the post in question:

why does my timeline show 4 repeats on a reply post (from sharkey) but when I expand the post it disappears? (and the sharkey instance the post is from does not show any repeats/boosts either)

@algernon Yes, it might also reduce performance a bit since it’d need to do the encryption separately for each drive it reads to/writes from. You can use the same password on all disks and have your initramfs only ask you once and cache the password. Debian apparently has decrypt_keyctl for this.

Another thing you could maybe do is use ZFS encryption, but instead of using your password directly, use a long random keyfile which you store encrypted with your actual password on another filesystem, and if you want to change your password just re-encrypt the keyfile instead of changing it in ZFS.

What I plan to do for my new server is btrfs RAID-1 in LUKS on 2 SSDs, with a weird boot process (coreboot loading linux as a payload with an initramfs containing sshd so I can SSH into it to unlock the disks remotely).

@jade jade you.

@algernon I'd probably use btrfs. If you do use ZFS, I recommend using LUKS rather than ZFS's encryption because you can't really ever change the password with ZFS (you can sort-of change it, but it's CoW so the old key isn't guaranteed to be removed and may be recoverable)

@seabass @Geri Correct (and hi, I don't mind if you follow me)

@seabass @Geri The other 60 clauses were explicitly repealed. That they were repealed doesn't mean that the remaining clauses can simply be ignored, they'd have to be repealed too.

About 1.5 years ago my friend was (falsely) accused of terrorism.

All of their electronic devices were seized, plus my stash of hard drives (stored at their place for reasons).

Of course police didn’t find any evidence. Culprit that impersonated my friend (and many others) got arrested recently (article in Polish).

Police returned the hardware few months ago and I found that all of my drives are now e-waste thanks to their carelessness, which made me (understandably) furious. I even considered suing them.

Said very good friend of mine entrusted me with their personal phone and pattern to unlock it. I charged and booted it for the first time since February 2024 and were curious how it was pwned. I knew police used cellebrite on it.

My crime is that of curiosity

As it turns out, police forgot to clean after themselves (there was an attempt) and left payloads, logs, and backdoor intact.

Took a peek at the first-stage payload but it’s too complex for me to reverse-engineer on my own. It’s relatively well obfuscated, but I can tell it’s using RNDIS (likely spawning a server?) and TLS-encrypted connection to talk to Cellebrite box.

If you’re a security researcher (or just curious nerd with more spoons than me) and you would like to take a look - here you go.

Payload was uploaded onto the device on 2024-02-21. If you want to re-create the environment it was executed on, you will need a:

• Samsung Z Flip3 5G (SM-F711B)
• Android build SP2A_220305.013.F711BXXS2CVHF

Rough execution flow:

1. USB device plugged in (Cellebrite Cheetah)
2. USB controller switches to host mode
3. Gadget switching USB VID/PID to load kernel modules (hid_steam, hid_apple, hid_prodikeys, hid_logitech_hidpp, hid_magicmouse, hid_aksys and tries to exploit quirks)
4. Module 'hid_aksys' leaks memory
5. Screen unlocked
6. ADB key '82:E5:EA:F3:DC:D1:7D:CA:65:3C:D4:58:65:CD:81:8E' added to trusted keys on the device
7. First-stage payload '/data/local/tmp/falcon' copied onto the device.
8. Second-stage payload (seemingly) executed as root:
	- /data/local/tmp/chrome-command-line
	- /data/local/tmp/android-webview-command-line
	- /data/local/tmp/webview-command-line
	- /data/local/tmp/content-shell-command-line
	- /data/local/tmp/frida-server-16.1.4-android-arm64
	- /data/local/tmp/init
9. Data extraction (photos, telegram, firefox, downloads)

Have fun!

Four bendy buses managed to enter a roundabout at the exact same time from four different directions in Oslo yesterday afternoon and get properly stuck, each bus blocking the exit for the one behind it. #BigBusStuck

One if the reasons iocaine has unhinged module and symbol names in its source code is that if someone tries to ask a slop generator, it will go full HAL "I can't do that, Dave" on them.

Go on, call your traits SexDungeon, your channels pipe bombs, the free function of your allocator Palestine, and the slop machines won't touch it with a ten feet pole.

Sometimes even comments are enough! Curse, quote Marx, dump your sexual fantasies into a docstring. Hmm. I should heed my own advice. Brb!

@mei @domi @SuperDicq I dislike it for a different reason: instead of providing an image with non-free-firmware alongside the free-only image (which was option 6 on the ballot), the free-only image was replaced with the one including non-free-firmware (option 5). This means that if you don’t need the non-free firmware, you still have to waste bandwidth downloading it and remember to boot with firmware=never. There’s also the fact that non-free firmware being available for your system doesn’t necessarily mean you need it (e.g. if you have AR9462 and don’t use bluetooth, you don’t need to load anything), but I don’t remember if Debian asks you whether to load each firmware blob or just loads them all without asking (if it asks it’s not an issue).

imagine being on berkeley.edu.pl

@nay happy birthday!

@gewt @domi @manawyrm @openfactory @valpackett how? I wouldn't expect companies that own datacentres to let you colocate yourself

@domi @manawyrm @openfactory @gewt @valpackett did you live in a datacentre?

@gayfamicom I didn't know about the goat cli and thought bluesky had a new goat mascot or something

@gayfamicom did you search for "bluesky goat" or why is "julius goat quote" in the results?

@fun They got rid of the app drawer?

@nay good morning(?), I have a cold and yesterday I was awake until 5am because I couldn't sleep because I had a blocked nose and was trying to figure out if I could enable PCIe bifurcation on my motherboard to avoid buying an expensive PCIe switch (conclusion: yes, but I'd need to pull down two pins on the CPU which are connected to an unsoldered XDP connector, I think the easiest way to do this would be to connect them to an adjacent ground pin directly on the CPU)

@nay meow