JATth

I wish lemmy communties existed for:

• 1. How are you doing today?
• 2. Did you discover anything new to your consciousnesses today?
• 3. I fucke’ed today. Here is how.

Edit: yeah, I think I miss a few of the old subreddit’s. Even if there is an equivalent in lemmy, such communities are quite silent.

You want benzodiazepines? They are basically erase memory from [0.00 to 24.0] so I definitely wouldn’t recommend.

BTW. With clang lto’d kernel 6.9. When non-Arch get the buggy updates, We have already moved on.

Wayland has much more up-to-date graphics technologies behind it to put it simply.

Mint was the distro that converted me. After 8-10 years, I’m still using the cinnamon DE, but just on top of Arch. Next hope is the devs port it over wayland so I can also ditch xorg. (There is a demo/alpha available)

I just did: “rm -rf xz”

pacman -Syu
find / -name "*xz*"  | sort | grep -e '\.xz$' | xargs -o -n1 rm -i 
pacman -Qqn | pacman -S -

(and please, absolutely don’t run above as root. Just don’t.) I carefully answered to retain any root owned files and my backups, despite knowing the backdoor wasn’t included in the culprit package. This system has now “un-trusted” status, meaning I’ll clean re-install the OS, once the full analysis of the backdoor payload is available.

Edit: I also booted the “untrusted” system without physical access to the web, no gui, and installed the fixed package transferred to it locally. (that system is also going to be dd if=/dev/zero'd)

The first kernel I built was not entirely happy with the .config I had made for it. Only thing it could do was BEEP-ing in panic for any key presses. [insert noot noot meme]

BIOS/UEFI likely tried to fuck up the CPU, or hardware fault. NMI => Non Maskable Interrupt.

I read the article enough to find that the Nightshade tool is under EULA… :(

Because it definitely is not FOSS, use it with caution, preferably on a system not connected to internet.

Windows: $ insmod < “http://shady-ring0-blob-from-internet.sys.cn” What could possibly go wrong?

So it is btrfs snapshot time again and making it a bootable backup before pacman -Syu?

I have had only single time I remember when the Arch upgrade truly fucked up the system: libreadline.so was broken so bash didn’t work. :D

I always have a second bootable system in case the main system is unable to boot… So I can at least troubleshoot the main system.

The attack is spread via iMessage. A vulnerable device merely needs to receive a bad message with PDF attachment. --> A Remote code execution. No user interaction.

Yikes. Indeed.

The attack entry point is via bad TrueType font + PDF attachment that only needs to processed once. Once a process touches that, the attack vector begins and exploits are chained until they get kernel mode access. After getting kernel mode access all hope is lost, the attacker owns the device.

Only sliver of hope is that fixing the attack entry point blocks the current attack. And that bug is:

This attachment exploits the remote code execution vulnerability CVE-2023-41990 in the undocumented, Apple-only ADJUST TrueType font instruction. This instruction had existed since the early nineties before a patch removed it.

But unless all the CVEs are patched, it is just matter of time a new attack entry point is found.

Shorter version: Operating systems set up hardware locks and protections to confine processes, and once set up, they cannot be undone. (the hardware + OS denies modifications to the security policy)

• Attacker broke out from the app sandbox. (attacker can run code in the infected process)
• Broke out of the process. (gained root access; attacker can run anything)
• Broke into the kernel space (gained 100% control over the hardware)
• Corrupted some kernel memory via a damm magic MMIO accesses nobody knows (hardware vulnerable)
• Bypassed protections that kernel set up earlier such that it cannot accidentally modify itself.
• Finally broke the kernel via hardware exploit thus the attacker got rootkit level access.

Getting arbitrary code execution and root access is one thing, but breaking out from the damm kernel configured hardware protections is insane.

They basically managed to flip a “read-only” switch to “modify-as-much-as-you-like”. The infected device at this point is broken beyond repair, as the firmware(s) may have been tampered with. End result is a terrestrial spy brick.

Any new battery technology news needs to be taken with a grain of salt. They are highly likely over-hyped and the actually realized products will have more problems than the current established tech initially.

“traveling salesman problem quantum annealing” produces results on arXiv.org, so the math heads are hard at work. :)

Quantum computing is going to make it possible to solve problems that normal computers simply cannot do.

Most of these are optimizing problems like “compute the best solution to traveling salesman” or “find a molecule that binds to this receptor”.

On normal computers solving such problems “perfectly” takes^exponential amount of computing time vs. the size of the problem.

Quantum computers are going to chop down that exponential thing a little, so we can see the results before the sun burns out. The reason QCs are theoretically able to do this is that each added qubit improves the machines performance exponentially.

However, the qubit state is so fragile that we need hundreds of them to make a single “stable” logical qubit that can do operations repeatedly. What the quantum computer uses as qubit (photons, super-conducting wire) is irrelevant as long as the system can do useful work.

Because of the fragility, the results are gathered using thousands of runs on the quantum machine and measured statistically.

We are not quite there yet to solve any useful sized problems.

deleted by creator

Based on the article the satellites are not staying 100% on their intended spectrum spec and are bleeding some unintended interfere noise. I hope the starlink cloud doesn’t interfere so much that it excludes possibility of some research. On earth, if you transmit even slightly out-of-spec radio signals, the government agencies will get mad and really really fast.

ELI5: Low earth orbit is becoming over crowed “FM radio station”, with regulation lacking who can broadcast and at what frequency.