• 11 Posts
Joined 3Y ago
Cake day: May 28, 2020


“Murderer Fail Spectacularly at Keeping his Victim Alive”

Good reason to demand free software Wi-Fi firmware.


I just learned how Google makes all their money.

MacOS used to be a good option for developers targeting Linux: UNIX under the good and nice UI on top. You can install most Linux program with brew and the like under MacOS.

So I move from Linux to MacOS when first MacBook Air was released but since them moved back to Linux. MacOS today feels way more like Windows (poor quality, pushing users around, outdated desktop paradigms wise)… I can’t stand it any more. In the mean time Linux got Wayland and Sway and other different desktops available. Distros like Void Linux make the experience very stable, comfortable and hackable.

Looks like reporters are forced to use capitalistic term on anything they write about: “Silicon Valley venture capital firms”, “fast-growing social media platform”, “US-based investors”, “rival sites”, “sole shareholder”. Like their are paid for each use :D

Also ‘so-called “federated” system’ LOL

I can’t read this…

Twitter has blocked its users from sharing some links to its social media rival Mastodon.

Mastodon is a software and a network, it cannot be a “rival”… it is like saying the Internet is a rival to T-Mobile.

Mastodon is divided into groups, called servers, based on many topics including the UK, snooker, and security.

Nope, it is called instances. Servers are computers running services on a network.

Twitter has blocked links to some of the largest servers which users would join, including the most popular “social” channel.

There are no "channel"s on the network, just instances.

Mastodon said it gained hundreds of thousands of users in November, with some Twitter users seeking alternative platforms.

Again, a person can say something, company representative can, but a network does not say anything.

OMG. Such a culture shock for some :)

Lets keep it “lawless hellhole” of no use to anyone for advertising whatsoever for as log as possible :) and when defeated develop next “no use to anyone for advertising” system to move on to…

These networks have a disagreement over peering policy. In this case Cogent expects Google and Hurricane Electric to pay Cogent money for their IPv6 routes. Google and Hurricane Electric have stated they are happy to peer for free with Cogent, but refuse to pay Cogent money.

Cogent is keeping their customers hostage denying them IPv6 routing… no comments.

Recycle or do nothing. Unlike some other chemical toxic waste it will decay by itself over time.

The only winning move is not to play.


Hash tag searches are local only, so results will only contain posts from people that your local instance people are following (an only since they got followed) and themselves.

There were some proposals for distributed hash searches some years ago.

OMG, this is pure geek porn, with consequences :D

Note that this is in Via x86, not Intel or AMD… but still research that we need… if only the designers could actually tell the researchers how stuff works, would be so much easier.

If you are on Linux you can try getting spotify tracks from YouTube with yt-dlp like this:

cat playlist.txt | while read I; while read I; do yt-dlp -x --default-search "ytsearch" "$I"; done

There is something sinister about his vision. I think it is fine for server OS to all be identical (docker is that already) - probably what you want, although less flexible. But for personal computing… that makes it very impersonal, to force bit-to-bit conformance on people.

So one could have replace a JS file with one fetched from attacker controlled server for any site behind Akamai like LastPass or PayPal. That JS could have exfiltrated all the secrets from these sites on the client side (post decryption) or replace account numbers with their own on behalf of the user.

Torvalds added that Rust isn’t that terrible in the end; “it’s not Perl”.


I see many of articles and blog posts were people use commercial metaphors when describing free software. These simply do not apply to free software and use of them will just confuse everybody and make them to render incorrect conclusions. Free software is sufficiently different from anything that capitalism produces and requires use of its own metaphors to be understood correctly.

Sounds like GPU-pocalyps time has come, though for a different reason that I thought it would :)

It amazes me that people write financial software in JS. What can possibly go wrong :D

The worse kind of technology is one that promises things and then delivers only 80% of the time. It works enough that it gives you hope that it is usable, but when you need it the most it fails without any way knowing why. Also Bluetooth is a security nightmare, every few months there is some serious problem found and many of them are “by design” so cannot be fixed properly. It is also use for location tracking (beacon).

Wired headphones are like 100x cheaper, don’t require charging and will work for many years if you get one with good cable. There are only few failure modes that are easy to troubleshoot. But cable management can be a pain if you are not tidy.

Good. In the meantime my GP asked me to send my medical data to theirs @gmail.com address… long way to go.

What would also extend life time of smartphones is the ability to replace the battery! But I guess this is just too radical of an idea for present day.

Nice they are able to get the most from the battery lifetime, that also helps to reduce waste.

I think the inspiration behind uxn is game “Another World” which was made very portable as it is actually implemented as a VM: https://fabiensanglard.net/another_world_polygons/

The idea is that if your work is implemented on a VM that is very easy to implement. Then you can port all your programs to past and future computer systems by just implementing that VM on the computer you have at hand. This is the “permacomputing” part of uxn and has nothing to do with reliability or performance (although Another World was quite impressive as for Amiga 500).

Another thing is that uxn was designed with games, arts and music in mind and not with replacing life critical systems with.

Would be a good article without the uxn part. I think the author confused uxn with RISK-V or something.

“C was originally developed at Bell Labs by Dennis Ritchie”, this all adds up now :)

Was lack of overflow checks, no buffer bounds checks, weak error handling and null terminated strings a CIA con job? :D

So integer underflow, no bounds checking on buffer read, ignoring error codes, null terminated strings. Classic C :)

Good, let’s hope more will follow. If your business needs to know where I am, perhaps you should ask and I may tell you?

I did not try them but perhaps you can check:

I was hoping for BerkeleyDB or Kyoto Cabinet bindings that I have used in my Ruby times for this purpose but nothing there that looks maintained.

Yes it can. This (among many other reasons) is why privacy matters. Even if you have noting to hide today, law can change and now data that is collected can be used against you.

a decentralised finance protocol that acts as an exchange, lost out to “the recent insolvency of two large centralised entities”

So what it says is:

  • we will spy on you and sell data collected to unknown third parties for our profit, or you can’t use the TV
  • you don’t own this product and we can take parts of it’s functionality away from you at any time for any reason
  • we will make more money off you by selling ads directly to your screen based on data that we have collected on you to maximize our profit and effect of advertisement on you and your family for our partners gain

No one could have predicted. /s

Now it is time for Europe to be able to make this core component of its economy and society.

GPUpocalypse is coming :) (when $15b worth of GPUs are dumped on second hand market duet to cryptocurrencies collapse or them not begin financially viable for mining any more)

I also can’t get there with Mullvad VPN on.

Yeah, still the case. Even if ME is not made for malicious purposes, it is a very bad idea to begin with. It is only useful for enterprise customers and not in a way that would not have been possible before.

Some say that Netflix has a blob in ME :)

Good watch: https://media.ccc.de/v/34c3-8782-intel_me_myths_and_reality

Well, I switched to Wayland (sway) exactly because mpv could not do vsync with X11. So I guess frame callback is how you get vsync working by default and client timing loop is how you get no vsync by default. And getting the other than the default thing is always a major hack - in last 20 years I wasted days trying to get X11 do proper vsync and it never really worked and probably will never do work.

Another think is that in one paragraph the complaint is that Xorg supports to many features and on another that Wayland is slow to adopt and requires justification for adding more features… so have cake and eat it too?

Also please don’t complain about missing features when you know they are not there just because the thing did not get all the development time the other thing did… unless stuff is broken by design/culture (like with the scale factor it seems).

You could use system like SQRL (https://sqrl.grc.com/pages/what_is_sqrl/) for login that does handle “password” resets without email.

You could use argon2 to hash the email as well, you ask user for email on “I forgot my password” page, argon2 it and compare (like with password). At this stage you will know the email and that is the same as set during registration, to send the reset code.

Leaked Chats Show LAPSUS$ Stole T-Mobile Source Code – Krebs on Security
> Like NVIDIA, Microsoft was able to stanch some of the bleeding, cutting off LAPSUS$’s illicit access while the group was in the process of downloading all of the available source code repositories alphabetically (the group publicized their access to Microsoft at the same time they were downloading the software giant’s source code). As a result, LAPSUS$ was only able to leak the source for Microsoft products at the beginning of the code repository, including Azure, Bing and Cortana.

Climate emergency: Is nuclear power a part of the solution?
YT: https://www.youtube.com/watch?v=E1TV1Y5f7Mg

> EU data protection authorities find that the consent popups that plagued Europeans for years are illegal. All data collected through them must be deleted. This decision impacts Google’s, Amazon’s and Microsoft’s online advertising businesses. > All data collected through the TCF must now be deleted by the more than 1,000 companies that pay IAB Europe to use the TCF. This includes Google’s, Amazon’s and Microsoft’s online advertising businesses.

Norton 360 Now Comes With a Cryptominer – Krebs on Security
> “Norton is pretty much amplifying energy consumption worldwide, costing their customers more in electricity use than the customer makes on the mining, yet allowing Norton to make a ton of profit,” tweeted security researcher Chris Vickery. “It’s disgusting, gross, and brand-suicide.”

> ...when combined with a vulnerability, it does have the ability to emulate circuits of arbitrary logic gates operating on arbitrary memory. So why not just use that to build your own computer architecture and script that!? That's exactly what this exploit does. Using over 70,000 segment commands defining logical bit operations, they define a small computer architecture with features such as registers and a full 64-bit adder and comparator which they use to search memory and perform arithmetic operations.

Inside Ireland’s Public Healthcare Ransomware Scare
The report notes the HSE’s hospital network had over 30,000 Windows 7 workstations that were deemed end of life by the vendor.

> An uncensored interview between the Russian OSINT and REvil operator has popped up in one of the hacking forums today. This is an unedited interview, which was originally released on October 23, 2020, by the Russian OSINT on their YouTube channel.

> Intel 11th Gen Intel Core vPro CPUs with support for the Hardware Shield and TDT features will be able to detect ransomware attacks at the hardware level, many layers below antivirus software. This is bullshit or the CPU can now detect and potentially block software that is running on it that Intel considers malware.

Vulnonym: Stop the Naming Madness!
See the results here: https://twitter.com/vulnonym

Website as a document vs an application and the risks related to running the latter on your device.