Living on the East Coast means my radio-controlled atomic wall clock is completely deaf to the atomic (WWVB) signal from Colorado. In the attached video, I am using my smartphone to force the clock to sync to exact Internet time via a clever hardware hack. 1/4

@ChrisJagged I'd probably just say something like "god doesn't exist", but it depends on context. If it's said condescendingly/with a definition of "doing good" that isn't aligned with mine (like saying they'll pray for me because I'm an atheist), I'd be less likely to just ignore it.

@kemona_halftau some sort of speaking clock or time signal radio station?

@kemona_halftau the same reason lenovo removed the trackpoint buttons for the xx4x thinkpads: it allows for more touchpad surface area? it also allows for middle click but I think that's more of a side effect since they could've just added a middle button

@domi I saw it yesterday because someone mentioned it on IRC. they should've waited for a stable release to get the fix before publishing it but I don't think it's quite as bad as the other two since it requires you to actually have the affected hardware and CAP_NET_ADMIN already

@domi that was published two days ago

@maddy GRUB does support LUKS, but currently no released version supports Argon2 for key derivation so you have to use PBKDF2 instead. The latest commit on the master branch supports Argon2 (and there were patches sitting on the mailing list for years adding it (which libreboot has used since 2023) which were finally merged a few months ago).

It's also really slow at unlocking disks compared to Linux (maybe it's improved now though, I'm not using the latest commit), so you might not actually want GRUB to unlock your disks if you care about that.

@kemona_halftau I had no idea thinkpads supported charging at 5V/over USB without USB-PD at all (I assume that's what you mean by trickle-charging)

what laptop did you break the USB-C port on by plugging in a charger? (I'm asking so that I can avoid doing that in case I encounter the same model of laptop)

@dpk @yadt that’s the same exploit as dirtyfrag

good night!

@kemona_halftau thanks. I somehow did manage to pass a different exam before having not done any revision (except accidentally by reading on wikipedia about pylons the night before and learning some relevant information from that) and after hardly attending any lessons.

it's very hard to concentrate on revising without getting distracted by everything

@_r I think this actually might just be the same ESP exploit and the reason they broke the embargo. I initially thought it was something else but the dirtyfrag mitigation prevents this too (I thought it didn't because my mitigation didn't actually work)

@9pfs @otter … never mind, my dirtyfrag mitigation wasn’t actually working (I added it to /usr/local/lib/modprobe.d which was enough to make manually modprobing the modules fail, but they still got autoloaded)

now I bind-mounted /dev/null over the module files to ensure that nothing can load them and copyfail2 indeed does not work

@otter @9pfs and it does still work for me with the dirtyfrag mitigation, so it can’t be that (edit: my mitigation didn’t work)

(and touch /etc/passwd seems to make the sick user go away after reverting the changes to /etc/passwd. I guess nss must be caching it somewhere (but where?))

@otter @9pfs did it completely fail to modify /etc/passwd or could you just not su - sick? the PoC seems to rely on you having nullok in your PAM configuration so an empty password is accepted, but if you just make it add a password as well it works without that.

also, at least on guix, resetting /etc/passwd (by –clean or clearing the page cache) does not seem to be enough to undo the exploit:

ron@t440p ~/P/Copy_Fail2-Electric_Boogaloo (main)> grep sick /etc/passwd
ron@t440p ~/P/Copy_Fail2-Electric_Boogaloo (main) [1]> getent passwd sick
sick:$1$SFhg3s7A$KAk5fEi/EmjSRL1Eb/NvO1:0:0:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:/:/bin/sh
ron@t440p ~/P/Copy_Fail2-Electric_Boogaloo (main)> su - sick
Password: 
sick@t440p /# 

where the hell is it reading from if not /etc/passwd?

@9pfs @otter the fix seems to only have been merged into mainline linux today and isn't in any release yet

@9pfs another one, in a different module. disable xfrm_user and xfrm_algo modules in addition to mitigate this one

https://github.com/0xdeadbeefnetwork/Copy_Fail2-Electric_Boogaloo

NOT ANOTHER ONE

second linux LPE of the day

https://www.openwall.com/lists/oss-security/2026/05/07/8

another linux LPE, this time without even a patch or CVE number yet (but there's a mitigation of preventing esp4, esp6, and rxrpc modules from loading)