Otters - a mother with her new cub, about to spend some time grooming on the shore of a tidal loch.

She was very attentive, grooming its fur and keeping it warm and dry, and allowing it to suckle from her too.

A treat to see.

#otter #mull #wildlife #nature #workshop

Reflections in nature

@photography
#photography
#reflections

TIL that twice a year Hawaii looks badly rendered for astrophysical reasons.

@libreleah @developing_agent My optiplex 5050's internal and external dumps did differ. There's a log that's used for stuff like intrusion detection and I suspect it's writing to that.

@libreleah @developing_agent the libreboot installation documentation says:

the factory firmware write might EFI variables to flash during shutdown sequence, so you should pull the plug to shut it down (remove the power by pulling the plug) after flashprog says VERIFIED.

So I expect the dumps will be different, but not in a significant way.

@ariadne @mcc Only between computers of the same endianness unfortunately. I consider this to be a major flaw (although apparently Xorg disallows byte-swapped clients by default now too, but at least there's still an option), even though it doesn't personally affect me as I have no big endian computers.

@mcc Not all phones are locked to Android, although unfortunately many are. postmarketOS supports a number of devices (although the amount of hardware support varies). PinePhone probably has the best hardware support currently, but the hardware itself sucks. I would like to switch back to it once it has better hardware support for hardware better than the PinePhone, which doesn't seem all that unlikely. I expect it to happen for at least one device (probably something SDM845) within a few years. So, I care.

@domi @littlefox @lanodan @mothcompute Please add a (free software) license otherwise it's illegal to do anything with

@elly @dcz @klausman There used to be an electronics store in Cambridge but it burned down in 2019

@nay yes (I should do but I'm too awake)

@kura @libreleah canoeboot follows the GNU FSDG, and therefore does not include or touch any non-free software. Canoeboot’s binary blob extermination policy explains the difference.

Basically:

• On boards that do not require any non-free software in flash (the AMD server boards, ARM chromebooks, and Intel GM45/945GM boards) the only difference is that libreboot includes microcode updates and canoeboot does not
• On boards that require ME firmware to be present in flash in order to boot (all Sandy Bridge and newer Intel boards), the difference is the above + canoeboot only touches the BIOS region while libreboot runs me_cleaner on the ME region (which means that, paradoxically, libreboot is actually more free on these boards since it neuters the ME)
• Boards that require FSP (all Skylake and newer Intel boards) are not supported by canoeboot, since there’s no way around including it (at least until someone reverse engineers it and writes a free replacement)

@ekaitz_zarraga @libreleah L14 Gen 2 is not possible unless another method of bypassing bootguard is found. All ThinkPads newer than Haswell (and all Haswell ThinkPads without socketed CPUs, so including T440/X240 but not T440p/W541) have bootguard, which makes porting coreboot impossible, with one exception: on MEv11 systems (which are vulnerable to CVE-2017-5705), bootguard can be bypassed with deguard. This includes Skylake (6th gen), Kaby Lake (7th gen), and Kaby Lake Refresh (some mobile 8th gen) systems, so T460/T470/T480 generation.

@mcc It writes to stdout, so you can just pipe it to tar to extract it into a directory. git archive --format tar HEAD | tar -xC outputdir

@domi I didn't know yen coins had holes too (norwegian and danish krone coins have them)

good example on how to make something that is neither a legible sentence nor a legible diagram, but rather an unholy refusal to commit to either

(source is, alas, Common Criteria)

@MissingClara You can already use memfd_create and refer to it as /proc/self/fd/...

@domi you've never seen a long cylindrical coin with a long pin sticking out of one side? /s

@mcc the stickers aren't upside down, the logo is upside down (older thinkpads had the logo the other way round)

The other thing I could do would be to write a DNS server which looks up the domain on multiple DNS servers (one UK-based but low latency, one non-UK-based but high latency) and returns the first result, unless it looks like a geoblock, in which case it waits and returns the second result. The problem is there’s no way to reliably detect geoblocks, but doing it for loopback IP addresses might be enough?

In the case of this specific geoblock, it’s returning an A record for 127.0.0.1, but interestingly it’s doing this regardless of the type of record you requested (if you request AAAA it will still respond with A):

> dig AAAA cdn2.miau.pub

; <<>> DiG 9.19.24 <<>> AAAA cdn2.miau.pub
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 43682
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
; EDE: 0 (Other): ([157.53.226.1] Unexpected lgbtqiaspace.b-cdn.net/a in received ANSWER at b-cdn.net for lgbtqiaspace.b-cdn.net/aaaa)
; EDE: 0 (Other): ([109.104.147.1] Unexpected lgbtqiaspace.b-cdn.net/a in received ANSWER at b-cdn.net for lgbtqiaspace.b-cdn.net/aaaa)
; EDE: 0 (Other): ([91.200.176.1] Unexpected lgbtqiaspace.b-cdn.net/a in received ANSWER at b-cdn.net for lgbtqiaspace.b-cdn.net/aaaa)
; EDE: 22 (No Reachable Authority): (At delegation b-cdn.net for lgbtqiaspace.b-cdn.net/aaaa)
;; QUESTION SECTION:
;cdn2.miau.pub.                 IN      AAAA

;; Query time: 19 msec
;; SERVER: 192.168.1.1#53(192.168.1.1) (UDP)
;; WHEN: Thu Aug 28 05:50:05 BST 2025
;; MSG SIZE  rcvd: 464

This makes it easy to fingerprint but that only works in this specific case. In which case I might as well just hardcode a list of domains as I do for my list of IPs to route through a non-UK VPN.