As George Costanza used to say, "You know, we're living in a society!", but just in case we don't, remember this website has a mirror on the Tor network, so bookmark it. RSS feed is here.

Intel private keys used to certify MSI firmware, leaked

May 7, 2023    Article    1180 words    6 mins read

Micro-Star International Co., Ltd (MSI) is a Taiwanese multinational information technology corporation headquartered in New Taipei City, Taiwan. It designs, develops and provides computer hardware, related products and services, including laptops, desktops, motherboards, graphics cards, all-in-one PCs, servers, industrial computers, PC peripherals, car infotainment products, etc.

During the attack on the systems of the company MSI, the attackers (Money Message ransomware group) managed to extract more than 1TB of internal data of the company, containing among other things, the source code of the firmware and related tools. They demanded $4 million for non-disclosure and all the data was publicly published when MSI didn’t pay the ransom.

Among the published data were Intel’s private keys transmitted to OEM manufacturers, which were used to certify the released firmware with a digital signature and to ensure secure boot using Intel BootGuard technology. The presence of firmware authentication keys makes it possible to generate correct digital signatures for fictitious or modified firmware. The Boot Protection keys allow you to bypass the mechanism of launching only verified components at the initial boot stage, which can be used, for example, to compromise the verified boot mechanism of UEFI Secure Boot.

Read more ...

Evil is winning everywhere in the world

May 1, 2023    Article    484 words    3 mins read

Depressed about the past. Pessimistic about the future. Too old to feel like anything can really get better. Hopeless.

This is such a common experience now. I think if we look around at this moment and are objective about it, we see clearly that this is the single most confusing time to be a young person, maybe ever.

Teenagers receive a terrible education and are left to waste all of their free time on porn and video games. Then very often their parents kick them out at 18 or they’re sent off to college where it’s really just more of the same and the college sees them more as an income scheme than as a customer let alone a student. Did you know colleges now consider 6 years to a bachelor’s degree a “success”? And then you become an adult and you’re handed this tray of utterly meaningless make-work jobs or else you can join the military and fight a pointless war in an Arab country.

All the while the culture is hostile to religion, to art, to poetry, to basically everything and you’re encouraged to waste your time on social media. Nobody really cares what you do, not even your parents and you’re not encouraged to investigate things like reading, let alone writing poetry or songs.

Read more ...

Flight

April 29, 2023    Photography
Flight

Discover personal websites

April 25, 2023    Article    283 words    2 mins read

The year is 2023 and when you want to discover new personal websites on your favorite search engine, you just get bombarded with an endless stream of junk: “How to build a personal website using nothing but coal, fire and the power of sheer will”, “I made a personal website and you can’t imagine what happened next”, “Made a blog with 10 cents and it changed my life, I am Elon Musk” or “How to build your personal brand so you can get hired by Amazon and start pissing RIGHT NOW in your VERY OWN bottle”.

If those are the alternatives, how do you reach out to those unique, fringy, weird and interesting websites? Well, I think I might have something to help you in your research.

Read more ...

We need to talk about your Github addiction

April 24, 2023    Bookmark    https://ploum.net/2023-02-22-leaving-github.html

But I discovered that Github is now pushing it even more in that direction: a feed full of random projects and people I don’t care about, notifications to get me to “discover” new projects and “follow” new persons. They don’t even try to pretend to be a professional platform anymore. It’s a pure attention-grabbing personal data extorting social networks. To add insult to injury, we now know that everything published on Github is mostly there to serve as training data for Microsoft AI engines.

[…]

The best time to leave Github was before it was acquired by Microsoft. The second-best time is now. Sooner or later, you will be forced out of Github like we, oldies, were forced out of Sourceforge. Better leaving while you are free to do it on your own terms…

Lionel Dricot

Testing the Arc browser

April 21, 2023    Article    1086 words    6 mins read

TLDR: Arc browser is not a bad browser, it’s just something that will spread your data everywhere (read Google) and is highly tuned for the modern web (bleah). You need to have an account to “activate” the browser but once logged in you can block all the Google/Arc connections and it will work without them. I will definitely use it as an secondary browser for Mozilla Firefox.

Arc is one of those apps that has grown on me over the last few weeks, it’s a refreshing take on a web browser. Frankly, until I ran into Arc, I didn’t think a browser can be this much fun and filled with delightful touches, yet so intuitive. That doesn’t mean it’s a good (or bad) browser, it’s just a Chromium reskin with some cool features. Also, it’s macOS only, for now.

I hate to admit that I severely dislike (not to say hate, but yes, I hate it) their tagline “Are you ready to let go of the old internet?” No, I’m not, and we should embrace the old internet instead of the shithole we have right now.

Read more ...

Reduce tracking via NetworkManager

April 13, 2023    Article    407 words    2 mins read

NetworkManager is a program for providing detection and configuration for systems to automatically connect to networks. NetworkManager’s functionality can be useful for both wireless and wired networks, for wireless networks, NetworkManager prefers known wireless networks and has the ability to switch to the most reliable network.

If you want to reduce someone’s capabilities to track you, you should avoid broadcasting a persistent and likely unique software identifier; an empty (blank) hostname is also an option, but a static hostname of “localhost” is less likely to cause problems. Both will result in no hostname being broadcasted to the DHCP server. You can use hostnamectl to change the system hostname and related settings.

Read more ...

The Man from the Future: A Thought Experiment

April 2, 2023    Bookmark    https://rishikeshs.com/man-from-the-future/

Imagine a hypothetical scenario wherein the split of a second you’re transported back to the past thousands of years ago. You’re the only surviving man from the future. You’re surrounded by 100 other uncivilized humans who do not have a clue about who you are, yet they obey you. You are surrounded by pristine untouched natural landscapes with abundant resources. Your cognitive abilities and memory of the future remain intact, but you’re not carrying anything from the future. You’re just a raw human with some crazy knowledge and ideas. How will you shape your present world with the knowledge you have from the future? Is your knowledge enough to create a civilization as good as your future? What all things can you build with the human resources you have?

Rishikesh Sreehari