惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

H
Hacker News: Front Page
Apple Machine Learning Research
Apple Machine Learning Research
S
SegmentFault 最新的问题
U
Unit 42
博客园_首页
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
人人都是产品经理
人人都是产品经理
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
V
V2EX
爱范儿
爱范儿
阮一峰的网络日志
阮一峰的网络日志
美团技术团队
宝玉的分享
宝玉的分享
Hugging Face - Blog
Hugging Face - Blog
S
Schneier on Security
博客园 - 聂微东
T
Threat Research - Cisco Blogs
量子位
博客园 - 【当耐特】
博客园 - 叶小钗
T
Tenable Blog
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
Simon Willison's Weblog
Simon Willison's Weblog
博客园 - Franky
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
Security Archives - TechRepublic
Security Archives - TechRepublic
AWS News Blog
AWS News Blog
Know Your Adversary
Know Your Adversary
S
Security @ Cisco Blogs
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
www.infosecurity-magazine.com
www.infosecurity-magazine.com
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
有赞技术团队
有赞技术团队
T
Tailwind CSS Blog
雷峰网
雷峰网
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
IT之家
IT之家
博客园 - 三生石上(FineUI控件)
Spread Privacy
Spread Privacy
V
Visual Studio Blog
罗磊的独立博客
D
Darknet – Hacking Tools, Hacker News & Cyber Security
大猫的无限游戏
大猫的无限游戏
Hacker News - Newest:
Hacker News - Newest: "LLM"
V
Vulnerabilities – Threatpost
The Cloudflare Blog
小众软件
小众软件
WordPress大学
WordPress大学

DEV Community

Authentication Security Deep Dive: From Brute Force to Salted Hashing (With Java Examples) Why AI Systems Don’t Fail — They Drift Spilling beans for how i learn for exam😁"Reinforcement Learning Cheat Sheet" I Replaced Chrome with Safari for AI Browser Automation. Here's What Broke (and What Finally Worked) How Python Borrows Other People's Work The $40 Architecture: Processing 1 Billion API Requests with 99.99% Uptime Vibe Coding: A Workflow Guide (From Zero to SaaS) Most webhook security guides protect the wrong side. The scary part is delivery. Headless CMS for TanStack Start: Build a Blog with Cosmic EU Age Verification App "Hacked in 2 Minutes" — What Actually Happened Comfy Cloud’s delete function does not actually remove files Running AI Models on GPU Cloud Servers: A Beginner Guide Event-driven media intelligence with AWS Step Functions and Bedrock I scored 500 AI prompts across 8 quality dimensions — here's what broke How to Call Google Gemini API from Next.js (Free Tier, No Backend Needed) The Portal Protocol: Reclaiming Human Connection in the Age of AI How to Fix Your Team's Scattered Knowledge Problem With a Self-Hosted Forum Intro to tc Cloud Functors: A Graph-First Mental Model for the Modern Cloud Designing Multi-Tenant Backends With Both Ownership and Team Access I Built a Neumorphic CSS Library with 77+ Components — Here's What I Learned PostgreSQL Performance Optimization: Why Connection Pooling Is Critical at Scale Cómo construí un SaaS multi-rubro para gestionar expensas en Argentina con FastAPI + Vue 3 🚀 I Built an Ethical Hacking Scanner Tool – Open Source Project I Replaced /usage and /context in Claude Code With a Single Statusline A Pythonic Way to Handle Emails (IMAP/SMTP) with Auto-Discovery and AI-Ready Design I Collected 8.9 Million Polymarket Price Points — Here's What I Found About How Markets Really Move EcoTrack AI — Carbon Footprint Tracker & Dashboard Everyone's Using AI. No One Agrees How. 5 self-hosted ebook managers worth trying in 2026 Building Your First AI Agent with LangChain: From Chatbot to Autonomous Assistant Common SOC 2 Failures (Real World) Stop Vibe-Checking Your AI App: A Practical Guide to Evals How to Use SonarQube and SonarScanner Locally to Level Up Your Code Quality Your Next To-Do App Is Dead — I Replaced Mine with an OpenClaw AI Sign a Nostr event in 60 lines of Python using coincurve — no nostr-sdk, no nbxplorer, no rust toolchain ITGC Audit Explained Like You’re in Big 4 Patch Tuesday abril 2026: Microsoft parcha 163 vulnerabilidades y un zero-day en SharePoint Stop scraping everything: a better way to track competitor price changes Listing on MCPize + the Official MCP Registry while routing payments OUTSIDE the marketplace — how I kept 100% of my x402 revenue Building an AI-Powered Risk Intelligence System Using Serverless Architecture Why We Ripped Function Overloading Out of Our AI Toolchain Testing AI-Generated Code: How to Actually Know If It Works SaaS Churn Is Killing Your Business. Here Is What to Do About It (Without a Support Team) The Speed of AI Is No Longer Linear - And Self-Improving Models Are Why How to Implement RBAC for MCP Tools: A Practical Guide for Engineering Teams From Standard Quote to Persuasive Proposal: AI Automation for Arborists I built a CLI that scaffolds complete multi-tenant SaaS apps Axios CVE-2025–62718: The Silent SSRF Bug That Could Be Hiding in Your Node.js App Right Now The dashboard that ended our friendship Data Pipelines Explained Simply (and How to Build Them with Python) The Hidden Cost of AI Systems Nobody Talks About. undefined vs undeclared, and how typeof behaves Switching from file-based jobs to NATS/Kafka in Rust without changing code io_uring Adventures: Rust Servers That Love Syscalls Why Agentic AI is Killing the Traditional Database The POUR principles of web accessibility for developers and designers Quantum Neural Network 3D — A Deep Dive into Interactive WebGL Visualization How To Install Caveman In Codex On macOS And Windows Automation Pipeline Reliability: Why Your Workflow Breaks When Nobody Is Watching I Built an 'Open World' AI Coding Agent — It Works From ANY Folder From Freelancing to Product: A Tech Service Company's SaaS Transformation China's AI Giants: Adding Tencent Hunyuan & ByteDance Doubao to AI University (74 Providers) On the Vibe Coders and Their Lies clerk: Auto-Summarize Your Claude Code Sessions AI Weekly — 2026/04/10–04/17 | The Model Lockdown Is Here, but the Toolchain Is the Real Battleground AI 週報 — 2026/04/10–2026/04/17 模型封鎖潮來了,但工具鏈才是真戰場 Maybe this is how Open-Source apps are born... 🚀 Fine-Tune LLMs with LoRA and QLoRA: 2026 Guide tRPC v11 + Next.js App Router: End-to-End Type Safety Without the Boilerplate ShadCN UI in 2026: Why I Stopped Installing Component Libraries and Started Owning My Components SaaS Billing in React Server Components: Stripe + Supabase Without a Single `useEffect` Join our DEV Weekend Challenge — $1,000 in Prizes Across TEN winners! Submissions Due April 20 at 6:59 AM UTC. Implementing FSRS Spaced Repetition in Flutter + Supabase — Adding Memory Science to an AI Learning App "I Texted My Localhost From the Train — Claude Code Fixed the Bug Before I Got Home" I Built a Sales Prep AI and It Went Deeper Than Expected Design to Code #2: One JSON, Eleven Outputs Solving the 100M-Row Problem: A Summary Table Pattern for High-Volume Push Notification Logs Flutter Web With Wasm: What Actually Changes For Developers I Built 50 Royalty-Free Soundtracks for My Side Project in a Weekend Using AI Music Generation The Vibe Coding Security Checklist: 7 Things to Check Before You Ship Stop Letting Googlebot Guess Fix Your React App's SEO Right Desconstruindo o Streaming do LinkedIn: Como Criar um Engine de Extração de Vídeo de Alta Performance com HLS e FFmpeg (EDA Part-1) EDA (Exploratory Data Analysis) Explained With Real Life — Why Looking at Your Data Is the Most Important Step in Machine Learning Brand Relationship Management at Scale: Our 4-Touch Outreach System for 200+ Brands Why String.fromEnvironment() Might Return an Empty String in Dart JGuardrails 1.0.0 — Hardening Java LLM Apps Against Jailbreaks, Toxicity, and Prompt Injection Plan and Schedule a Full Week of Threads Content From One Claude Conversation Coding Cat Oran Ep3, Five Tables Changed Everything Updated: BFF Pattern I'm done watching freelancers get buried by 200 proposals. So I'm building the alternative. This is my first post BFS Algorithm in Java Step by Step Tutorial with Examples Tracking LLM Pricing Monthly: An Open Dataset for 22 AI Models How We Measure Content ROI on a Comparison Site: Revenue Attribution Without Perfect Data Introducing Nova AI Ops: The AI-Native Operating System for SRE Teams I built a free desktop video downloader for Windows — Grabbit How Talkie OCR Helps Vision-Impaired & Dyslexic Users Read the World Around Them VRCFaceTracking安装和iPhone面捕配置教程,有bug Even CrowdStrike Can't See Your Agents The Automation Gold Rush: What n8n Workflows and Claude Are Opening Up for Developers Right Now
The Day My GitHub Repo Became Part of Linux
Yonas Abeselom · 2026-06-20 · via DEV Community

How I Got --wait and --repeat Added to nvme-cli

By Yonas Abeselom — June 20, 2026

Two weeks ago I published a GitHub repository from Addis Ababa, Ethiopia. Today, the core idea behind it was merged into linux-nvme/nvme-cli master — the standard NVMe command-line tool that ships with virtually every Linux distribution.

This is the story of how that happened, and why it matters.

The problem I couldn't stop thinking about

When you sanitize an NVMe drive on Linux, the standard workflow looks like this:

nvme sanitize /dev/nvme0 --sanact=2

The command returns immediately. The drive acknowledges receipt. You move on.

But here is the thing: NVMe Sanitize (Opcode 0x84) is asynchronous. The drive accepts the command instantly and then performs the actual erasure in the background — sometimes for seconds, sometimes for minutes, depending on the drive's capacity and the sanitize action requested. The host has no idea whether the operation completed correctly, or at all, until it polls Log Page 0x81 (the Sanitize Status log page) and checks the SSTAT field.

The current nvme sanitize command does not do that polling. It fires the command and returns. Most operators never separately check completion.

I confirmed this on RFC #3415 with nvme-cli contributor ikegami-t, who verified: "The sanitize command does not poll the log page but just only submit the command and return the status if any error caused."

This is the fire-and-forget gap. And it has a real consequence: if drive firmware silently fails a sanitize operation — which Wei et al. documented happening in 3 of 12 drives they tested at USENIX FAST 2011 — the operator has no way to know. The command returned success. The log says success. The data is still there.

What Wei et al. actually found

The peer-reviewed foundation for this concern is a 2011 paper by Michael Wei, Laura Grupp, Frederick Spada, and Steven Swanson at UC San Diego: "Reliably Erasing Data from Flash-Based Solid State Drives," USENIX FAST 2011.

They tested 12 drives with built-in sanitize commands. Only 4 of 12 executed correctly. One drive reported the sanitize command completed successfully while all data remained completely intact. The drive lied.

Their conclusion was unambiguous: reliable SSD sanitization requires built-in, verifiable sanitize operations — not just operations that claim to verify themselves.

That paper is from 2011, on ATA/SCSI drives. NVMe has since replaced ATA as the dominant interface. But the firmware fault pattern Wei et al. documented is interface-agnostic — NVMe drive firmware can contain the same class of bugs. And until two weeks ago, the standard Linux NVMe tooling still had no mechanism for verifying that a sanitize operation actually completed.

What I built

I built AAD-50 (the Abeselom ASIC-Direct 50) — a 50-cycle NVMe sanitization framework that addresses the verification gap directly. The core architectural decision: after every single sanitize cycle, AAD-50 polls Log Page 0x81 and refuses to advance until SSTAT = 0x1 confirms hardware completion. If a cycle fails, the operation aborts immediately and writes a fault record to the audit log.

The full protocol runs a B → C → A phase matrix across 50 cycles: 40 cycles of physical NAND cell overwrite, 5 cycles of FTL translation map teardown, and 5 cycles of cryptographic media key destruction. It generates a SHA-256 tamper-evident audit chain and a PDF Certificate of Destruction for compliance purposes.

It is written entirely in Python — including the low-level IOCTL and NVMe passthrough work — and runs on both Linux and Windows. Everything is free and open source at github.com/yonasabeselom/aad50.

RFC #3415 — taking the idea to nvme-cli

On June 2, 2026 — the same day I published AAD-50 — I opened RFC #3415 on linux-nvme/nvme-cli proposing that the fire-and-forget gap be addressed natively in the tool.

The response was constructive and fast. ikegami-t confirmed the gap, verified the struct layout against kernel source, and within a week had opened PR #3438 implementing:

  • --wait — polls Log Page 0x81 after the sanitize command until SSTAT confirms hardware completion
  • --repeat N — multi-cycle verified sanitization natively in nvme-cli
  • SANICAP pre-flight verification — checks drive capability before dispatching any cycle

The commit message for --repeat N was: "Make verified multi-cycle sanitization accessible without a separate tool."

Today, June 16, 2026 — 14 days after publication — Daniel Wagner (igaw), the primary nvme-cli maintainer, merged PR #3438 into linux-nvme/nvme-cli master (commit 84078fa, 30 of 31 checks passed).

What this means in practice

From the next nvme-cli release, Linux users will be able to run:

# Wait for sanitize completion — no more fire-and-forget
nvme sanitize /dev/nvme0 --sanact=2 --wait

# Multi-cycle verified sanitization
nvme sanitize /dev/nvme0 --sanact=2 --wait --repeat 10

The --wait flag is the critical one. It closes the gap Wei et al. identified in 2011: the difference between "the sanitize command was issued" and "the sanitize operation actually completed."

What AAD-50 still provides that nvme-cli does not

The nvme-cli merge validates the verification architecture. AAD-50 remains the complete compliance-grade implementation:

  • The full B → C → A three-phase destruction matrix (overwrite, FTL teardown, crypto erase)
  • Per-cycle hardware confirmation across all 50 cycles
  • SHA-256 tamper-evident audit chain
  • PDF Certificate of Destruction with operator name, drive serial number, and compliance alignment
  • Windows GUI and standalone executable
  • NIST SP 800-88 Rev.2 Purge alignment documentation

For anyone who needs to prove — not just assume — that a drive is forensically clean, AAD-50 provides the complete audit package. nvme-cli now provides the lightweight version of the same core idea.

A note on the peer engagement

I was not expecting the response this project received. In the two weeks since publication:

  • Peter Gutmann (University of Auckland, author of the Gutmann 35-pass method) wrote two personal emails raising technical concerns about the specification — both of which improved it.
  • Steven Swanson (UCSD, senior author of the Wei et al. 2011 paper) responded to a direct email with substantive feedback on the generalisability of his 2011 findings to modern NVMe drives.
  • Keith Busch (primary nvme-cli maintainer) gave qualified personal approval for PR #3438.
  • ikegami-t implemented the full verification stack in PR #3438.
  • Daniel Wagner merged it into master.
  • Guido van Rossum (creator of Python) looked at the implementation and called it "very cool."
  • NVM Express initiated internal review of the specification.

I am an independent researcher working alone in Addis Ababa. The speed and seriousness of that engagement — from some of the most credentialed people in storage security and open source — was genuinely unexpected and genuinely gratifying.

What comes next

The USENIX submission is the next step — Gutmann suggested it, and the nvme-cli merge makes the case considerably stronger. Hardware testing across multiple NVMe drive manufacturers is the other priority — the specification's 40-cycle Phase B allocation is a conservative engineering default that needs empirical validation across drive models and NAND geometries.

If you have an NVMe drive you are retiring and want to contribute a hardware test report, the issue tracker is open: github.com/yonasabeselom/aad50/issues

Update — June 17, 2026

The day after the nvme-cli merge, I opened RFC #308 on hiyohiyo/CrystalDiskInfo — the most widely used Windows NVMe and disk health tool, with hundreds of millions of downloads — proposing the same Log Page 0x81 sanitize completion verification architecture for Windows.

This is the Windows equivalent of what RFC #3415 achieved on Linux. If accepted, the verification gap fix would reach mainstream Windows users through a tool already installed on an enormous number of machines worldwide.

RFC #308: github.com/hiyohiyo/CrystalDiskInfo/issues/308

Yonas Abeselom is an independent security researcher based in Addis Ababa, Ethiopia.
Contact: yonas_abeselom@protonmail.com
Repository: https://github.com/yonasabeselom/aad50
RFC #3415: https://github.com/linux-nvme/nvme-cli/issues/3415
PR #3438: https://github.com/linux-nvme/nvme-cli/pull/3438

此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。