Notices by Matthew Garrett (mjg59@nondeterministic.computer)

I think I've made the mistake of having a favourite hotel in London

Campaign for the FCC to require not only external pictures and internal pictures, but also how to get the fucking thing apart

Someone just left a comment on a blog post I wrote over a decade ago describing a significantly more elegant solution to the problem I was facing, and despite me absolutely not facing that problem any more I appreciate the information

I know I have some former OLPC people here so was anything actually published in terms of the ergonomics and efficiency of the hand crank proposal or did that just all vanish with a "We shall not talk about this" kind of thing?

The internet is hilariously unable to make its mind up about whether I'm secretly working for Microsoft or secretly working for the NSA

Reading djb's latest and wondering if I need to give trusted friends some sort of safeword that indicates I'm heading in a bad direction

I have been learning more about PDFs than I really wanted to for maybe the absolutely most funny reason possible - letting agency forgery: https://mjg59.dreamwidth.org/73317.html

Well that's a new one, a letting agency just sent me an agreement containing my signature that is not the agreement that I signed (it has an additional clause added)

You obviously can't use LLMs to review code written by LLMs. So you still need people who know how to read code. How do you get those people without having people write code?

A fun thing you can do right now to test whether your system will stop booting next week because of a secure boot certificate expiring!

1) Does your system currently have secure boot enabled? If not, go to step 5
2) Download Fedora 42
3) Does it refuse to boot with a secure boot violation? If not, go to step 5
4) This is interesting and unexpected! Please let me know, you will literally be the first
5) Nothing is going to happen to you next week

It's never DNS, except when it is DNS, except when it's actually because you accidentally blocked all UDP but AXFRs worked because TCP and it's all fine until your secondary DNS finally gets bored ANYWAY glad this all happened while I was on a plane

Off on holiday for the next week and a half, so the shitposting is likely to be happening in a different timezone

Only one more week to take advantage of https://nondeterministic.computer/@mjg59/115048295075274818 (so far nobody has, so I assume at this point everyone is on board with the idea that nothing whatsoever is going to happen as a result of non-existent secure boot certificate expiry on 2025-09-11)

@lxo Then you "just" impersonate the time source, and it's clear that it's a control tool and not a security one

@lxo that's an unsolvable problem - how do you verify that your remote time source is authentic without verifying its certificate, which you can only do if you already know the time? X509 expiry just isn't the mechanism that would be used here, it would need to be a call out to a remote service to verify what you're booting, like Apple's notarization protocol. Nobody has yet proposed that for UEFI, and I think there'd be strong pushback if they did. The industry has changed in the past 15 years.

@lxo I wrote about this last month - literally nothing happens this September, and there should be no impact even after the actual expiration next June. https://mjg59.dreamwidth.org/72892.html has more details.

@hellomiakoda then you are not the target of this thread

@hellomiakoda https://mjg59.dreamwidth.org/72892.html

People who are still inclined to believe that Linux systems will stop booting next month because of secure boot rollover! Send me evidence that you have donated to a charity and, if Linux stops booting on any system after 2025-09-11 because of some sort of certificate rollover bullshit, I will (your choice) either match that donation or pay you back your donation (you will need to deal with the tax consequences), up to a total of $50,000.

@dalias "Secure boot is an advert for Linux" is something I'm happy to be onboard with