@mcc Not all phones are locked to Android, although unfortunately many are. postmarketOS supports a number of devices (although the amount of hardware support varies). PinePhone probably has the best hardware support currently, but the hardware itself sucks. I would like to switch back to it once it has better hardware support for hardware better than the PinePhone, which doesn't seem all that unlikely. I expect it to happen for at least one device (probably something SDM845) within a few years. So, I care.

@domi @littlefox @lanodan @mothcompute Please add a (free software) license otherwise it's illegal to do anything with

@elly @dcz @klausman There used to be an electronics store in Cambridge but it burned down in 2019

@nay yes (I should do but I'm too awake)

@kura @libreleah canoeboot follows the GNU FSDG, and therefore does not include or touch any non-free software. Canoeboot’s binary blob extermination policy explains the difference.

Basically:

• On boards that do not require any non-free software in flash (the AMD server boards, ARM chromebooks, and Intel GM45/945GM boards) the only difference is that libreboot includes microcode updates and canoeboot does not
• On boards that require ME firmware to be present in flash in order to boot (all Sandy Bridge and newer Intel boards), the difference is the above + canoeboot only touches the BIOS region while libreboot runs me_cleaner on the ME region (which means that, paradoxically, libreboot is actually more free on these boards since it neuters the ME)
• Boards that require FSP (all Skylake and newer Intel boards) are not supported by canoeboot, since there’s no way around including it (at least until someone reverse engineers it and writes a free replacement)

@ekaitz_zarraga @libreleah L14 Gen 2 is not possible unless another method of bypassing bootguard is found. All ThinkPads newer than Haswell (and all Haswell ThinkPads without socketed CPUs, so including T440/X240 but not T440p/W541) have bootguard, which makes porting coreboot impossible, with one exception: on MEv11 systems (which are vulnerable to CVE-2017-5705), bootguard can be bypassed with deguard. This includes Skylake (6th gen), Kaby Lake (7th gen), and Kaby Lake Refresh (some mobile 8th gen) systems, so T460/T470/T480 generation.

@mcc It writes to stdout, so you can just pipe it to tar to extract it into a directory. git archive --format tar HEAD | tar -xC outputdir

@domi I didn't know yen coins had holes too (norwegian and danish krone coins have them)

good example on how to make something that is neither a legible sentence nor a legible diagram, but rather an unholy refusal to commit to either

(source is, alas, Common Criteria)

@MissingClara You can already use memfd_create and refer to it as /proc/self/fd/...

@domi you've never seen a long cylindrical coin with a long pin sticking out of one side? /s

@mcc the stickers aren't upside down, the logo is upside down (older thinkpads had the logo the other way round)

The other thing I could do would be to write a DNS server which looks up the domain on multiple DNS servers (one UK-based but low latency, one non-UK-based but high latency) and returns the first result, unless it looks like a geoblock, in which case it waits and returns the second result. The problem is there’s no way to reliably detect geoblocks, but doing it for loopback IP addresses might be enough?

In the case of this specific geoblock, it’s returning an A record for 127.0.0.1, but interestingly it’s doing this regardless of the type of record you requested (if you request AAAA it will still respond with A):

> dig AAAA cdn2.miau.pub

; <<>> DiG 9.19.24 <<>> AAAA cdn2.miau.pub
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 43682
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
; EDE: 0 (Other): ([157.53.226.1] Unexpected lgbtqiaspace.b-cdn.net/a in received ANSWER at b-cdn.net for lgbtqiaspace.b-cdn.net/aaaa)
; EDE: 0 (Other): ([109.104.147.1] Unexpected lgbtqiaspace.b-cdn.net/a in received ANSWER at b-cdn.net for lgbtqiaspace.b-cdn.net/aaaa)
; EDE: 0 (Other): ([91.200.176.1] Unexpected lgbtqiaspace.b-cdn.net/a in received ANSWER at b-cdn.net for lgbtqiaspace.b-cdn.net/aaaa)
; EDE: 22 (No Reachable Authority): (At delegation b-cdn.net for lgbtqiaspace.b-cdn.net/aaaa)
;; QUESTION SECTION:
;cdn2.miau.pub.                 IN      AAAA

;; Query time: 19 msec
;; SERVER: 192.168.1.1#53(192.168.1.1) (UDP)
;; WHEN: Thu Aug 28 05:50:05 BST 2025
;; MSG SIZE  rcvd: 464

This makes it easy to fingerprint but that only works in this specific case. In which case I might as well just hardcode a list of domains as I do for my list of IPs to route through a non-UK VPN.

lgbtqia.space changed the way they geoblock the UK and now my method of bypassing it doesn't fully work.
I was adding individual routes for each website I found that blocked the UK to route it via a VPN (and hoping that they never change IP addresses, so this method was already quite fragile), but now the CDN they use (cdn2.miau.pub) blocks the UK via GeoDNS so that doesn't work any more.
I could bypass this by running a DNS server outside the UK (or using another non-UK-based DNS provider that also doesn't do anycast in the UK, but I don't know of any good ones), but that would increase the latency of DNS lookups by at least ~25ms (latency to my VPS in Germany, which itself has ~3ms higher latency to 8.8.8.8 and 1.1.1.1 than my home connection). Would I even notice the difference? I'm not sure

@fun ThinkPad T440p satisfies all criteria (except possibly thickness and weight, it depends on what you compare it to, and my left shift key fell off but I don't know how common that is)

@elly Did you often have to wait long? We don't have benches, but we only have to wait outside classrooms if they're locked (which general-purpose classrooms are not, but those with special equipment are) and the teacher is late

@luana @postmarketOS @dalias @cas It is if the TPM is broken and can't be trusted, like on MEv11: https://mkukri.xyz/2024/06/01/tpm-gpio-fail.html

postmarketOS will never ask for your ID to let users install your app!

@elly @fun @justin Does not having lockers mean that you had to carry everything between classrooms? My school has lockers and gives them on request (plus everyone has a tray for books), but most people don't have one and just leave their bags lying around (I do use my locker, because I worry about the possibility of theft or evil maid attacks). I probably carry more than most people at my school because I bring my own laptop (Dell Latitude E6400, ~3kg with charger) rather than use locked down school chromebooks with censored and monitored internet access, but at least I don't have to carry it that far.