asciilifeform: 'Mozilla wants to override any configured DNS server with Cloudflare' << pretty lulzy

asciilifeform: ( nao whether somebody, somewhere, still uses recent mozilla, is separate q ) ☟︎

asciilifeform: mod6: new rk kernel baked, tested, worx.

asciilifeform: BingoBoingo: zipping up kernel, will ping you

asciilifeform: BingoBoingo: ok to swap

asciilifeform: ty

asciilifeform: snapshotting nao

asciilifeform: BingoBoingo: ok to remove and boot C back up

asciilifeform: BingoBoingo: you mentioned that you want yours reimaged ? didja back up the thing ?

asciilifeform: BingoBoingo: incl any /etc configolade ?

asciilifeform: it'll all vanish

asciilifeform: if this worx for you, go ahead and move your drive over to dulap

asciilifeform: which unit were you again ? 'E' ?

asciilifeform: ok

asciilifeform: lemme know when F's disk is in

asciilifeform: ok, this'll take 20-30min, can go eat

asciilifeform: BingoBoingo: let's take the rest of this to #p, to reduce log pollution. ping me there when you get back.

asciilifeform: meanwhile, in heathendom, https://archive.is/aiaQH << linux 4.xx arbitrary r/w 0day

asciilifeform: 'The bug only affects kernels that have CONFIG_POSIX_TIMERS and CONFIG_CHECKPOINT_RESTORE enabled, which is done by a lot of modern distros' << i.e. none of asciilifeform's kernels

asciilifeform: but still lulzy wankage, e.g., https://archive.is/qeO5s >> 'Since this has business impact, we consider legal action against the opaque Linux-distros vulnerability-disclosure-among-friends-for-fun-and-profit scheme, that we exposed at the ITU earlier this year. This is digital divide in the works, with real impact for non-club-members ...' ☟︎

asciilifeform: and the cucks entertain, https://archive.is/4L8IS >> from one 'Solar Designer' , kernelist, 'However, with CERT involved and with related issues affecting more than just Linux, there was little I could do, short of playing full BOFH and breaking the semi-embargo for everyone. While I think that would have been for the general public's benefit overall, I didn't feel about it strongly enough to actually do it this time. I apologize f

asciilifeform: or letting this happen. (At the same time, I did force another semi-public issue to oss-security right away since that one didn't involve coordination with so many parties.)'

asciilifeform: for non-expert entomologists : the perps ( i dun distinguish b/w 'bug'-inserters and coverup-artists ) ~continue~ to spew the squid ink where the patch is disguised as 'for denial of service bug' rather than arbitrary r/w -- despite the cat being out of the bag for nearly whole day nao

asciilifeform: 'responsible disclosure'(tm)(r), didjaknow.

asciilifeform: ( consists, in practice, of regular warm, wet kisses from usg.nsa straight into mouths of folx still using 'modern distros' , followed up by generous cocktail of obfuscatory lies to the public , then exposure, then the usual fudstorm to try an' keep the ruse alive for a bonus day or three )

asciilifeform: BingoBoingo: i gotta step into meatspace for a spell, see #p log for next instruction

asciilifeform: mod6: http://p.bvulpes.com/pastes/0bETd/?raw=true

asciilifeform: mod6: plox to test and confirm. ☟︎

asciilifeform: mod6: it's simply the launch codes for rk 'C' ( previously occupied by mats ) , it is ready for new user.

asciilifeform: in continuing lulz, 'Which "club"? If you're an Open Source operating system distro, you can now apply to join (linux-)distros under our published criteria. Otherwise, yes, you're out of luck joining that "club". This is "selective disclosure", and it has drawbacks. There's no perfect alternative.' ☟︎

asciilifeform: 'Like I said, what we're supporting with (linux-)distros is a certain kind of "selective disclosure".'

asciilifeform: ( for folx who dun feel like digging through that particular latrine pit -- they have an explicit '14 day embargo' to give nsa time to drill new holes into victims )

asciilifeform: in other lulz, 'The Go implementation of the P-256 elliptic curve had a small bug due to a misplaced carry bit affecting less than 0.00000003% of field subtraction operations.'

asciilifeform: Run Moar Googlelade.

asciilifeform: 'In about 500 submissions on average we recover the whole key' << from e.g. montrezor, other shitwallets, etc. ☟︎

asciilifeform: meanwhile, in castles, http://logs.bvulpes.com/asciilifeform?d=2018-8-9#411725 << thread of interest to phuctor readership

asciilifeform: about half of the 1st ( of 24!) parcel of 27M keyz from mats , eaten up nao. by end of next wk, will grind.

asciilifeform: ( eater is order of magnitude faster today than last yr, but still slowest component )