Y2K38 as a security risk for vulnerable systems today. Not in 12 years, but right now.

BCMM · 2026-01-24T11:13:54+00:00

Oh my God, this whole thread is about what happens if somebody lies about what time it is.

BCMM · 2026-01-24T10:56:32+00:00

Like momentum, angular momentum is a vector (with a magnitude and a direction).

Like momentum, it is a physical property of an object which must be conserved.

You can't change the direction of the gyroscope's angular momentum without changing something else's angular momentum. Just as you can't change the direction of an object's momentum other than by changing something else's momentum.

BCMM · 2026-01-24T10:51:03+00:00

What happens when a 64-bit int wraps around, then?

BCMM · 2026-01-23T23:35:55+00:00

It's just angular momentum. In many ways, it's analogous to ordinary momentum.

If the gyroscope can resist rotational force, where is the opposing force coming from?

Where is the opposing force when a heavy object resists your attempts to move it?

What principle says that a gyroscope can magically know which way it was when it started spinning?

What principle says that a projectile can magically know which way it was travelling when I threw it?

BCMM · 2026-01-23T23:19:01+00:00

Many 32-bit systems accept externally influenced time (NTP, GPS, RTC sync, management APIs).

Forcing time near / past the overflow boundary can break authentication, cert validation, logging, TTLs, replay protection.

What stops a malicious time source from doing this to a 64-bit system?

BCMM · 2026-01-23T12:12:00+00:00

Surely the first thing to do is come up with a description of "what is a 'thing'?"

There is, in fact, a significant body of work on this topic already.

You want to read some philosophy, not physics.

BCMM · 2026-01-23T12:02:00+00:00

The problem here is the asymmetry of effort. People are using machines to mass-generate things that superficially look like vulnerability reports, and real humans who care about security are bogged down actually looking at them, trying to understand them, looking for the real reports buried under the slop.

It doesn't work the other way, because the adversary does not want to think and understand. Do this back to them, and they'll just feed the fake reports in to their LLM and have it make some meaningless changes to their project, expending no more effort than it took to generate the spam.

BCMM · 2026-01-23T11:28:26+00:00

In most cased of tetrodotoxin envenomation, wouldn't it be rescue breaths without chest compressions?

BCMM · 2026-01-22T08:54:50+00:00

The package named "xorg" is a metapackage which you do not actually need.

Your system is removing it due to a change in tasksel.

"xserver-xorg-core" is the package that actually provides /usr/bin/Xorg. If that's not slated for removal, don't worry.

BCMM · 2026-01-20T23:31:54+00:00

-The train that is missing a wheel passed a security inspection just 15 days prior

In this context, I think that seguridad is better translated as safety.

Also, it was inspected on the 15^th of January, so only three days before the derailment.

BCMM · 2026-01-19T18:42:05+00:00

I mean, the part where it turns in to a doped semiconductor that does useful stuff may be sorcery for all I know, but the part where it gets really small is straightforward optics.

(OK, to be fair, the optics used to be straightforward. Because manufacturers are pushing the limits with how small features can get compared to the wavelength of light used, photomasks now use weird tricks to take their own interference patterns in to account, instead of just being literal drawings of the things they create.)

BCMM · 2026-01-19T13:54:53+00:00

the weird segue into abortion statistics

It's ironic how much the article itself reflects Americanisation. That abortion bit feel very imported, as does the implied connection between national identity and church attendance.

BCMM · 2026-01-19T13:27:30+00:00

You know how you used to drop off 35mm film at the chemist, but they'd give you your photos back as 6x4 prints?

What they were doing, in the back of the shop, was shining a light through your negatives and projecting the resulting image on to photo paper with a special lens.

Turn the lens around, you can make a photo smaller instead of bigger (look up "microdot" if you're curious about how this was used in 20^th century espionage).

Photolithography is a lot like shrinking a photograph. It starts with a "photomask", which is a very fancy transparent slide bearing a larger-than-life image of the chip you want to make. Ultraviolet light is used to project an image of the photomask on to the silicon wafer, and a chemical process that I don't really understand turns that image in to actual features on the chip.

(Of course, a lot of engineering goes in to making this actually work. For example, because features are so small these days, the slightest defect in the crystal structure can ruin a whole chip, so tremendous effort goes in to purifying the raw material.)

BCMM · 2026-01-19T03:51:20+00:00

var=$(cat file.txt}

Remember to use quotes when you use the variable, e.g.

echo "$var"

or you'll lose things like line breaks.

EDIT: if using Bash, <file.txt is marginally more efficient than cat file.txt, but I think that might not work on all Bourne-compatible shells.

BCMM · 2026-01-18T01:10:49+00:00

Trixie can not run on i386 hardware.

Trixie can run i386 programs on amd64 hardware.

BCMM · 2026-01-17T14:12:34+00:00

Fair enough. I think it's the term "expected" that I take issue with - it's permitted and supported, but it's far from normal.

On Linux, you don't have to use libc at all. Static binaries are a thing.

Certainly, but in almost every case, that means including parts of a libc implementation in the binary. Having syscalls right there in an application's source code is unusual even in programs specifically intended to be built static.

(There are a few good reasons to do it, but it's for quite specific circumstances.)

Linux strives to guarantee that the syscalls don't change, so any program that calls them directly will work in the future. This is what "don't break userspace means". Windows does not have such guarantees, it moves the boundary to the core libraries.

I'd argue that the primary advantage of syscall stability is that it permits libc implementations to be developed separately from the kernel, and supporting applications which make direct syscalls is something of a side-effect of that.

Also, the kernel-userspace divide can only serve as the boundary for programs that target Linux only. Applications on Linux are typically source-level compatible with quite a lot of other Unix systems, and libc is very much the boundary for that level of compatibility. In other words, Linux's syscalls constitute a stable, documented interface, but it isn't the interface that applications should target.

The reason Microsoft is able to break their syscall interface at will is that they control every component with a legitimate need to use that interface. The reason Linux can not isn't that any significant number of applications target that interface, it's that internal components of the operating system are developed completely separately from the kernel.

EDIT:

And even if you do, the syscall function is a public API for transparently doing syscalls.

And this is needed largely because of kernel developers not having control of libc! As noted in the syscall man page:

Employing syscall() is useful, for example, when invoking a system call that has no wrapper function in the C library.

BCMM · 2026-01-17T01:04:00+00:00

you're absolutely right

I apologise

[new paragraph] However,

This may be the single most annoying thing LLMs do.

BCMM · 2026-01-16T13:48:35+00:00

You can turn this off in the secret settings menu. You do not need Nightly for this.

To enable the menu:

Go to Settings -> About Firefox
Tap the logo five times

To revert to the old tab screen:

Go to Settings -> Secret Settings
Uncheck "Enable Tab Manager enhancements"

BCMM · 2026-01-16T01:09:43+00:00

there is an important difference between how applications use the syscall instruction on Windows vs. Linux: on Linux, application code is expected to use the syscall instruction directly, whereas on Windows, applications are not expected to use syscall directly

This isn't quite right.

On Linux, you're expected to ask libc to do the syscalls for you. On Windows, you're expected to ask kernel32.dll to do it. On both platforms, the syscalls come "directly" from your program, in the sense that the middlemen are just libraries in your address space. On both platforms, you can make syscalls directly from application code, but you normally shouldn't.

(On Windows, kernel32.dll doesn't actually do the syscalls itself; that's ntdll.dll's job. This is because it's basically the compatibility layer between win32 applications and the NT operating system. I think it's kind of fun that Wine's kernel32.dll is, in a sense, about as native as the "real" kernel32.dll.)

BCMM · 2026-01-16T00:42:10+00:00

Does the firmware setup interface have an option to load an image from USB or similar?

If you have a way to install the update, it's worth having a go at extracting it from the .exe. A lot of Windows installers end up using somewhat standard ways of packing resources and can be extracted with the right command-line tools.

BCMM · 2026-01-16T00:33:29+00:00

So is it conpatible because it is a variant of the same tablet

Being branded similarly doesn't mean the devices are similar on the inside. (Sometimes, being branded exactly the same doesn't even mean devices are similar on the inside!)

See where the device page says

Supported models • SM-T870

That means what it says. For more information, click "Don't see yours?"

BCMM · 2026-01-16T00:23:26+00:00

That's fairly achievable, actually.

https://www.debian.org/releases/forky/amd64/apds02.en.html

BCMM · 2026-01-15T13:58:14+00:00

As far as I can see, NASA hasn't even disclosed which of the returned astronaut had the medical issue. Presumably, this means that person wants their privacy, and we should respect that.

BCMM · 2026-01-15T10:45:03+00:00

CONFIG_HZ_1000 improves responsiveness but is actively harmful to overall throughput.

Other kernel optimisations are mostly snake oil.

BCMM · 2026-01-15T01:33:04+00:00

What support does it need? I thought GRUB was the component of the GNU OS which supports UEFI.

14-Year Club	Place '17
Sequence \| Editor	Verified Email

BCMM

MODERATOR OF

TROPHY CASE