happy new year!

Duuude! 🎉🎉🎉🎉 🥳🥳🥳🥳

#plan9 #9front #9phone

Licensing all my code under MIT + Trans Rights is a fun and silly little thing. I don't understand the consequences of

The above copyright notice, this permission notice, and the affirmation that TRANS RIGHTS ARE HUMAN RIGHTS shall be included in all copies or substantial portions of the Software.

Nor do I have the means to even bring consequences. But it's a silly little thing that might be a legal problem for someone else anyways.

Hot take: Industry should abandon HDMI.
DisplayPort is better in every single case (licensing, bandwidth, physical connection).

Every single time I need to use HDMI, I have some kind of issue. One of my monitors is connected using HDMI and I had to add aliases to my shell called "fucking-lg-on" and "fucking-lg-off" that writes values to i2c device (DDC) to tell the monitor to suspend.
Otherwise when kscreenlocker sends DPMS standby, monitor keeps disconnecting and re-connecting itself which sooner or later crashes my wayland session.... and that's just one example.

I've had issues with HDMI as far back as I can remember (likely circa 2014 when I finally could afford swapping burnt-out CRT from 1999 with 1080p LCD monitor).

DisplayPort however? Zero, nada.

Then of course there's HDMI Forum which I personally hate with burning passion (for obvious reasons).

I genuinely wonder *why* manufacturers of monitors and TVs stick with HDMI when DP is superior in every single way.

fox (different per instance):

game over!
score: 98
││
││
││
││
││
││
││
││
││
││

I hope all those devs who went “I don’t need to optimize, there’s plenty of RAM” are going to get slapped with complaints about bad performance because the software runs like shit on new computers whose RAM size traveled back to 2015

blob cat
cross ing
|
|
|

AccursedUnutterableXmlDeserialize

if sec is the reciprocal of cos and cosec is the reciprocal of sin, what is dnssec?

I love how Mozart was the first music pirate, who transcribed — from memory — Gregorio Allegri’s “Miserere” in 1771.

He went to a performance of it, and then went straight home to write down the notation. The sheet music was only allowed be owned by, like, three people… I think one of which was the Holy Roman Emperor at the time.

Mozart, the badass, then published the sheet music.

His sheer gumption was so welcomed that the Pope gave him the Order of the Golden Spur.

So remember: whenever you pirate something, you are following in the footsteps of Mozart himself.

CLAs mean that companies can take open source software and privatize it.

https://github.com/minio/minio?tab=readme-ov-file#maintenance-mode

There is currently a scanning electron microscope on eBay UK for the incredible bargain price of £470. I do not have space for this.

https://www.ebay.co.uk/itm/267500902096

je m'alloc (i manage my own memory, for those who don't speak french)

why does my timeline show 4 repeats on a reply post (from sharkey) but when I expand the post it disappears? (and the sharkey instance the post is from does not show any repeats/boosts either)

About 1.5 years ago my friend was (falsely) accused of terrorism.

All of their electronic devices were seized, plus my stash of hard drives (stored at their place for reasons).

Of course police didn’t find any evidence. Culprit that impersonated my friend (and many others) got arrested recently (article in Polish).

Police returned the hardware few months ago and I found that all of my drives are now e-waste thanks to their carelessness, which made me (understandably) furious. I even considered suing them.

Said very good friend of mine entrusted me with their personal phone and pattern to unlock it. I charged and booted it for the first time since February 2024 and were curious how it was pwned. I knew police used cellebrite on it.

My crime is that of curiosity

As it turns out, police forgot to clean after themselves (there was an attempt) and left payloads, logs, and backdoor intact.

Took a peek at the first-stage payload but it’s too complex for me to reverse-engineer on my own. It’s relatively well obfuscated, but I can tell it’s using RNDIS (likely spawning a server?) and TLS-encrypted connection to talk to Cellebrite box.

If you’re a security researcher (or just curious nerd with more spoons than me) and you would like to take a look - here you go.

Payload was uploaded onto the device on 2024-02-21. If you want to re-create the environment it was executed on, you will need a:

• Samsung Z Flip3 5G (SM-F711B)
• Android build SP2A_220305.013.F711BXXS2CVHF

Rough execution flow:

1. USB device plugged in (Cellebrite Cheetah)
2. USB controller switches to host mode
3. Gadget switching USB VID/PID to load kernel modules (hid_steam, hid_apple, hid_prodikeys, hid_logitech_hidpp, hid_magicmouse, hid_aksys and tries to exploit quirks)
4. Module 'hid_aksys' leaks memory
5. Screen unlocked
6. ADB key '82:E5:EA:F3:DC:D1:7D:CA:65:3C:D4:58:65:CD:81:8E' added to trusted keys on the device
7. First-stage payload '/data/local/tmp/falcon' copied onto the device.
8. Second-stage payload (seemingly) executed as root:
	- /data/local/tmp/chrome-command-line
	- /data/local/tmp/android-webview-command-line
	- /data/local/tmp/webview-command-line
	- /data/local/tmp/content-shell-command-line
	- /data/local/tmp/frida-server-16.1.4-android-arm64
	- /data/local/tmp/init
9. Data extraction (photos, telegram, firefox, downloads)

Have fun!

Four bendy buses managed to enter a roundabout at the exact same time from four different directions in Oslo yesterday afternoon and get properly stuck, each bus blocking the exit for the one behind it. #BigBusStuck

One if the reasons iocaine has unhinged module and symbol names in its source code is that if someone tries to ask a slop generator, it will go full HAL "I can't do that, Dave" on them.

Go on, call your traits SexDungeon, your channels pipe bombs, the free function of your allocator Palestine, and the slop machines won't touch it with a ten feet pole.

Sometimes even comments are enough! Curse, quote Marx, dump your sexual fantasies into a docstring. Hmm. I should heed my own advice. Brb!