«Wenn du überredet, ermahnt, unter Druck gesetzt, belogen, durch Anreize gelockt, gezwungen, gemobbt, bloßgestellt, beschuldigt, bedroht, bestraft und kriminalisiert werden musst… Wenn all dies als notwendig erachtet wird, um deine Zustimmung zu erlangen – kannst du absolut sicher sein, dass das, was angepriesen wird, nicht zu deinem Besten ist.»Ian Watson
Network Security Services (NSS) is Mozilla’s widely used, cross-platform cryptography library. When you verify an ASN.1 encoded digital signature, NSS will create a VFYContext structure to store the necessary data. This includes things like the public key, the hash algorithm, and the signature itself.
The maximum size signature that this structure can handle is whatever the largest union member is, in this case that’s RSA at 2048 bytes. That’s 16384 bits, large enough to accommodate signatures from even the most ridiculously oversized keys.
Okay, but what happens if you just….make a signature that’s bigger than that?
Well, it turns out the answer is memory corruption. Yes, really.
The untrusted signature is simply copied into this fixed-sized buffer, overwriting adjacent members with arbitrary attacker-controlled data.Source: Project Zero
Vaccines currently are the primary mitigation strategy to combat COVID-19 around the world. For instance, the narrative related to the ongoing surge of new cases in the United States (US) is argued to be driven by areas with low vaccination rates . A similar narrative also has been observed in countries, such as Germany and the United Kingdom . At the same time, Israel that was hailed for its swift and high rates of vaccination has also seen a substantial resurgence in COVID-19 cases . We investigate the relationship between the percentage of population fully vaccinated and new COVID-19 cases across 68 countries and across 2947 counties in the US.Source: Harvard Center for Population and Development Studies, Cambridge, MA, USA, S. V. Subramanian
Download PDF: here
Told you so. *sigh*
The principles of capitalism are easily explained. It takes many poor people so that there can be few rich people. But if there were no more poor, there would inevitably no longer be rich. Then everyone could not afford everything, but everyone could afford the same thing. The rich are only rich as long as there is someone who has significantly less than themselves. There are several ways to do this, which have proven themselves in the past: Politics, religion and, in case of doubt, war.
In order to maintain the illusion of free speech and participation in the shaping of society, elections are held on a regular basis. The end is foreseeable from the start and the gap between rich and poor is growing ever greater. The big question that arises from this is: When will the poor notice that they are played?
Workaround steps for end-users to enable Legacy Game Compatibility Mode with affected games that have not received a software fix:
1. Power-up system and enter system BIOS setup.Source: Intel
2. Enable switch Legacy Game Compatibility Mode to ON (one-time only) in BIOS.
3. Save BIOS setup changes and exit.
4. Boot to OS.
4. Toggle Keyboard Scroll Lock key ON.
5. Launch affected game title.
6. Toggle Keyboard Scroll Lock key OFF after ending game title.
What the fuck, Intel!? Seriously? Scroll Lock?? ROFLMAO!!!
The outrage about the several hours of failure of Facebook was much greater than the outrage about almost two years of deprivation of basic rights, and that’s basically all you need to know about this society.
Researchers at DevOps platform JFrog demonstrated how an integer overflow flaw (CVE-2021-40346) can be abused to perform HTTP request smuggling attacks that bypass any access control lists (ACLs) defined in HAProxy.
Contingent on front- and back-end server configurations, attacks could also potentially see adversaries hijack user sessions, access or modify sensitive data, or exploit reflected XSS (cross-site scripting) vulnerabilities without user interaction, according to JFrog.Source: The Daily Swig
The Portuguese capital Lisbon has been in a state of emergency since Friday. Nobody is allowed to enter the city without a valid reason, the residents are only allowed to leave it with special permission. The official goal of this measure is to prevent the spread of the delta variant of the Sars-Cov-2 virus.
Let us remember what happened in China 18 months ago: At the beginning of 2020, entire cities began to be cordoned off under the same pretext and the freedom of movement of their residents was drastically restricted. The measures did not help, because within a few weeks the virus could be detected on all five continents.
So what we are seeing in Lisbon is the repetition of a measure that we already know will not achieve the goal set by those responsible.
So why is such a thing ordered?
To answer this question, one should first remember that a pandemic situation would never have been declared if the World Health Organization had not changed its definition of a pandemic in April 2009. Until then, one of the basic requirements for a pandemic was an “enormous number of deaths”.
In addition, in the course of the first cases of illness, the term “died of and with an illness” was introduced – a formulation that has never been used before and is just as scientifically untenable as the ban on performing autopsies on the deceased. Both of these measures have helped to drive up official death statistics.
However, the actual number of victims and the average age of those who died from the virus reveal something completely different: at no point did we have to deal with a global health emergency.
On the other hand, the measures ordered have had devastating consequences, and not only in the health sector: Parliaments have been sidelined, fundamental rights have been restricted in unprecedented ways and dictatorial structures have been set up worldwide, as we know them only from the darkest times of fascism.
In order to understand the motives behind the measures, one has to direct one’s gaze to a process that has assumed monumental proportions in recent years and has now completely dominated our lives: the concentration of ever more wealth and thus more and more power in the hands of the digital-financial complex, i.e. the alliance of the largest IT groups and the most important financial institutions in the world.
In contrast to the generally accepted view that our lives are largely determined by politics, it is this digital-financial complex that makes the trend-setting economic and political decisions in our time – single-handedly and worldwide.
Despite its power, this complex is currently facing a historical problem: the existing monetary system on which its rule is based threatens to collapse after being artificially kept alive by the central banks for over a decade and must therefore be replaced by a new one.
There is already a plan for this: the introduction of semi-private digital central bank currencies. These, however, will deliver people up to complete surveillance and total control by the state and the digital-financial complex. Its introduction would therefore, under normal circumstances, meet with tremendous social opposition.
For this reason, the leading forces in the digital-financial complex have obviously opted for the strategy of the Great Reset: They are using the end phase of the existing financial system to plunder it according to all the rules of the art and thus deliberately bring it to its complete collapse.
As soon as this collapse, which will be accompanied by severe social upheaval, comes up with the new money – not as a coercive measure, but as a humanitarian action, by using it as a saving straw for the millions of people threatened by unemployment and homelessness present in the form of the universal basic income.
The whole thing is a risky maneuver, because its successful completion requires that the majority of people do not oppose this path into digital imprisonment. Because of this, the digital financial complex is being forced to do everything possible to keep people at bay, to break their resistance and to ensure the highest levels of control, surveillance and intimidation until reaching its goal.
It is precisely for this purpose that arbitrary measures such as the cordoning off of the Portuguese capital are likely to serve, which incidentally is not due to a fatal epidemic, but because of an illness whose symptoms consist of headaches, runny nose and sore throat.Source: Ernst Wolff on KenFM
Computer chips have advanced to the point that they’re no longer reliable: they’ve become “mercurial,” as Google puts it, and may not perform their calculations in a predictable manner.
Not that they were ever completely reliable. CPU errors have been around as long as CPUs themselves. They arise not only from design oversights but also from environmental conditions and from physical system failures that produce faults.
But these errors have tended to be rare enough that only the most sensitive calculations get subject to extensive verification if systems appear to be operating as expected. Mostly, computer chips are treated as trustworthy.
Lately, however, two of the world’s larger CPU stressors, Google and Facebook, have been detecting CPU misbehavior more frequently, enough that they’re now urging technology companies to work together to better understand how to spot these errors and remediate them.Source: The Register
“One of our mercurial cores corrupted encryption,” he explained. “It did it in such a way that only it could decrypt what it had wrongly encrypted.”
They also have a short talk (~10 minutes) where they explain what happend.
Over the years I bought lots of compact-discs. The collection is massive (several hundred discs) and some of the discs are more than 20 years old, and to my mind in perfect condition. In order to preserve this wonderful collection for the future generation I decided to create perfect copies as FLAC files using EAC. Easy task: Install EAC, put disc into drive, click a button and wait. But there’s a catch. Due to the age of some of the discs some of them cannot be read properly. I checked the surface and it looks pretty perfect. No scratches, no marks, nothing. But the drive still had serious issues reading the disc. I use a new Asus BW-16D1HT and a new Asus DRW-24D5MT to extract the audio data. Very good drives by the way.
Still, EAC told me about read and sync errors on some discs. So, I canceled the extraction and again looked at the surface of the disc. Now, there were thin, matt clouds of some kind of patina on the discs, which were previously not visible. I guess, the laser made them somehow visible.
Since I was unable to remove them with a cloth and I didn’t want to ruin the disc, I tried a wet glasses cloth, and to my surprise it worked. Put the disc back into the drive and it had no issues reading it.
The downside of this is, since the patina is not visible prior trying to read the disc, I have to clean every disc before I put it in the drive regardless of if it’s dirty or not.