James Ferguson
@psy-fer.bsky.social
Bioinformatician/Genomics Software Engineer @garvaninstitute.bsky.social
Views my own.
Mastodon @Psy_Fer_@genomic.social, https://genomic.social
Views my own.
Mastodon @Psy_Fer_@genomic.social, https://genomic.social
Thankfully our sequencing network is better isolated than most of our institute, and managed by me and not IT😅
They also missed a few vulnerabilities but that's perhaps besides the point.
They also missed a few vulnerabilities but that's perhaps besides the point.
November 12, 2025 at 3:23 PM
Thankfully our sequencing network is better isolated than most of our institute, and managed by me and not IT😅
They also missed a few vulnerabilities but that's perhaps besides the point.
They also missed a few vulnerabilities but that's perhaps besides the point.
yea fair. But if someone has access to the machine, which the paper implies is the issue for everything else other than the remote authentication stuff, it's all over anyway.
November 12, 2025 at 3:16 PM
yea fair. But if someone has access to the machine, which the paper implies is the issue for everything else other than the remote authentication stuff, it's all over anyway.
Okay, so let's say they do that. I could still do any number of bad things using the API. Or just modifying files. Or modifying the python that runs them. or the usb controller. Seems more an issue with network security than software security.
November 12, 2025 at 3:15 PM
Okay, so let's say they do that. I could still do any number of bad things using the API. Or just modifying files. Or modifying the python that runs them. or the usb controller. Seems more an issue with network security than software security.
You can also control the software via the API to do any number of things that would be "bad". You could insert the software squigulator to simulate fake data instead of the real data. You could corrupt all the data. You can send fake telemetry. it's almost like the system was made for scientists
November 12, 2025 at 3:14 PM
You can also control the software via the API to do any number of things that would be "bad". You could insert the software squigulator to simulate fake data instead of the real data. You could corrupt all the data. You can send fake telemetry. it's almost like the system was made for scientists
ONT wrote a method to remotely control the sequencers in the lab, while on the same network so the lab peeps could keep an eye on things from their desks. Yea sure the security of that should be a bit better, and it shouldn't be on by default unless someone turns it on, but it's a legitimate feature
November 12, 2025 at 3:11 PM
ONT wrote a method to remotely control the sequencers in the lab, while on the same network so the lab peeps could keep an eye on things from their desks. Yea sure the security of that should be a bit better, and it shouldn't be on by default unless someone turns it on, but it's a legitimate feature
Also, i'm not exactly someone to defend ONT's software quality. 😅 But I find this to be a bit dramatic. Also, i guess anyone running old software for clinical reasons can just F themselves security wise now this has been advertised. cool
November 12, 2025 at 3:08 PM
Also, i'm not exactly someone to defend ONT's software quality. 😅 But I find this to be a bit dramatic. Also, i guess anyone running old software for clinical reasons can just F themselves security wise now this has been advertised. cool
Sure. But that is also try of any web app type system running something. The work seems like something a security consultant firm would do, but the explanation in the paper of these seems a bit hyperbolic.
November 12, 2025 at 3:07 PM
Sure. But that is also try of any web app type system running something. The work seems like something a security consultant firm would do, but the explanation in the paper of these seems a bit hyperbolic.
Yea, that shouldn't have been on by default, and should require some kind of auth. But overall I so a lot of this stuff a non issue.
But if it takes an employee to do it, then you've already lost. There isn't much that can stop a motivated person who already has access.
But if it takes an employee to do it, then you've already lost. There isn't much that can stop a motivated person who already has access.
November 12, 2025 at 3:05 PM
Yea, that shouldn't have been on by default, and should require some kind of auth. But overall I so a lot of this stuff a non issue.
But if it takes an employee to do it, then you've already lost. There isn't much that can stop a motivated person who already has access.
But if it takes an employee to do it, then you've already lost. There isn't much that can stop a motivated person who already has access.
Yea okay I guessed right lol. Bad person uses legitimate methods to do bad things.
November 12, 2025 at 2:55 PM
Yea okay I guessed right lol. Bad person uses legitimate methods to do bad things.
So it can do things that it was designed to do? This seems more like "if a bad actor does bad things bad things happen"
November 12, 2025 at 2:54 PM
So it can do things that it was designed to do? This seems more like "if a bad actor does bad things bad things happen"
For a link to the article?
I have a suspicion this is similar to the "we had root access and were able to hack it!" Like that illumina one a few years back.
Or a "we used their API to do bad things"
Or
"We ddos'd the ports used for telemetry and stuff happened"
I'd like to read it to see.
I have a suspicion this is similar to the "we had root access and were able to hack it!" Like that illumina one a few years back.
Or a "we used their API to do bad things"
Or
"We ddos'd the ports used for telemetry and stuff happened"
I'd like to read it to see.
November 12, 2025 at 2:44 PM
For a link to the article?
I have a suspicion this is similar to the "we had root access and were able to hack it!" Like that illumina one a few years back.
Or a "we used their API to do bad things"
Or
"We ddos'd the ports used for telemetry and stuff happened"
I'd like to read it to see.
I have a suspicion this is similar to the "we had root access and were able to hack it!" Like that illumina one a few years back.
Or a "we used their API to do bad things"
Or
"We ddos'd the ports used for telemetry and stuff happened"
I'd like to read it to see.
Yea I thought about this too looking at ram vs disk based algorithms for suffix trees
November 10, 2025 at 12:25 AM
Yea I thought about this too looking at ram vs disk based algorithms for suffix trees
I've always liked CPUs with larger L3, like the ryzen X3D line for the 128mb and extra thread counts.
November 9, 2025 at 11:52 PM
I've always liked CPUs with larger L3, like the ryzen X3D line for the 128mb and extra thread counts.
Yes please do. I'd love to ask some questions there and have a discussion without char limits.
October 24, 2025 at 3:30 PM
Yes please do. I'd love to ask some questions there and have a discussion without char limits.
That's because R syntax is atrocious. I know many languages and I dislike R the most.
October 22, 2025 at 7:10 AM
That's because R syntax is atrocious. I know many languages and I dislike R the most.
That makes 2 of us then. I need more coffee
October 22, 2025 at 3:58 AM
That makes 2 of us then. I need more coffee
😆
Hopefully have a release in the next few days once I iron out all the little details.
Liftover was doing my head in because it has a fit when there are SVs near your coordinates. This should solve that, to a degree.
Hopefully have a release in the next few days once I iron out all the little details.
Liftover was doing my head in because it has a fit when there are SVs near your coordinates. This should solve that, to a degree.
October 22, 2025 at 3:44 AM
😆
Hopefully have a release in the next few days once I iron out all the little details.
Liftover was doing my head in because it has a fit when there are SVs near your coordinates. This should solve that, to a degree.
Hopefully have a release in the next few days once I iron out all the little details.
Liftover was doing my head in because it has a fit when there are SVs near your coordinates. This should solve that, to a degree.