#uaf — Public Fediverse posts

"In this interview, Mary McQuilkin from the University of Alaska Fairbanks Center for One Health Research talks with Dr. Gregory Pietsch, Veterinarian and Assistant Professor of Veterinary Medicine at UAF. Drawing on more than 20 years of experience, Dr. Pietsch discusses the challenges of providing veterinary care in Alaska, the human impact when pets ..."

#onehealth #publichealth #globalhealth #environmentalhealth #medical #climatechange #alaska #uaf #Zoonosis #Rabies

https://www.youtube.com/watch?v=WCBIXmJjScs

• @air.force.ua.official #f16 #ukrainianairforce #airforce #uaf

What were you thinking February 2014 when russia in anonymous uniforms (pretending NOT to be russian) invaded Crimea and Donbas Ukraine.

What were you thinking on February 24, 2022?

When did you realize you had to come to Ukraine?

#Ukraine #uaf

[Cryptodev-linux] Page-level UAF exploitation:

https://nasm.re/posts/cryptodev-linux-vuln

#linux #cybersecurity #informationsecurity #uaf #exploitation #vulnerability

Reminder: we have a private, anonymous chat that's open to all University of Alaska workers! And we just switched to a new, simpler app (called Quiet)!

If you don't work at UA, pat yourself on the back, then share this with your friends who do!

https://uaworkers.neocities.org/chat

#uaa #uas #uaf #alaska

Finally some good news out of the University of #Alaska

"Student arrested for eating AI art in University of Alaska Fairbanks gallery protest"

https://www.uafsunstar.com/news/student-eats-ai-art-in-uaf-gallery-protest-arrested

#ai #noai #antiai #fairbanks #universityofalaska #UAF #arts #aislop

Got a tip that "a dean from a major academic division is monitoring who clicks on the links in the dean's newsletters."

Keep the tips coming!

#Alaska #Anchorage #Bethel #Dillingham #Fairbanks #Homer #HooperBay #Juneau #Kenai #Ketchikan #Kodiak #Kotzebue #MatSu #Nome #Sitka #Soldotna #Valdez #UAA #UAF #UAS

KORT NIEUWS: Bibliotheek van de pabo bijna klaar

29 oktober 2025 – De bibliotheek van de pabo op locatie Pieter de Hoochweg kan waarschijnlijk vanaf volgende week in z’n geheel in gebruik worden genomen.

Afgelopen zomer verhuisde de pabo van locatie Museumpark naar de Pieter de Hoochweg. Bij aanvang van het studiejaar was de bibliotheek nog niet ingericht, nu is dat wel het geval.

Het uitleensysteem doet het echter nog niet. ‘Dat hopen ze komende week in werking te hebben’, reageert onderwijsmanager Femke Zweekhorst desgevraagd. ‘Studenten kunnen al wel werken in de bibliotheek en boeken inzien die beschikbaar zijn.’

Majorprogramma transformation design stopt

28 oktober 2025 – Transformation design, het uitstroomprofiel van de opleiding vormgeving van de WdKA waar je wordt opgeleid tot sociaal geëngageerde kunstenaar, houdt op te bestaan. Al enkele jaren zijn er te weinig inschrijvingen. Vanaf deze maand worden er geen nieuwe studenten meer toegelaten, de huidige studenten hebben nog vijf jaar om af te studeren.

‘De kwaliteit van de major heeft geen rol gespeeld bij de beslissing. Het strategisch team staat volledig achter de kwaliteit en inhoud van deze major’, schrijft de WdKA op Mywdka.nl. De opleiding en de WdKA zeggen de huidige studenten ‘met onverminderde inzet en enthousiasme’ naar een diploma te willen begeleiden.

Er wordt onderzocht hoe de kennis en expertise die binnen de major is ontwikkeld, op andere plekken op de WdKA kunnen worden geïntegreerd. Met medewerkers van de major worden gesprekken gevoerd over hoe zij een bijdrage aan de WdKA kunnen blijven leveren.

HR-studenten Gurgen en Nabaz maken kans op UAF Award

27 oktober 2025 – Twee van de vier kandidaten voor de UAF Vluchteling-Student Award van het UAF komen van de Rotterdam Academy van de HR. Nabaz Abdalla (foto links) volgt de Ad bouwmanagement, Safaryan rondde onlangs zijn Ad management af.

Met de award wil de stichting voor vluchteling-studenten UAF duidelijk maken dat de genomineerde vluchtelingen ondanks vele hindernissen hun doelen proberen te bereiken. Het publiek kan op de site van het UAF stemmen op een van de vier studenten.

Nabaz uit Iraaks-Koerdistan verloor zijn baan vanwege zijn taalniveau maar gaf niet op en volgt nu de Ad bouwmanagement op de HR. Ondertussen vond hij een nieuwe baan bij Rijkswaterstaat.

Gurgen uit Armenië is nierpatiënt en combineerde zijn studie met zware medische behandelingen. Op de HR deed hij de Ad management. ‘Ondertussen startte hij een project tegen de eenzaamheid in zijn buurt’, schrijft het UAF.

Tekst: Redactie Profielen
Foto’s: UAF/Redactie Profielen

Schrijf je in voor onze wekelijkse nieuwsbrief!

Turning Point chapters are reviving at UA campuses.

Expect these dweebs to try and get fired anyone to the left of, say, Mike Johnson.

The bosses do not have your back in. Only solidarity and collective action can save us. At the first attack on ONE, ALL need to respond. Stop work! Wildcat strike!

#Alaska #Anchorage #Bethel #Dillingham #Fairbanks #Homer #HooperBay #Juneau #Kenai #Ketchikan #Kodiak #Kotzebue #MatSu #Nome #Sitka #Soldotna #Valdez #UA #UniversityOfAlaska #UAA #UAF #UAS

Aurora is cranked up again Tuesday evening. Image courtesy of the UAF Poker Flat Research station northeast of Fairbanks at 916pm AKDT Tuesday. #Alaska #Aurora #Autumn2025 #UAF

Hardly surprising, but terminating funding to support Alaska Native programs and services is a real gut-punch nonetheless. #UAF #Alaska #UA

Looks like Pokrovsk, Ukraine, soon will be surrounded by Russian forces.

#ukraine #russia #pokrovsk #uaf #raf #war

Echt, laat die Oekraïeners toch gewoon hun leven opbouwen. Ze hebben al genoeg meegemaakt. #UAF
https://www.nrc.nl/nieuws/2025/07/14/jongvolwassen-oekrainers-tussen-wal-en-schip-geen-recht-op-onderwijs-geen-toekomstperspectief-a4900270

@Lyle
(I knew Stevens)

Ted was a champion of HAARP, and of investing in tech & science in the North. He thought Fairbanks would be good for data centers, because of the cold (discounting the 90+ summers? 🤷)

#alaska #fairbanks #UAF

With crashing pay and working conditions, expect the University of Alaska to become a refuge of pseudo-intellectual riffraff like this pro-Nazi, pro-rape former faculty member:

https://alaskabeacon.com/2025/03/12/former-dunleavy-aide-files-libel-lawsuit-against-news-organizations-reporters/

#UniversityOfAlaska #UAF #UAA #UAS

There's hiring freezes, but the University can pay the cost of three staff positions to bring Liz Cheney to Anchorage.

https://alaskalandmine.com/landmines/uaa-books-former-congresswoman-liz-cheney-for-151000-speaking-fee/

#UniversityOfAlaska #Alaska #Anchorage #UAA #UAF #UAS

For more than 20 years I've been proud to call myself a University of Alaska alumnus. No more. I ashamed and embarrassed by this cowardly dictum. Note the opening sentence violates section 2. #UAF #Alaska

If you get a vote, vote NO on any upcoming UNAC-UA contract.

Legitimately, there were UA faculty who asked why they couldn't just strike on weekends or after classes?

Strike and set an example so that your students don't grow up that fucking naive!

#Anchorage #Fairbanks #Juneau #UAF #UAS #UAA #Alaska #UniversityOfAlaska

If you get a vote, vote NO on the upcoming UNAC-UA contract.

UA wants you to take 3% raises on average for the next three years. You'd need something closer to 6% to return you to your 2018 buying power.

In 2023 the avg Alaska worker got 5.2%.

#Alaska #UniversityOfAlaska #UAA #UAF #UAS

Is anyone able to post our URL to the UA Convergence Facebook group? Please do so! #Alaska #UniversityOfAlaska #UAA #UAF #UAS

uaworkers.neocities.org

Chancellor Dan White calls for a 60-day hiring freeze at #UAF (University of #Alaska #Fairbanks).

What that really means is that _you_ are going to work harder than ever, for less in real wages.

You can't fix this by pleading or appealing to reason. FIGHT BACK! Join us!

#UA #UAF #UniversityOfAlaska #Fairbanks #Alaska

As we welcome 2025, I'd like to take a moment to reflect on what an extraordinary year 2024 has been for Brown CS Secure Systems Lab (https://gitlab.com/brown-ssl/). It has been a year of innovation, creativity, and growth—both for the lab and for me personally as its director. Witnessing the passion, dedication, and brilliance of our team—Neophytos Christou, Alexander Gaidis, Marius Momeu, @dijin, and Vaggelis Atlidakis—has been truly fulfilling and inspiring!

In 2024, we tackled complex challenges and made significant strides in advancing our research on software hardening and OS kernel protection. Here are some highlights from this remarkable year:

✳️ Marius Momeu presented #SafeSlab at @acm_ccs #CCS2024. Safeslab hardens the Linux SLUB allocator against exploits that abuse use-after-free (#UaF) vulnerabilities, using #Intel #MPK. (Joint work with Technical University of Munich and @mikepo.)
📄 https://cs.brown.edu/~vpk/papers/safeslab.ccs24.pdf
💾 https://github.com/tum-itsec/safeslab

✳️ Neophytos Christou presented #Eclipse at @acm_ccs #CCS2024. Eclipse is a compiler-assisted framework that propagates artificial data dependencies onto sensitive data, preventing the CPU from using attacker-controlled input during speculative execution.
📄 https://cs.brown.edu/~vpk/papers/eclipse.ccs24.pdf
💾 https://gitlab.com/brown-ssl/eclipse

✳️ Di Jin presented #BeeBox at the @usenixassociation Security Symposium 2024. BeeBox hardens #Linux BPF/eBPF against transient execution attacks. #usesec24
📄 https://cs.brown.edu/~vpk/papers/beebox.sec24.pdf
💾 https://gitlab.com/brown-ssl/beebox

✳️ Yaniv David presented #Quack at the NDSS Symposium 2024. Quack hardens PHP code against deserialization attacks using a novel (static) duck typing-based approach. (Joint work with Andreas D Kellas and Junfeng Yang.) #NDSSsymposium2024
📄 https://cs.brown.edu/~vpk/papers/quack.ndss24.pdf
💾 https://github.com/columbia/quack

✳️ Marius Momeu presented #ISLAB at @ACM #ASIACCS24. ISLAB hardens SLAB-based (kernel) allocators, against memory errors, via SMAP-assisted isolation. (Joint work with Technical University of Munich and @mikepo.) #asiaccs
📄 https://cs.brown.edu/~vpk/papers/islab.asiaccs24.pdf
💾 https://github.com/tum-itsec/islab

🏆 #EPF (presented by Di Jin at @usenixassociation #ATC 2023) was the runner-up for the "Bug of the Year" award ("Weirdest Machine" category) at IEEE Symposium on Security and Privacy LangSec (Language-Theoretic Security) workshop 2024! #atc23 #LangSec
⌨️ https://langsec.org/spw24/bugs-of-the-year-awards.html
📄 https://cs.brown.edu/~vpk/papers/epf.atc23.pdf
💾 https://gitlab.com/brown-ssl/epf

🏅 I am honored and delighted to have received the "Distinguished Reviewer Award" at @acm_ccs #CCS2024!

🏅Alexander Gaidis has been awarded the "Distinguished Artifact Reviewer" award at the @usenixassociation Security Symposium 2024!
https://cs.brown.edu/news/2024/09/20/brown-cs-phd-student-alexander-j-gaidis-has-been-named-a-usenix-security-2024-distinguished-artifact-reviewer/
#usesec24 #proudadvisor

📢 I had the great pleasure of discussing some of these works recently at the Computer Systems Seminar at Boston University!
📽️ https://www.bu.edu/rhcollab/events/bu-systems-bu%E2%99%BAs-seminar/

#brownssl #browncs 🚀

There is a _slight_ chance that investing in Hawk Tuah cryptocoins is as good a hedge against inflation as counting on the University of Alaska to accede to cost of living adjustments.

#UAA #UAF #UAS #UniversityOfAlaska #CryptoCurrency

Your selective “compassion” evokes nothing but disgust.

Your selective “compassion” evokes nothing but disgust.

I'm looking for a good overview/comparison of different #MFA/#2FA or #PasswordLess authentication protocols.

The recent #Fido2 #MitM risk made me aware that I need to learn more.

Pointers and #BoostWelcome

#fedipower #wisdomOfTheCrowd #FollowerPower

As the best way to get an answer on the internet, is to state something wrong, let's try this 😜

#FIDO and FIDO2 are actually a whole set of (related?) protocols.
FIDO includes FIDO #UAF (Universal Authentication Framework) and FIDO #U2F (Universal Second Factor).

FIDO2 is the "successor" of FIDO and consists of two parts.
#WebAuthn and #CTAP (Client to Authenticator Protocol). From the name I would guess that WebAuthn is for web stuff (requiring browser support) and CTAP is for IT infrastructure stuff (???)

#Passkey is based on #Fido2
Other related concepts or protocols are #OTP (one-time passwords), #TOTP (Time-based One-time Password) and #HOTP (“H” in HOTP stands for Hash-based Message Authentication Code (HMAC))

Not sure how #SmartCards play into this.

And not sure which of these methods would work for an offline authentication login into your laptop (and ideally also as key for whole disk encryption)

I'm looking for a good overview/comparison of different #MFA/#2FA or #PasswordLess authentication protocols.

The recent #Fido2 #MitM risk made me aware that I need to learn more.

Pointers and #BoostWelcome

#fedipower #wisdomOfTheCrowd #FollowerPower

As the best way to get an answer on the internet, is to state something wrong, let's try this 😜

#FIDO and FIDO2 are actually a whole set of (related?) protocols.
FIDO includes FIDO #UAF (Universal Authentication Framework) and FIDO #U2F (Universal Second Factor).

FIDO2 is the "successor" of FIDO and consists of two parts.
#WebAuthn and #CTAP (Client to Authenticator Protocol). From the name I would guess that WebAuthn is for web stuff (requiring browser support) and CTAP is for IT infrastructure stuff (???)

#Passkey is based on #Fido2
Other related concepts or protocols are #OTP (one-time passwords), #TOTP (Time-based One-time Password) and #HOTP (“H” in HOTP stands for Hash-based Message Authentication Code (HMAC))

Not sure how #SmartCards play into this.

And not sure which of these methods would work for an offline authentication login into your laptop (and ideally also as key for whole disk encryption)

I'm looking for a good overview/comparison of different #MFA/#2FA or #PasswordLess authentication protocols.

The recent #Fido2 #MitM risk made me aware that I need to learn more.

Pointers and #BoostWelcome

#fedipower #wisdomOfTheCrowd #FollowerPower

As the best way to get an answer on the internet, is to state something wrong, let's try this 😜

#FIDO and FIDO2 are actually a whole set of (related?) protocols.
FIDO includes FIDO #UAF (Universal Authentication Framework) and FIDO #U2F (Universal Second Factor).

FIDO2 is the "successor" of FIDO and consists of two parts.
#WebAuthn and #CTAP (Client to Authenticator Protocol). From the name I would guess that WebAuthn is for web stuff (requiring browser support) and CTAP is for IT infrastructure stuff (???)

#Passkey is based on #Fido2
Other related concepts or protocols are #OTP (one-time passwords), #TOTP (Time-based One-time Password) and #HOTP (“H” in HOTP stands for Hash-based Message Authentication Code (HMAC))

Not sure how #SmartCards play into this.

And not sure which of these methods would work for an offline authentication login into your laptop (and ideally also as key for whole disk encryption)

I'm looking for a good overview/comparison of different #MFA/#2FA or #PasswordLess authentication protocols.

The recent #Fido2 #MitM risk made me aware that I need to learn more.

Pointers and #BoostWelcome

#fedipower #wisdomOfTheCrowd #FollowerPower

As the best way to get an answer on the internet, is to state something wrong, let's try this 😜

#FIDO and FIDO2 are actually a whole set of (related?) protocols.
FIDO includes FIDO #UAF (Universal Authentication Framework) and FIDO #U2F (Universal Second Factor).

FIDO2 is the "successor" of FIDO and consists of two parts.
#WebAuthn and #CTAP (Client to Authenticator Protocol). From the name I would guess that WebAuthn is for web stuff (requiring browser support) and CTAP is for IT infrastructure stuff (???)

#Passkey is based on #Fido2
Other related concepts or protocols are #OTP (one-time passwords), #TOTP (Time-based One-time Password) and #HOTP (“H” in HOTP stands for Hash-based Message Authentication Code (HMAC))

Not sure how #SmartCards play into this.

And not sure which of these methods would work for an offline authentication login into your laptop (and ideally also as key for whole disk encryption)

I'm looking for a good overview/comparison of different #MFA/#2FA or #PasswordLess authentication protocols.

The recent #Fido2 #MitM risk made me aware that I need to learn more.

Pointers and #BoostWelcome

#fedipower #wisdomOfTheCrowd #FollowerPower

As the best way to get an answer on the internet, is to state something wrong, let's try this 😜

#FIDO and FIDO2 are actually a whole set of (related?) protocols.
FIDO includes FIDO #UAF (Universal Authentication Framework) and FIDO #U2F (Universal Second Factor).

FIDO2 is the "successor" of FIDO and consists of two parts.
#WebAuthn and #CTAP (Client to Authenticator Protocol). From the name I would guess that WebAuthn is for web stuff (requiring browser support) and CTAP is for IT infrastructure stuff (???)

#Passkey is based on #Fido2
Other related concepts or protocols are #OTP (one-time passwords), #TOTP (Time-based One-time Password) and #HOTP (“H” in HOTP stands for Hash-based Message Authentication Code (HMAC))

Not sure how #SmartCards play into this.

And not sure which of these methods would work for an offline authentication login into your laptop (and ideally also as key for whole disk encryption)

"And so an exciting idea to remotely #exploit ssh-agent came into our mind:

a/ make ssh-agent's stack executable (more precisely, ssh-pkcs11-helper's stack) by dlopen()ing one of the "execstack" libraries ("surprising behavior 1/"), and somehow store a 1990-style #shellcode somewhere in this executable stack;

b/ register a signal handler for SIGSEGV and immediately munmap() its code, by dlopen()ing and dlclose()ing one of the shared libraries from
"surprising behavior 3/" (consequently, a #dangling #pointer to this unmapped signal handler is retained in the kernel);

c/ replace the unmapped signal handler's code with another piece of code from another shared library, by dlopen()ing (mmap()ing) one of the "nodelete" libraries ("surprising behavior 2/");

d/ raise a SIGSEGV by dlopen()ing one of the shared libraries from "surprising behavior 4/", so that the unmapped signal handler is called by the kernel, but the replacement code from the "nodelete" library is executed instead (a #uaf of sorts);

e/ #hope that this replacement code (which is mapped where the signal handler was mapped) is a useful gadget that somehow jumps into the
executable stack, exactly where our shellcode is stored."

"And so an exciting idea to remotely #exploit ssh-agent came into our mind:

a/ make ssh-agent's stack executable (more precisely, ssh-pkcs11-helper's stack) by dlopen()ing one of the "execstack" libraries ("surprising behavior 1/"), and somehow store a 1990-style #shellcode somewhere in this executable stack;

b/ register a signal handler for SIGSEGV and immediately munmap() its code, by dlopen()ing and dlclose()ing one of the shared libraries from
"surprising behavior 3/" (consequently, a #dangling #pointer to this unmapped signal handler is retained in the kernel);

c/ replace the unmapped signal handler's code with another piece of code from another shared library, by dlopen()ing (mmap()ing) one of the "nodelete" libraries ("surprising behavior 2/");

d/ raise a SIGSEGV by dlopen()ing one of the shared libraries from "surprising behavior 4/", so that the unmapped signal handler is called by the kernel, but the replacement code from the "nodelete" library is executed instead (a #uaf of sorts);

e/ #hope that this replacement code (which is mapped where the signal handler was mapped) is a useful gadget that somehow jumps into the
executable stack, exactly where our shellcode is stored."

"And so an exciting idea to remotely #exploit ssh-agent came into our mind:

a/ make ssh-agent's stack executable (more precisely, ssh-pkcs11-helper's stack) by dlopen()ing one of the "execstack" libraries ("surprising behavior 1/"), and somehow store a 1990-style #shellcode somewhere in this executable stack;

b/ register a signal handler for SIGSEGV and immediately munmap() its code, by dlopen()ing and dlclose()ing one of the shared libraries from
"surprising behavior 3/" (consequently, a #dangling #pointer to this unmapped signal handler is retained in the kernel);

c/ replace the unmapped signal handler's code with another piece of code from another shared library, by dlopen()ing (mmap()ing) one of the "nodelete" libraries ("surprising behavior 2/");

d/ raise a SIGSEGV by dlopen()ing one of the shared libraries from "surprising behavior 4/", so that the unmapped signal handler is called by the kernel, but the replacement code from the "nodelete" library is executed instead (a #uaf of sorts);

e/ #hope that this replacement code (which is mapped where the signal handler was mapped) is a useful gadget that somehow jumps into the
executable stack, exactly where our shellcode is stored."

"And so an exciting idea to remotely #exploit ssh-agent came into our mind:

a/ make ssh-agent's stack executable (more precisely, ssh-pkcs11-helper's stack) by dlopen()ing one of the "execstack" libraries ("surprising behavior 1/"), and somehow store a 1990-style #shellcode somewhere in this executable stack;

b/ register a signal handler for SIGSEGV and immediately munmap() its code, by dlopen()ing and dlclose()ing one of the shared libraries from
"surprising behavior 3/" (consequently, a #dangling #pointer to this unmapped signal handler is retained in the kernel);

c/ replace the unmapped signal handler's code with another piece of code from another shared library, by dlopen()ing (mmap()ing) one of the "nodelete" libraries ("surprising behavior 2/");

d/ raise a SIGSEGV by dlopen()ing one of the shared libraries from "surprising behavior 4/", so that the unmapped signal handler is called by the kernel, but the replacement code from the "nodelete" library is executed instead (a #uaf of sorts);

e/ #hope that this replacement code (which is mapped where the signal handler was mapped) is a useful gadget that somehow jumps into the
executable stack, exactly where our shellcode is stored."

"And so an exciting idea to remotely #exploit ssh-agent came into our mind:

a/ make ssh-agent's stack executable (more precisely, ssh-pkcs11-helper's stack) by dlopen()ing one of the "execstack" libraries ("surprising behavior 1/"), and somehow store a 1990-style #shellcode somewhere in this executable stack;

b/ register a signal handler for SIGSEGV and immediately munmap() its code, by dlopen()ing and dlclose()ing one of the shared libraries from
"surprising behavior 3/" (consequently, a #dangling #pointer to this unmapped signal handler is retained in the kernel);

c/ replace the unmapped signal handler's code with another piece of code from another shared library, by dlopen()ing (mmap()ing) one of the "nodelete" libraries ("surprising behavior 2/");

d/ raise a SIGSEGV by dlopen()ing one of the shared libraries from "surprising behavior 4/", so that the unmapped signal handler is called by the kernel, but the replacement code from the "nodelete" library is executed instead (a #uaf of sorts);

e/ #hope that this replacement code (which is mapped where the signal handler was mapped) is a useful gadget that somehow jumps into the
executable stack, exactly where our shellcode is stored."