Kramatorsk, Ukraine

Your daily reminder that journalists are parasites on productive society.

“With apologies to Clarke and Dawe. INTERVIEWER: Thank you for joining us Senator Collins. Now this OpenBSD vulnerability that was revealed earlier today– COLLINS: The one where the kernel panicked? INTERVIEWER: Yes COLLINS: Yeah, it's not very typical, I'd like to make that point. INTERVIEWER: Well how is it untypical? COLLINS: There are a lot of these packets going around the world all the time and very seldom does anything like this happen. I don't want people thinking that C is not safe. INTERVIEWER: Was this C code safe? COLLINS: Well I was thinking more about the other ones. INTERVIEWER: The ones that are safe. COLLINS: Yeah, the ones that don't panic the kernel. INTERVIEWER: Well if this wasn't safe, why was it running at ring zero on millions of machines? COLLINS: Well I'm not saying it wasn't safe, it's just perhaps not quite as safe as some of the other ones. INTERVIEWER: Why? COLLINS: Well some of them are built so that they don't segfault at all. INTERVIEWER: Wasn't this built so it wouldn't segfault? COLLINS: Well obviously not. INTERVIEWER: How do you know? COLLINS: Well because a selective ACK block placed 2^31 bytes away from the receive window, causing an int comparison to overflow, so the kernel concluded the same byte was simultaneously above and below the acknowledged sequence number, deleted the only hole in its SACK list, appended to a null pointer, panicking the kernel and pulling down the entire machine. It's a bit of a giveaway, I just like to make the point that that is not normal. INTERVIEWER: Well what sort of standards is this C code written with? COLLINS: Oh very rigorous software engineering standards. INTERVIEWER: What sort of thing? COLLINS: Well it's not supposed to crash, for a start. INTERVIEWER: What other things? COLLINS: Well, there are regulations governing which functions you're allowed to call. INTERVIEWER: What regulations? COLLINS: Well, gets() is out. INTERVIEWER: And? COLLINS: No strcpy. No strcat. INTERVIEWER: sprintf? COLLINS: Look, sprintf is fine if you're careful. INTERVIEWER: Are people careful? COLLINS: For the most part. INTERVIEWER: What else? COLLINS: Code's gotta be in source control. There's a test suite. INTERVIEWER: What does it test for? COLLINS: That it compiles I suppose. INTERVIEWER: So the allegations that it's a dangerous language that does next to nothing to check whether code is doing what it's supposed to, that's ludicrous? COLLINS: Absolutely ludicrous. C is a serious production language. INTERVIEWER: Well what happened in this case? COLLINS: Well the kernel crashed in this case by all means but it's very unusual. INTERVIEWER: But Senator Collins, why did the kernel crash? COLLINS: Well it got a packet. INTERVIEWER: It got a packet? COLLINS: The kernel received a packet. INTERVIEWER: Is that unusual? COLLINS: Oh yeah. Online? Chance in a million! INTERVIEWER: So what do you do to protect the internet in cases like this? COLLINS: Well we patched the bug upstream. INTERVIEWER: …leaving other vulnerabilities no doubt unfixed. COLLINS: No no no the bug has been patched. You might need to deploy it but– INTERVIEWER: But this class of vulnerability– COLLINS: It's not a class of vulnerability, it's a one-off bug caused by programmer error. INTERVIEWER: Well what else is out there? COLLINS: Nothing's out there. INTERVIEWER: There must be something. COLLINS: There is nothing out there. All there is, is code, and programmers, and fixes. INTERVIEWER: And? COLLINS: And untold numbers of exploitable kernel-level exploits. INTERVIEWER: And what else? COLLINS: And a 27 year old integer overflow. INTERVIEWER: And anything else? COLLINS: And large private models at AI labs discovering more vulnerabilities in secret. But there's nothing else out there. INTERVIEWER: Senator Collins, thank you for joining us. COLLINS: It's a complete void. Nothing worth thinking about. Oh, we're out of time? Could you call me a cab? INTERVIEWER: But didn't you come in a self-driving car? COLLINS: Yeah I did but… INTERVIEWER: What happened? COLLINS: Well the kernel panicked.”

X (formerly Twitter)

morphillogical 🔍 (@morphillogical) on X

With apologies to Clarke and Dawe. INTERVIEWER: Thank you for joining us Senator Collins. Now this OpenBSD vulnerability that was revealed earlier...

Police collecting bodies in Kherson, Ukraine, after a recent Russian FPV drone attack. Notice how fast they're moving? They're worried about themselves getting killed by follow-up attacks: Here's another recent example. A son whose elderly mother was killed. The police officer has to pull him away because they need to collect the body before a follow-up attack kills them too. I recently had an opportunity to visit the outskirts of Kherson. I turned it down, because I didn't have a good enough reason to be there to take that risk. Maybe I'll visit with a better reason; hopefully Ukraine pushes Russia back far enough that it's safe again.

Question: can I rent an Umbrel Air in the cloud? View quoted note →

So we just found a good deal on a Ford Transit van for ~4000€. Not as sexy as a truck. But the unit does need efficient transport to move soldiers and equipment around. At the moment we already have 2653€ left over from previous donations, so we just need another ~1500€ (~1725$) in donations to get them them that van.

The Mempool Open Source Project®

Explore the full Bitcoin ecosystem with The Mempool Open Source Project®. See the real-time status of your transactions, get network info, and more.

I also managed to do some interviews with some of the soldiers and foreign recruits of the unit. Flash Battalion is an English speaking one, so mainly from the US and UK/Commonwealth. It's telling how many of the recruits are conservative. One was even a self described MAGA Republican; another from New Zealand had previously worked in the gun industry in manufacturing. Which of course is now basically dead in NZ. Those videos should come out soonish once their editors finish. Sarah and I going for a walk to the east edge of Kramatorsk out by the (former) airport: Sadly that's getting to be a dangerous place to be. The road we were walking down had a few fibers left over from Russian fiber optic drones. Not a lot, yet. But we were about 14km away from the very edge of Russian lines. View quoted note →

The Russian port of Primorsk has received some kinetic sanctions:

How the fuck is this improv‽

“at work everyone was uncomfortable with using "master" as the main branch name on git so i changed it to "slave_coordinator"”

Fuck Russia.

Ukraine's recent air strikes on the Russia's Kremniy El microelectronics factory managed to kill 4 and wound 37. Including this guy: It's underappreciated how important it is to not just destroy factories, but also to kill and maim the Russian's working at those factories. It's a lot harder and more expensive to replace a skilled worker than it is to replace a tool bought from China. Cutting off his hand will probably prevent the deaths of dozens of Ukrainians. To that end, Ukraine should copy Russia's highly effective double tap strategy to discourage rescue operations. That man might still be able to train his replacement, or successfully work with his remaining hand. It'd be better if he had bled to death waiting for a rescue that never came.

Chełm, Poland