Fancy RetroArch resampler tests, and some more optimistic graphs if you only count the threshold of human hearing:

if you have Norton Antivirus or Norton VPN, delete the software ASAP.
Norton is automatically installing and running a cryptocurrency mining program in the backgrounds of their users. There is no text box asking to confirm the use of this program and is installed automatically, it runs during โ€œdowntimeโ€ on your computer . While the official announcement said that this program was exclusive to the US, international users are reporting it as well. We donโ€™t know the exact scope yet.

ROFL, Commander Sterling posted their Shittiest Games of the Year video, and it features Pokรฉmon Unite as the shittiest game of the year, for being gross child bait designed to bilk children of their parents' money. I've seen several people in my timeline playing it seriously, though, so it's apparently also successful as furry bait, too.

on the Amazon warehouse disaster (long) 

The Amazon warehouse collapse reminds vee of my own brushes with companies that put their profit over worker safety in such a flagrant manner.

The thing is, from the inside, it's never quite so flagrant. There's never a human being telling you to your face "Yes we're putting you at risk to keep our profits up". It's always a policy, an oversight, a glitch, something that's being worked on.

My first real job was a call center in Florida. I remember when hurricane season hit and we were given a number to call each day before leaving for work to check if the office was open. It always was. Every time.

I remember one particular day we had a predicted hurricane landfall set for my commute hours. I decided not to go; I'd be spending half an hour on the road right when it was projected to hit; no way. I tried to call in, using the automated PBX garbage we were instructed to. It was "down".

I tried to call my manager, couldn't reach him. I eventually called HR directly and was told if I didn't submit my call-in to the PBX I'd be considered a no-show and terminated. When I explained the PBX was down, the rep repeated their statement verbatim. I explained again, they repeated again.

They didn't know (or rather wouldn't tell) who to contact about the PBX being down. They said it was an oversight in process and they'd look into having someone to call for next time.

That's when it kind of clicked for vee, you know? I refused to go in; I got "lucky". The office got closed basically by order from the state. Next time I went in for work, parts of the building were damaged; I got seated next to a blown out window. I got rained on during my shift.

In my next manager meeting I relayed this story to him. He nodded slowly and jumped into an obviously rehearsed speech about "Yes our policy says you must call the PBX to call in. It being down is an oversight. We will consider revising the policy in the coming weeks"

They never did. They didn't because this was all deliberate. Never tell your workers "We're abusing you", but put up velvet ropes so they can't exit the planned path. The planned path being abuse.

It's never flagrant. They never bold-faced tell you. They just wall you in, force you to follow a protocol, and claim any abuse baked in is "a glitch", then never fix it. They blame the slow wheels of business, every time. A fix is coming, once all the stakeholders sync up.

Then people die because with no humane, basic respect for their safety and dignity, they're left with the choice to submit to the abusive system or be victimized "by policy"

I'm not surprised this happened.

i certainly don't think concerns about quantum computing breaking current public-key cryptography are unfounded, but this paragraph coming right after the wikipedia article on shor's algorithm talking about how rsa relies on the factorizations of huge numbers reads hilariously

"They say disk space is cheap. This is not true, not for the root devices of modern computers. Built-in storage has in fact been shrinking." โ™ฅ

yesterday i learned a lesson i already knew about proprietary software

i plugged in my old iPad and asked it to download some episodes of Behind the Attraction to watch on the plane

then i put it in my bag and eventually boarded. once we got to 10,000 feet, i pulled out my iPad and was greeted with, "Please go to the App Store to update Disney+"

except, of course, i was in the air on a regional jet with no wireless, and i didn't need that update anyway because i just wanted to watch downloaded episodes!

anyway piracy is in every way better and more ethical than using subscription streaming services

Spotify is paying right wing activists for their content, and promoting it to all their users through the podcasting feature.

Add your voice to a petition for them to stop it, on their community platform:

another NFT casualty (Poolsuite FM) 

Poolsuite FM has joined the 'were gonna sell pointless ponzi shit' crowd.

I've stopped listening to them for a while now, they seem to be bumming their intangible brand off of other peoples' freely-shared music anyways, but this made me make sure I had the app deleted.

Since #FreeBSD hasn't enabled WX, its (already ineffective) ASLR implementation is entirely useless.

I started this thread with a story on an old, 1990s-era underground hacking group.

It's almost 2022, and the situation hasn't changed for FreeBSD, even with the project's recent work on exploit mitigations.

Until these core issues are addressed, exploitation of applications on FreeBSD systems will always be much easier than on other OSes with battle-tested implementations.

Exploiting FreeBSD systems today really doesn't look much different than it did in 1998.

But wait, there's now stack cookies! Unfortunately, stack cookies are incredibly easy to bypass. I've popped shells before bypassing the stack cookie on a simple integer overflow vulnerability. It took me a couple hours to write the exploit. I then set up a lab with a few dozen FreeBSD systems and ensured that I could reuse my exploit on all the systems without modification of the exploit payload.

Both base and ports do not enable PIE by default. Applications MUST be compiled as PIEs, otherwise the application is loaded at a deterministic address.


Suggestions I would make to FreeBSD:

  1. Apply randomization to both the stack top address and a gap.
  2. Randomize the shared page
  3. To avoid AS fragmentation and perf hits, use deltas calculated at image activation time.
  4. Compile "ALL THE APPLICATIONS!" as PIEs.
  5. Implement and enable by default a WX implementation that differentiates between mmap and mprotect. Pages shouldn't be created WX (mmap) and shouldn't transition between W and X (mprotect).
  6. Simplify the sysctl knobs. There's so many sysctl knobs that sysadmins will likely have a hard time understanding what's going on.
  7. Remove the unneeded complexity of the ASR implementation.
  8. Research history on old hacking groups and how they operated. Since FreeBSD's late to the game, they have the opportunity to innovate. FreeBSD's literally starting from a single (now considered ineffective) 2001-era exploit mitigation (stack cookies).
Show thread

aaron swartz remembrance day, sui ment., US justice system, pol, maia, boosts ok 

it's aaron swartz remembrance day today and i feel like i should use this to talk about something i think about a lot and that i think should be more widely talked about.

aaron's death was murder. it's as simple as that. the way the us justice system deals with hackers and other "national security threats" (and just the US justice system in general) is explicitly to break people. it's psychological torture intended to either make you bend to their will, off yourself or just become a psychological wreck that is no longer a risk to the system. i don't think it's really possible to understand this until you're subjected to it yourself, and unfortunately i'm subject to a small degree of the same pressure.

the main weapon the US justice system uses to break people is uncertainty, you don't know what's going to happen to you, you don't know when it's going to happen to you and you might just not hear anything for a year. but during that entire time you're aware of the fact that the US may be watching you at all times, they can use all tools at their disposal and anything you say or do can and probably will be used against you in your case. i'm still not entirely sure how good it is for me to talk about this stuff, i'd talk about it a lot more often if i knew (or not at all). they also break you with the conscious misunderstanding of facts, of what you've done, the fact that they do not care about the publics opinion, they make it very clear that they can do with you whatever they want. this all on top of the usual pressure such as like the prospect of the actual sentence itself, the money this kind of case requires, the constant fear of losing even more, not knowing when and if ever you can freely speak and travel again, not knowing when your last free day for the next two decades will be and the painful realization that there is absolutely no guarantee that there isn't just another sealed indictment waiting for you around the corner.

it's hard not to break under this pressure. i fully understand the decision of everyone who broke under this, rest in peace aaron, rest in peace kevin, rest in peace everyone i forgot about. i will try my best not to break, purely out of spite, out of anger in the name of everyone who broke before and because i have the small advantage of not actually being in the US. but let me tell you, if i do break, please don't hold it against me, understand that this is not something any human should ever have to go through, no matter what they may or may not have done.

this is not a call for sympathy, this is a call for anger.

gee i sure do have over 680 different IPs in my server log pretending to be specifically Chrome/87.0.4280.88 while doing nothing but scraping fedi metadata

you might wanna block that UA or serve garbage to it if you run an instance just saying

asexual being used against trans, leading to racism 

Caught this from Bird site. Terfs are now saying that hormone blockers for kids have a โ€˜side effectโ€™ of making them asexual.

And then this leads into, white kids not wanting to get married and have kids of their own, and bam, itโ€™s all just white replacement conspiracy.

Whoโ€™s surprised that terfs are really just Nazis?

I swear, everything is just racism all the way down.

Also, ace/aro are part of the queer community.

I can't believe that Google can't find the phrase "turf gets the mower" or "TERFs get the mower" any more. Pity it was only posted on Twitter, where such well deserved threats can get you mass reported and suspended.

How much Gargron is probably making 

By numbers, Gargron is getting...

* 683 patrons giving him $7,164 per month.
* From data from, $11,200 in sponsors ($300 to have logo on front page * 30 = $9,000/mo + $100 to have logo on sponsor page + 22 logos not appearing on the front page)
* Likely more than above due to not knowing exactly how much sponsors are giving him, but given there are casinos sponsoring him, the number is likely much higher.
* Likely other ad-hoc donations from elsewhere

But based on public info he is getting $18,364 *per month* *AT THE MINIMUM*

And people just think this is a totally normal thing for an "open source" project?

Software authors need to make a living. He is doing far more than that. He is making $220k a year from this.

He can go fuck himself.

Intellivision Amico PSA, white supremacy 

In case you were curious about this console...

The CEO of Intellivision, Tommy Tallarico, follows white supremacists on Twitter and calls critics of the Amico 'communists' and 'gaming racists' (lol)

Furthermore, the console has dubious specs, a dubious release timeline, expects an insane cut of developer revenue ('about 50%') and has possibly been misleading its investors.

Show older

kode54 / kuroshi ๐Ÿณ๏ธโ€๐ŸŒˆ's choices:

The Vulpine Club

The Vulpine Club is a friendly and welcoming community of foxes and their associates, friends, and fans! =^^=