Just did a / update on my Lenovo E565 laptop (mine was rather old and there have been security-related updates in the mean time).

Least shitty option for that seems to be to burn their DOS-based bootable CD-ROM on a disc and boot from that. Only works if you set "UEFI/Legacy Boot" to "UEFI only" in the BIOS/UEFI menu before, though.

Simply dd'ing the image to a USB drive won't work, search for "geteltorito" if you want that. It's a little more work, though.


seriously, Mifare classic in 2019? That's ~12 years after it has been broken? How clueless can a manufacturer of keys/locks be? #ABUS fail golem.de/news/abus-alarmanlage

Die Gesellschaft für Informatik #GI schliesst ihr offizielle #Facebook Präsenz. Als Begründung wird angeführt:
1. Facebook ist ein Feind des Datenschutzes.
2. Facebook vernachlässigt die Datensicherheit.
3. Facebook bedroht Demokratie und Marktwirtschaft.
Hoffentlich werden weitere Organisationen dem Beispiel folgen!

"A Conspiracy to Kill IE6", in which some rogue YouTube developers helped push a bunch of users to switch to literally anything else.


Really good talk by @tnt full of details about the ice40up5k FPGA and a bunch of very interesting usescases of that chip. Thanks for the iCEBreaker shoutout @tnt ! :D media.ccc.de/v/osmodevcon2019-

Sigh: "A peer-to-peer (P2P) communications technology built into millions of security cameras and other consumer electronics includes several critical security flaws that expose the devices to eavesdropping, credential theft and remote compromise, new research has found."
krebsonsecurity.com/2019/04/p2 #KrebsOnSecurity

RT @jwcarroll@twitter.com

Alternative Big O notation:

O(1) = O(yeah)
O(log n) = O(nice)
O(n) = O(ok)
O(n²) = O(my)
O(2ⁿ) = O(no)
O(n!) = O(mg!)

It appears that Joseph Prusa is going to compete with Thingiverse with his own 3D model repository. Good news. Joseph truly believes in open source while Makerbot, the owner of Thingiverse, betrayed the open source community in the past.


now supports 100 different protocol decoders!

The latest addition was a TI CC1101 decoder, stacking upon the SPI PD.

Looking forward to your contributions so we can get to 200 decoders next 😉


HTML5 ping tracking – Firefox :firefox: will enable it by default:


– HTML5 ping attributes can be used to track people if they click a link (<a href=… ping=…>) by sending POST requests to an arbitrary amount of hosts
– tracking is possible without any JavaScript, or Cookies
– Steve Gibson talked about it in Security Now 709: mastodon.at/@infosechandbook/1
– ping is enabled in Chrome, Opera, Edge, Safari by default

#html5 #ping #tracking #firefox #mozilla

Six Stages of Debugging

Step 1 : That can’t happen.

Step 2 : That doesn’t happen on my machine.

Step 3 : That shouldn’t happen.

Step 4 : Why does that happen?

Step 5 : Oh, I see.

Step 6 : how did that ever work?

"Why don't browsers allocate bigger stack?"
Because shitty online games which rely on stack overflows for obfuscation are breaking then, that's why. For reals.

"Can I fully control my Android phone?": No, you can't.

– in our tests, AFWall+ leaked DNS queries of all apps on the device (including blocked apps), making it easy to determine apps installed on the phone
– updating Android doesn't imply that firmware vulnerabilities get fixed
– apps from F-Droid/Play Store etc. can still leak personal data as shown in our /e/ article
– besides, your proprietary baseband processor, GPS, sensors etc. remain out of control

#android #security #privacy #infosec

"Is LineageOS without Google apps 100% Google-free?": No, it isn't.

– some LOS services like NetworkMonitor still connect to Google (github.com/LineageOS/android_f)
– some settings like the phone's DNS server can still send data to Google
– besides, LOS, many apps, and the whole internet heavily rely on libraries, protocols, and standards (e.g. HTTP/2, Certificate Transparency) developed by Google, so there will never be a "100% Google-free something" for average users

(Pipe Viewer) is an essential utility for the terminal.

pv tracks how much data goes through it, and can estimate the time until completion.

This is a great help when performing tasks like tarring a directory. tar -xzf out.tgz dir/ will tar and compress dir but it doesn't give a progress meter. tar -xzf - dir/ | pv > out.tgz does the same and shows a detailed progress meter with pv.

Website 🔗: ivarch.com/programs/pv.shtml

apt 📦: pv

As you might have seen, I made another video/remix recently:


That one had quite a bunch of instruments and took quite a while to create. So for the next piece I'm going try something a LOT more minimalist:

It's going to contain exactly one "instrument": an old, fucked-up cooking pot.

No, I'm not kidding. I want to see how many different sounds it can produce and whether or not I can make a percussion piece that doesn't sound like complete crap.

Show more

Fosstodon is a Mastodon instance that is open to anyone who is interested in technology; particularly free & open source software.