Old Fucking Punk @lwriemen@librem.one

#ElonMusk's #trans daughter has had enough: "Calling me dead on a podcast with JORDAN PETERSON of all people while basically admitting you have zero reading comprehension by saying you were 'tricked' into signing documents that you read over multiple times is basically a parody of itself... This entire thing is completely made up and there’s a reason for this. He doesn’t know what I was like as a child because he quite simply wasn’t there..." https://www.advocate.com/elon-musk-trans-daughter-vivian-wilson

"Nobody uses Mastodon, lol."

https://secure.actblue.com/donate/mastodon-for-harris

#MastodonForHarris

In 2012, an industry-wide coalition of hardware and software makers adopted Secure Boot to protect against a long-looming security threat. The threat was the specter of malware that could infect the BIOS, the firmware that loaded the operating system each time a computer booted up. From there, it could remain immune to detection and removal and could load even before the OS and security apps did.

To this day, key players in security—among them Microsoft and the US National Security Agency—regard Secure Boot as an important, if not essential, foundation of trust in securing devices in some of the most critical environments, including in industrial control and enterprise networks.

On Thursday, researchers from security firm Binarly revealed that Secure Boot is completely compromised on more than 200 device models sold by Acer, Dell, Gigabyte, Intel, and Supermicro. The cause: a cryptographic key underpinning Secure Boot on those models that was compromised in 2022. In a public GitHub repository committed in December of that year, someone working for multiple US-based device manufacturers published what’s known as a platform key, the cryptographic key that forms the root-of-trust anchor between the hardware device and the firmware that runs on it.

The repository included the private portion of the platform key in encrypted form. The encrypted file, however, was protected by a four-character password, a decision that made it trivial for Binarly, and anyone else with even a passing curiosity, to crack the passcode and retrieve the corresponding plain text. The disclosure of the key went largely unnoticed until January 2023, when Binarly researchers found it while investigating a supply-chain incident. Now that the leak has come to light, security experts say it effectively torpedoes the security assurances offered by Secure Boot.

“It’s a big problem,” said Martin Smolár, a malware analyst specializing in rootkits who reviewed the Binarly research and spoke to me about it. “It’s basically an unlimited Secure Boot bypass for these devices that use this platform key. So until device manufacturers or OEMs provide firmware updates, anyone can basically… execute any malware or untrusted code during system boot. Of course, privileged access is required, but that’s not a problem in many cases.”

https://arstechnica.com/security/2024/07/secure-boot-is-completely-compromised-on-200-models-from-5-big-device-makers/

Today is the International Day of Solidarity with Anti-Fascist Prisoners!

Find out more about the day + a list of antifa prisoners + how you can show your solidarity & support here: http://bit.ly/freeallantifas

Donate to antifa prisoners here: https://actionnetwork.org/fundraising/support-antifascist-prisoners

#antifa #antifascist

#OtD 25 July 1898 the US invaded Puerto Rico, claiming to free it from Spanish colonial rule. Instead they occupied it and gave citizenship to Spanish landowners, protecting them from landless rebels, and handing land to sugar corporations. Learn more: https://stories.workingclasshistory.com/article/9748/us-invades-puerto-rico?utm_source=dlvr.it&utm_medium=mastodon

Wow. Scientific American blasts SCOTUS rulings:

"Science is dismissed and disdained in this war on reality."

"technically incompetent, in some cases corrupt, politicos in robes with power over matters that hinge on vital facts about pollution, medicine, employment and much else."

"In rejecting facts to please their political party—and their patrons—the justices of the Court’s majority have broken their oath, made to both the Constitution and the American people."

https://www.scientificamerican.com/article/the-supreme-courts-contempt-for-facts-is-a-betrayal-of-justice/

wrote about why i pay cash and why one might want to do this https://scott.mn/2024/07/24/cash/

https://righteousit.com/2024/07/24/hiding-linux-processes-with-bind-mounts/ is beautiful and obvious and is someone now going to rewrite an eBPF-based version of ps

Does anyone have an idea what the heck is up with wget?

It's an error, but I'm getting an "OK" status code.

wget 192.168.4.1 --tries=1
Failed to send 201 bytes (hostname='192.168.4.1', ip=192.168.4.1, errno=111)

[Files: 0 Bytes: 0 [0 B/s] Red]
[foo@bar ~]$ echo $?
0

Sometimes, you just find a good quote, you know? Like I just found this one from William Jennings Bryan:

"We have petitioned, and our petitions have been scorned. We have entreated, and our entreaties have been disregarded. We have begged, and they have mocked when our calamity came.

We beg no longer; we entreat no more; we petition no more. We defy them!"

Isn't it wild that the think tank that came up with Project 2025 is the same group that first laid out the health insurance scheme that would eventually be implemented under the moniker "Obamacare"? Almost makes a person stop and think....almost....

“From Burnout to Balance: AI-Enhanced Work Models for the Future”

https://www.upwork.com/research/ai-enhanced-work-models

> Nearly half (47%) of workers using AI say they have no idea how to achieve the productivity gains their employers expect. Over three in four (77%) say AI tools have decreased their productivity and added to their workload in at least one way.

I wonder why Upword, a company that's all-in on "AI", didn't promote this study on their blog like they do their other studies

(The question’s rhetorical)

ok let's do this, I'll match up to $300 in donations to Rashida Tlaib made before 11:59pm Pacific tonight. DM/"private mention" me a screenshot of your receipt to be matched.

Tlaib is going to face incredible amounts of AIPAC opposition cash for taking this stand at Netanyahu's address today. she needs our help

https://secure.actblue.com/donate/rt_txt_net_address

Pops is telling me this morning that there was a big wind storm about 90 miles south of me last night. Wind speeds of up to 105! 😲

You can access data from deleted forks, deleted repositories and even private repositories on GitHub. And it is available forever. This is known by GitHub, and intentionally designed that way.

As long as one fork exists on GitHub, any commit to that repository network (ie: commits on the “upstream” repo or “downstream” forks) will exist forever.

https://trufflesecurity.com/blog/anyone-can-access-deleted-and-private-repo-data-github

#security

There will come a point where you ask internet-oracle-of-choice "how do I self-host a Netflix alternative" and they will intentionally give you bad advice in order to discourage you.

That point is coming sooner rather than later, and we need to train *an entire generation* of internet users how to get out of this trap.

That's *our* work to do, RIGHT NOW.

https://news.mongabay.com/2024/07/in-cambodia-indigenous-villagers-lose-forest-land-amid-carbon-offset-project/

But if you add the numbers (excluding the Windows Subsystem for Linux (WSL), #Linux still beats the Windows:

Windows (Personal use): 59.2%
Windows (Pro. use): 47.6%
Linux (Personal use): 61.0%
Linux (Pro. use): 57.3%

They should have broken down Windows to Pro, Home edition, etc. or bundle up all Linux distros to have a "Operating System" level information.

#StackOverflow

2/🧵

Oh no! a wild security feature for @forgejo has appeared that even Github doesn't have! https://codeberg.org/forgejo/forgejo/pulls/4662

#forgejo

An organization called "Progressive Takeover" has ignored my unsubscribe responses, so I'm blocking it entirely. Political spam is a plague and a growing one.