The @lwn web site is currently under the most intense scraper attack I have seen yet. 1.3M unique IP addresses within the last couple of hours, and it's not done yet. The work we have done on defenses appears to be paying off, though; the server is holding up reasonably well — so far.

...just in case anybody wonders why I have a rather dim view of the whole AI industry...

Alternative temperature scale: the height of my non-alcoholic beer cap tower

That's absolutely sad to read. The CEO of @mullvadnet is not only financing the far-right Swedish Örebro party, but he even is their main financer. 70+% of their money is his donation. He is the reason why they go nationwide this year.

For obvious reasons i cease to trust this service. Also i do not finance parties that aim for forced deportations.

https://www.flamman.se/techprofil-ger-miljoner-till-orebropartiet/

#Mullvad

https://letzteklima.com/

GCC: Bump minimum GNU Make version to 3.81 released in 2006. Dont want to rush thing.
https://gcc.gnu.org/pipermail/gcc/2026-June/248407.html

There is currently a lot of FUD regarding the expiration of Microsoft’s UEFI Secure Boot certificates this June. Many Linux users are understandably concerned that their machines will refuse to boot if Secure Boot remains enabled. I spent some time this morning sorting through the noise. Here is what you actually need to know:

👉 Expiration dates aren’t strictly enforced by default The UEFI specification and its reference implementation (Tianocore) do not mandate checking the expiration dates of certificates. The reasoning is practical: a computer needs to be able to boot even if the CMOS battery dies and the real-time clock (RTC) is broken. The caveat: Your specific motherboard or UEFI vendor might have implemented their firmware differently, which is where the uncertainty comes from.

👉 To be on the safe side, you can verify that the new Microsoft certificate is present in your system’s UEFI Secure Boot database. You can extract and inspect this directly from your Linux terminal:

# Extract the db variable
efi-readvar -v db -o db.esl

# Convert the signature list to certificates
sig-list-to-certs db.esl db_cert

# Inspect each generated db_cert-*.der file
openssl x509 -inform der -in db_cert-NNN.der -noout -subject -issuer -dates

(Check your specific db_cert-N.der files). You are looking for an output where the Common Name (CN) is “Microsoft UEFI CA 2023”.

👉 To ensure a smooth transition, your bootloader should be signed by both the old and the new Microsoft certificates. In my case, using shim from OpenSUSE, you can verify the signatures with sbverify:

sbverify --list /boot/efi/EFI/opensuse/shim.efi

Why SystemD as of 261 does not support fscrypt v2?

Just wondering because it has been around for a some time.

#systemd

Blooming Sempervivum Arachnoideum

https://mrdoob.github.io/Starter-Kit-Racing this is dope

Is AI ruining our skills? Early results are in – and they're not good
L: https://www.nature.com/articles/d41586-026-01947-1
C: https://news.ycombinator.com/item?id=48601286
posted on 2026.06.19 at 14:00:48 (c=0, p=5)

...from 0 to 2,99 years.
This reminded me of the computer science joke: how much is 1 plus 1? 1,9999

When I was young, I was an active user of what would now be called social media. vBulletin and phpBB boards, IRC channels, LiveJournal... I made lifelong friends this way, when I get married in a few months time, two friends I met on IRC and still switch between thinking of them as their handles or "real" names will be my bridesmen.

I know modern social media is not the same as it was then, but a lot of that is down to less active moderation than you had in these smaller communities as a result of centralisation by Silicon Valley tech firms combined with algorithms and incentives that intentionally or not resemble the same rush as gambling. This does not just affect children, and a ban is the wrong answer to this problem.

Wir freuen uns auf euch am Fest für Alle!

https://sigma-star.at/blog/2026/06/trustzone-intermezzo/

Tell me you are in Austria without telling me.

just saying...

https://sigma-star.at/blog/2026/05/you-probably-dont-need-yocto-and-thats-fine/

hi everyone

given one #bitlocker #0day is already out there, here's my own bitlocker 0day, I added it to my repo listing bitlocker attacks.

Introducing "ram leak": https://github.com/Wack0/bitlocker-attacks#ram-leak

As we all know, the boot environment allows booting from a ramdisk. This involves loading a file from disk into RAM, as expected.

However, "file" and "disk" can be arbitrarily chosen, and "disk" being a BitLocker encrypted partition is a supported scenario. Using another trick (same one used with bitpixie earlier) it's possible to get the keys derived without going through the legacy integrity validation checks too if relevant.

You can see where this is going. It's possible to leak any file from a bitlocker encrypted OS partition into RAM as long as you can get the keys derived (ie, TPM-only scenario).

The catch is that booting into the NT kernel marks that memory area as free so it could get overwritten there, but there are other ways to dump the memory area, and a PoC is included with my preferred method (it's only a PoC so just displays a hexdump of the first sector of the file)

The video shows successful exploitation in my test VM, it has secure boot enabled (you can tell because VMware shows an efi shell option on the boot menu when secure boot is disabled).

#infosec #windows

In the 15+ years people have been promoting blockchains, this flowchart remains undefeated.

Morgen (Samstag) ist Roller Derby!

https://fearlessbruisers.at/events

#Innsbruck #FearlessBruisers #RollerDerby