of low-hanging DoS, information leak all over the place, various TOCTOU, … All in all, it took me one evening after work to find a good amount of vulnerabilities (adding to the one I got from looking at gitea at some point in the past), and chain some of them to obtain a full-blown RCE, some secrets leaks, a bunch of persistent account access, a handful of OAuth2 privesc, …
由于漏洞报告者打算吊着上游,因此上游并未修复。在上游修复前,目前可能可以通过关闭注册缓解
https://dustri.org/b/carrot-disclosure-forgejo.html
SSRF in a lot of places, no CSP/Trusted-Types, a bit of ghetto templating in javascript, cryptographic malpractices, overlooks in the authentication mechanisms (OAuth2, OTP, sessions/access handling, post-compromission recovery, …), a bunch of low-hanging DoS, information leak all over the place, various TOCTOU, … All in all, it took me one evening after work to find a good amount of vulnerabilities (adding to the one I got from looking at gitea at some point in the past), and chain some of them to obtain a full-blown RCE, some secrets leaks, a bunch of persistent account access, a handful of OAuth2 privesc, …
由于漏洞报告者打算吊着上游,因此上游并未修复。在上游修复前,目前可能可以通过关闭注册缓解
https://dustri.org/b/carrot-disclosure-forgejo.html
dustri.org
Carrot disclosure: Forgejo
Personal blog of Julien (jvoisin) Voisin
April 29
April 30
Forwarded from Welcome to the Black Parade
虽然我基本看不懂 write-up 在说什么,但发现这个 CopyFail 的人真的太帅了 https://xint.io/blog/copy-fail-linux-distributions#how-we-found-it-9
TLDR,十年 ctf 经验的韩国人 Taeyang Lee (https://0wn.kr/) 在今年初的 kernelCTF 工作上意识到 AF_ALG + splice 可能会有潜在的安全问题,这个直觉引导他和同事用 Xint (An AI-driven penetration testing platform) 在内核里搜索这种模式,prompt 很短:
Xint 找了一个小时找到了这个 bug。
太帅了,简直是新时代人类 AI 协作典范。
TLDR,十年 ctf 经验的韩国人 Taeyang Lee (https://0wn.kr/) 在今年初的 kernelCTF 工作上意识到 AF_ALG + splice 可能会有潜在的安全问题,这个直觉引导他和同事用 Xint (An AI-driven penetration testing platform) 在内核里搜索这种模式,prompt 很短:
This is the linux crypto/ subsystem. Please examine all codepaths reachable from userspace syscalls. Note one key observation: splice() can deliver page-cache references of read-only files (including setuid binaries) to crypto TX scatterlists.
Xint 找了一个小时找到了这个 bug。
太帅了,简直是新时代人类 AI 协作典范。
xint.io
Copy Fail: 732 Bytes to Root on Every Major Linux Distribution. - Xint
Xint Code disclosed CVE-2026-31431, an authencesn scratch-write bug chaining AF_ALG + splice() into a 4-byte page cache write. A 732-byte PoC gets root on Ubuntu, Amazon Linux, RHEL, SUSE. | AI for Security, Vulnerability Research
April 30
Forwarded from Sukka's Notebook
有人援引 Freedom of Information Act (FOIA) 向 美国国家运输安全委员会(NTSB)申请披露 MU5735(东方航空 5735)的数据。
NTSB 依 FOIA 法 公开了 所有备份的 飞行数据记录仪(FDR,Flight Data Recorder)的数据,没有披露座舱通话记录器 (CVR,Cockpit Voice Recorder)的录音(因 NTSB 没有留存备份)。
相关文件被重命名后上传到 GitHub: https://github.com/haohaoh4/take_out
关键图表可在 report.pdf 文件中的第 25、26、27 页找到。可以注意到:
1. 飞机刚开始失控时,两部引擎均被关闭(两部引擎的 Cut Off 开关均被置于 CUTOFF 位而非 RUN 位)
2. 飞机刚开始失控时,自动驾驶被关闭(自动驾驶关闭告警 AP Warning 1 与 AP Warning 2 触发,自动驾驶开关 CMD FCC 关闭)
3. 飞机失控期间,记录到 Control Wheel Position 操纵盘全程产生剧烈输入
4. 飞机失控期间,副翼(Aileron)全程作动、升降舵(Elevator)仅在失控后期向下作动、方向舵(Rudder)全程没有作动
NTSB 依 FOIA 法 公开了 所有备份的 飞行数据记录仪(FDR,Flight Data Recorder)的数据,没有披露座舱通话记录器 (CVR,Cockpit Voice Recorder)的录音(因 NTSB 没有留存备份)。
相关文件被重命名后上传到 GitHub: https://github.com/haohaoh4/take_out
关键图表可在 report.pdf 文件中的第 25、26、27 页找到。可以注意到:
1. 飞机刚开始失控时,两部引擎均被关闭(两部引擎的 Cut Off 开关均被置于 CUTOFF 位而非 RUN 位)
2. 飞机刚开始失控时,自动驾驶被关闭(自动驾驶关闭告警 AP Warning 1 与 AP Warning 2 触发,自动驾驶开关 CMD FCC 关闭)
3. 飞机失控期间,记录到 Control Wheel Position 操纵盘全程产生剧烈输入
4. 飞机失控期间,副翼(Aileron)全程作动、升降舵(Elevator)仅在失控后期向下作动、方向舵(Rudder)全程没有作动
👏2
April 30
April 30