MerrittPlasma Setup has had its first release, as part of KDE's Plasma 6.6 release! I'm so excited for people to start using it 🎉 😁
https://merritt.codes/blog/2026/02/17/2026/_plasma-setup-release
@DomHeadroom
- 5 Followers
- 81 Following
- 60 Posts
Tommi 🤯💕 I Love Free Software Day 2026 💕
For this year’s I Love Free Software Day I am co-organising two special events, and I am super excited about them!
- 🧶 Knitting Our Internet at Snackbar Frieda, Rotterdam, on Friday Feb 13th at 18:00. All information here.
- 🛹 A reading of @kirschner’s Ada & Zangemann in English and in Dutch. After that, a conversation about Free Software maintenance as care work, together with @mayel from @Bonfire ❤️🔥 at the @internetarchiveeurope, Oudeschans 16, Amsterdam on Saturday Feb 14th at 14:00. All information here. Info about the super cool poster in the post below.
#FreeSoftware #SoftwareFreedom #ILoveFS #ILoveFreeSoftware #ILoveFS #IloveFS26 #ournet #KnittingOurInternet #SnackbarFrieda #Rotterdam #Amsterdam #InternetArchive #InternetArchiveEurope #AZbook #Ada #AdaZangemann #reading #event #decentralizaion #InternetHistory #Internet
KDEWoohoo! Goal achieved! Our #fundraiser has reached €100K well before the end of year deadline🎉.
https://kde.org/fundraisers/yearend2025/
Thanks to all our generous contributors. You are truly the lifeblood of our community!
ellyAbout 1.5 years ago my friend was (falsely) accused of terrorism.
All of their electronic devices were seized, plus my stash of hard drives (stored at their place for reasons).
Of course police didn’t find any evidence. Culprit that impersonated my friend (and many others) got arrested recently (article in Polish).
Police returned the hardware few months ago and I found that all of my drives are now e-waste thanks to their carelessness, which made me (understandably) furious. I even considered suing them.
Said very good friend of mine entrusted me with their personal phone and pattern to unlock it. I charged and booted it for the first time since February 2024 and were curious how it was pwned. I knew police used cellebrite on it.
My crime is that of curiosity
As it turns out, police forgot to clean after themselves (there was an attempt) and left payloads, logs, and backdoor intact.
Took a peek at the first-stage payload but it’s too complex for me to reverse-engineer on my own. It’s relatively well obfuscated, but I can tell it’s using RNDIS (likely spawning a server?) and TLS-encrypted connection to talk to Cellebrite box.
If you’re a security researcher (or just curious nerd with more spoons than me) and you would like to take a look - here you go.
Payload was uploaded onto the device on 2024-02-21. If you want to re-create the environment it was executed on, you will need a:
- Samsung Z Flip3 5G (SM-F711B)
- Android build SP2A_220305.013.F711BXXS2CVHF
Rough execution flow:
1. USB device plugged in (Cellebrite Cheetah)
2. USB controller switches to host mode
3. Gadget switching USB VID/PID to load kernel modules (hid_steam, hid_apple, hid_prodikeys, hid_logitech_hidpp, hid_magicmouse, hid_aksys and tries to exploit quirks)
4. Module 'hid_aksys' leaks memory
5. Screen unlocked
6. ADB key '82:E5:EA:F3:DC:D1:7D:CA:65:3C:D4:58:65:CD:81:8E' added to trusted keys on the device
7. First-stage payload '/data/local/tmp/falcon' copied onto the device.
8. Second-stage payload (seemingly) executed as root:
- /data/local/tmp/chrome-command-line
- /data/local/tmp/android-webview-command-line
- /data/local/tmp/webview-command-line
- /data/local/tmp/content-shell-command-line
- /data/local/tmp/frida-server-16.1.4-android-arm64
- /data/local/tmp/init
9. Data extraction (photos, telegram, firefox, downloads)
Have fun!
Kevin BeaumontWorth noting with Mastodon - one of the reasons for no cookie consent popup is.. there are no tracking cookies. At all.
Similar with official mobile apps, there's no privacy agreements etc in the app stores as there's no third party tracking.
Why is this notable? Try doing the same check on Facebook, X, Instagram, Threads, Bluesky or basically anywhere or anything else online. It's basically unheard of in 2025, as everybody else is selling you.
César Córcoles
Mark A. Rayner
TechAltarI've lately been quite obsessed with this app called StreetComplete. It gamifies contributing to OpenStreetMaps in a really nice way by giving you you little quests to do while you walk around. A fun way to get some steps in, to make you look closer at your environment and to do a good thing!
Play Store: https://play.google.com/store/apps/details?id=de.westnordost.streetcomplete
Fdroid: https://f-droid.org/packages/de.westnordost.streetcomplete/
