<rss version="2.0" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>Hacker News: invokestatic</title><link>https://news.ycombinator.com/user?id=invokestatic</link><description>Hacker News RSS</description><docs>https://hnrss.org/</docs><generator>hnrss v2.1.1</generator><lastBuildDate>Fri, 17 Jul 2026 08:24:36 +0000</lastBuildDate><atom:link href="https://hnrss.org/user?id=invokestatic" rel="self" type="application/rss+xml"></atom:link><item><title><![CDATA[New comment by invokestatic in "RISC-V Is Inevitable: State of the Union Keynote Argues"]]></title><description><![CDATA[
<p>Firmware & systems dev here, ARM still dominates in the microcontroller space. There are some niche offerings from major vendors but again they are niche. Espressif is the sole exception with their newer ESP32-C series chips, but they can get away with it due to their massive HAL. ARM Cortex is still the standard because there’s a decade or two of inertia behind it.<p>An apt comparison would be C vs Rust. Yes, Rust may be growing in market share, but C still dominates.</p>
]]></description><pubDate>Wed, 15 Jul 2026 12:07:57 +0000</pubDate><link>https://news.ycombinator.com/item?id=48919565</link><dc:creator>invokestatic</dc:creator><comments>https://news.ycombinator.com/item?id=48919565</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=48919565</guid></item><item><title><![CDATA[New comment by invokestatic in "How kernel anti-cheats work"]]></title><description><![CDATA[
<p>The privacy points in general are valid, but what irritates me is using this rationale against kernel mode anti cheats specifically.<p>You do not need kernel access to make spyware that takes screenshots. You do not need a privileged service to read the user’s browser history.<p>You can do all of this, completely unprivileged on Windows. People always seem to conflate kernel access with privacy which is completely false. It would in fact be much harder to do any of these things from kernel mode.</p>
]]></description><pubDate>Sun, 15 Mar 2026 03:27:38 +0000</pubDate><link>https://news.ycombinator.com/item?id=47384022</link><dc:creator>invokestatic</dc:creator><comments>https://news.ycombinator.com/item?id=47384022</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=47384022</guid></item><item><title><![CDATA[New comment by invokestatic in "How kernel anti-cheats work"]]></title><description><![CDATA[
<p>Actually, it is completely true. The TPM threat model has historically focused on software-based threats and physical attacks against the TPM chip itself - crucially NOT the communications between the chip and the CPU. In the over 20 year history of discrete TPMs, they are largely completely vulnerable to interposer (MITM) attacks and only within the last few years is it being addressed by vendors. Endorsement keys don’t matter because the TPM still has to trust the PCR commands sent to it by the CPU. An interposer can replace tampered PCR values with trusted values and the TPM would have no idea.</p>
]]></description><pubDate>Sun, 15 Mar 2026 03:20:10 +0000</pubDate><link>https://news.ycombinator.com/item?id=47383979</link><dc:creator>invokestatic</dc:creator><comments>https://news.ycombinator.com/item?id=47383979</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=47383979</guid></item><item><title><![CDATA[New comment by invokestatic in "How kernel anti-cheats work"]]></title><description><![CDATA[
<p>Technically yes, but it would produce an untrusted remote attestation signature (quote). This is roughly equivalent to using TLS with a self-signed certificate — it’s not trusted by anyone else. TPMs have a signing key that’s endorsed by the TPM vendor’s CA.</p>
]]></description><pubDate>Sun, 15 Mar 2026 03:10:05 +0000</pubDate><link>https://news.ycombinator.com/item?id=47383926</link><dc:creator>invokestatic</dc:creator><comments>https://news.ycombinator.com/item?id=47383926</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=47383926</guid></item><item><title><![CDATA[New comment by invokestatic in "Exploiting signed bootloaders to circumvent UEFI Secure Boot (2019)"]]></title><description><![CDATA[
<p>No, this is not true at all. Microsoft <i>requires</i> their system vendors (Dell, HP, etc) to allow users to enroll their own Secure Boot keys through their “Designed for Windows” certification.<p>Further, many distributions are already compatible with Secure Boot and work out of the box. Whether or not giving Microsoft the UEFI root of trust was a good idea is questionable, but what they DO have is a long, established history of supporting Linux secure boot. They sign a UEFI shim that allows distributions to sign their kernels with their own, distribution-controlled keys in a way that just works on 99% of PCs.</p>
]]></description><pubDate>Sun, 08 Feb 2026 18:26:01 +0000</pubDate><link>https://news.ycombinator.com/item?id=46937029</link><dc:creator>invokestatic</dc:creator><comments>https://news.ycombinator.com/item?id=46937029</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=46937029</guid></item><item><title><![CDATA[New comment by invokestatic in "We X-Rayed a Suspicious FTDI USB Cable"]]></title><description><![CDATA[
<p>Well, this project is literally about me circumventing/removing Boot Guard so I don’t know how it’s corporate authoritarianism. I’m literally getting rid of it. In doing so I get complete control of the BIOS/firmware down to the reset vector. I can disable ME. To me, that’s ultimate freedom.<p>As a power user, do I want boot guard on my personal PC? Honestly, no. And we’re in luck because a huge amount of consumer motherboards have a Boot Guard profile so insecure it’s basically disabled. But do I want our laptops at work to have it, or the server I have at a colocation facility to have it? Yes I do. Because I don’t want my server to have a bootkit installed by someone with an SPI flasher. I don’t want my HR rep getting hidden, persistent malware because they ran an exe disguised as a pdf. It’s valuable in some contexts.</p>
]]></description><pubDate>Sun, 25 Jan 2026 04:20:16 +0000</pubDate><link>https://news.ycombinator.com/item?id=46750670</link><dc:creator>invokestatic</dc:creator><comments>https://news.ycombinator.com/item?id=46750670</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=46750670</guid></item><item><title><![CDATA[New comment by invokestatic in "We X-Rayed a Suspicious FTDI USB Cable"]]></title><description><![CDATA[
<p>Yeah, but that doesn’t give me a reason to use the hot air station and hot plate collecting dust on my desk ;)</p>
]]></description><pubDate>Sun, 25 Jan 2026 01:32:57 +0000</pubDate><link>https://news.ycombinator.com/item?id=46749721</link><dc:creator>invokestatic</dc:creator><comments>https://news.ycombinator.com/item?id=46749721</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=46749721</guid></item><item><title><![CDATA[New comment by invokestatic in "We X-Rayed a Suspicious FTDI USB Cable"]]></title><description><![CDATA[
<p>I have a slow burn project where I simulate a supply chain attack on my own motherboard. You can source (now relatively old) Intel PCH chips off Aliexpress that are “unfused” and lack certain security features like Boot Guard (simplified explanation). I bought one of these chips and I intend to desolder the factory one on my motherboard and replace it with the Aliexpress one. This requires somewhat difficult BGA reflow but I have all the tools to do this.<p>I want to make a persistent implant/malware that survives OS reinstalls. You can also disable Intel (CS)ME and potentially use Coreboot as well, but I don’t want to deal with porting Coreboot to a new platform. I’m more interested in demonstrating how important hardware root of trust is.</p>
]]></description><pubDate>Sun, 25 Jan 2026 01:03:15 +0000</pubDate><link>https://news.ycombinator.com/item?id=46749528</link><dc:creator>invokestatic</dc:creator><comments>https://news.ycombinator.com/item?id=46749528</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=46749528</guid></item><item><title><![CDATA[New comment by invokestatic in "[dead]"]]></title><description><![CDATA[
<p>Calling it a “kill switch” buries the lede here. What these politicians call a kill switch is technology to passively detect drunk driving. In 2021, Congress passed a law (HALT Drunk Driving Act) requiring NHTSA to eventually require auto makers to install passive drunk driver detection systems. NHTSA missed their statutory November 2024 deadline to finalize the regulations on this so it’s not like this amendment failing has a substantial impact. This technology is still many model years (maybe 2029? 2030?) away. I make no claims to the merits of this technology, I just feel the need to clarify the current situation.</p>
]]></description><pubDate>Fri, 23 Jan 2026 20:31:43 +0000</pubDate><link>https://news.ycombinator.com/item?id=46737483</link><dc:creator>invokestatic</dc:creator><comments>https://news.ycombinator.com/item?id=46737483</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=46737483</guid></item><item><title><![CDATA[New comment by invokestatic in ""Anyone else out there vibe circuit-building?""]]></title><description><![CDATA[
<p>This is conceptually interesting to me because I see this as almost a more generic TI Webench. I’m curious why your focus in the sized “grid” blocks (presumably for placement directly on the PCB layout) instead of doing the same but for the schematic. That way I still have the flexibility of laying out the board how I want to meet eg mechanical constraints instead of working around a 12.7mm grid.</p>
]]></description><pubDate>Mon, 19 Jan 2026 18:31:57 +0000</pubDate><link>https://news.ycombinator.com/item?id=46682698</link><dc:creator>invokestatic</dc:creator><comments>https://news.ycombinator.com/item?id=46682698</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=46682698</guid></item><item><title><![CDATA[New comment by invokestatic in "OpenAI to begin testing ads on ChatGPT in the U.S."]]></title><description><![CDATA[
<p>I’ve been paying for Google Workspace for my custom domain for years basically just so I can use Gmail. For just $7 more dollars a month, I upgraded my plan to access Gemini Pro, which has guaranteed enterprise-grade privacy controls. I think this is currently the best value platform for anyone who values their privacy for LLMs. If Apple and the DoD trust Google’s internal controls, I do too.</p>
]]></description><pubDate>Fri, 16 Jan 2026 18:30:00 +0000</pubDate><link>https://news.ycombinator.com/item?id=46650011</link><dc:creator>invokestatic</dc:creator><comments>https://news.ycombinator.com/item?id=46650011</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=46650011</guid></item><item><title><![CDATA[Why I actually like TPMs]]></title><description><![CDATA[
<p>Article URL: <a href="https://heinonen.co/blog/2026/why-i-actually-like-tpms/">https://heinonen.co/blog/2026/why-i-actually-like-tpms/</a></p>
<p>Comments URL: <a href="https://news.ycombinator.com/item?id=46546162">https://news.ycombinator.com/item?id=46546162</a></p>
<p>Points: 1</p>
<p># Comments: 2</p>
]]></description><pubDate>Thu, 08 Jan 2026 20:41:06 +0000</pubDate><link>https://heinonen.co/blog/2026/why-i-actually-like-tpms/</link><dc:creator>invokestatic</dc:creator><comments>https://news.ycombinator.com/item?id=46546162</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=46546162</guid></item><item><title><![CDATA[New comment by invokestatic in "Linux kernel security work"]]></title><description><![CDATA[
<p>Because Red Hat pays the salaries of dozens (hundreds?) of kernel maintainers all over different subsystems. So they’re subject matter experts, and know exactly which ones are relevant to Red Hat.</p>
]]></description><pubDate>Sat, 03 Jan 2026 19:49:32 +0000</pubDate><link>https://news.ycombinator.com/item?id=46480792</link><dc:creator>invokestatic</dc:creator><comments>https://news.ycombinator.com/item?id=46480792</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=46480792</guid></item><item><title><![CDATA[New comment by invokestatic in "10 Years of Let's Encrypt"]]></title><description><![CDATA[
<p>I have an almost identical story except the state in question was Nevada. I’m curious what “dubious” domain it was, for me it was video game cheats. Maybe I’m actually the co-owner you’re talking about. :)</p>
]]></description><pubDate>Wed, 10 Dec 2025 01:25:07 +0000</pubDate><link>https://news.ycombinator.com/item?id=46212971</link><dc:creator>invokestatic</dc:creator><comments>https://news.ycombinator.com/item?id=46212971</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=46212971</guid></item><item><title><![CDATA[New comment by invokestatic in "ICEBlock handled my vulnerability report in the worst possible way"]]></title><description><![CDATA[
<p>Checking version numbers usually isn’t a good way of determining whether software on Linux is vulnerable to CVEs. Big distros (especially Red Hat derivatives) lock software versions but back port security patches. Reporting “vulnerabilities” solely based on reported version number is pure noise.</p>
]]></description><pubDate>Mon, 08 Sep 2025 13:45:04 +0000</pubDate><link>https://news.ycombinator.com/item?id=45168190</link><dc:creator>invokestatic</dc:creator><comments>https://news.ycombinator.com/item?id=45168190</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=45168190</guid></item><item><title><![CDATA[New comment by invokestatic in "Game Hacking – Valve Anti-Cheat (VAC)"]]></title><description><![CDATA[
<p>Actually, VAC handles Cheat Engine and the like very well. You won’t get banned for simply having them open, only for having them attached to the game, which I think is reasonable.</p>
]]></description><pubDate>Wed, 18 Jun 2025 22:22:03 +0000</pubDate><link>https://news.ycombinator.com/item?id=44313770</link><dc:creator>invokestatic</dc:creator><comments>https://news.ycombinator.com/item?id=44313770</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=44313770</guid></item><item><title><![CDATA[New comment by invokestatic in "De minimis: US small parcels loophole closes pushing up Shein, Temu prices"]]></title><description><![CDATA[
<p>I am exploring whether PCB prototypes can be imported tariff-free under HTSUS 9817.85.01. However getting a tariff broker to figure out how to do this properly might also be expensive.</p>
]]></description><pubDate>Fri, 02 May 2025 12:20:20 +0000</pubDate><link>https://news.ycombinator.com/item?id=43868783</link><dc:creator>invokestatic</dc:creator><comments>https://news.ycombinator.com/item?id=43868783</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=43868783</guid></item><item><title><![CDATA[New comment by invokestatic in "De minimis: US small parcels loophole closes pushing up Shein, Temu prices"]]></title><description><![CDATA[
<p>I ordered an FPGA development board from China last month that unfortunately didn’t make it out of the country before tariffs/end of de minimis set in. So it’s now sitting in a consolidation warehouse overseas while I figure out what to do with it. Paying almost double its value in taxes alone just kills its viability as a hobby, and sourcing it overseas is the only way to get hands on hardware without shelling out $2,000+.<p>There’s a whole cottage industry over there where they harvest semiconductors from junk/e-waste and turn them in to usable products again. I assume that’s where the actual FPGA chip came from.</p>
]]></description><pubDate>Fri, 02 May 2025 11:42:17 +0000</pubDate><link>https://news.ycombinator.com/item?id=43868474</link><dc:creator>invokestatic</dc:creator><comments>https://news.ycombinator.com/item?id=43868474</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=43868474</guid></item><item><title><![CDATA[New comment by invokestatic in "US judge throws out FTC's ban on non-compete agreements"]]></title><description><![CDATA[
<p>There are a ton of federal agencies that have the power to make regulations and then enforce them. This power is specifically delegated by Congress. It’s hard to imagine a functioning government without this. For example, Congress recognizes it is not a subject matter expert at radio signals, so it delegates the technical details of regulating the electromagnetic spectrum to the FCC. Same thing for the FDA. Congress isn’t an expert on how clinical trials should be designed so it delegates that to the FDA. A huge one is the DEA, which can both determine how drugs are scheduled and can also enforce it. Congress has the power to overrule the agency when it sees fit.</p>
]]></description><pubDate>Wed, 21 Aug 2024 01:56:41 +0000</pubDate><link>https://news.ycombinator.com/item?id=41306055</link><dc:creator>invokestatic</dc:creator><comments>https://news.ycombinator.com/item?id=41306055</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=41306055</guid></item><item><title><![CDATA[New comment by invokestatic in "How to develop on Windows: comparing native, MinGW, Cygwin, WSL"]]></title><description><![CDATA[
<p>My go to on Windows is LLVM using the Windows SDK for libc. Before Microsoft had solved the whole msvcrt redistributable mess I used mingw-64 as the libc which worked pretty well actually.</p>
]]></description><pubDate>Wed, 24 Jul 2024 18:43:43 +0000</pubDate><link>https://news.ycombinator.com/item?id=41060345</link><dc:creator>invokestatic</dc:creator><comments>https://news.ycombinator.com/item?id=41060345</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=41060345</guid></item></channel></rss>