Jeff Hodges

@jmhodges
496 Followers
248 Following
565 Posts

I like to be called Jeff. https://somethingsimilar.com

Was @jmhodges on Twitter

Jeff HodgesJan 3
AnarchoNinaWritesJan 2

*shrugs*

I understand Trump's base because I was raised by it. A lot of the liberals on your TV have literally no exposure to labor class fascists, don't understand how they think. One of the reasons I knew Trump would ranch the neocons was because I knew how much rank and file Republicans were not saying in public, but were saying around the kitchen tables.

They know they lost the culture war, and long ago decided that if democracy couldn't preserve open white supremacy, they were done w/it.

Jeff HodgesJul 27, 2024
shinypbJul 25, 2024

I know a lot of folks on here have feelings about the bird site. I have them too. But:

There is a time capsule from 2012 embedded in a glass case inside Twitter HQ. I helped put it there. The Computer History Museum said they'd accept it as a donation, and then all of the Twitter things happened. I'd love to retrieve it before they close the building.

I don't know anyone on the inside anymore. Anyone have any suggestions?

Jeff HodgesMar 31, 2024
Luis VillaMar 31, 2024
Sorry, folks, if you follow me and have no idea what the hell I’m on about today, here’s a quick explainer:
https://toot.cat/@skye/112184566541867183
skye (@[email protected])

for those of you who are like “what the hell are the computer people going on about today”: a small package that is widely used, including by the linux kernel itself, got a backdoor put in that would allow any interested parties access to affected systems. this backdoor was added by the maintainer of the package who took over from the overwhelmed previous maintainer. the backdoor that we know about is restricted in what systems it can affect and it did **not** make its way into stable releases. your ubuntu laptop is fine. but if this had gone undetected and they had added additional functionality, basically every linux system everywhere might have been made vulnerable (this includes all android phones, most routers, many vacuum cleaners, all kinds of servers and internet infrastructure, and more). it probably has not gotten that far (TBD, but it’s looking like it got caught early enough) but everyone is adequately terrified because it got discovered completely by accident.

Toot.Cat
Jeff HodgesMar 30, 2024
Gynvael Coldwind 🐈Mar 30, 2024

Some notes from analyzing the bash part obfuscation of the xz/liblzma part – link leads to the part I found most interesting – it was added in 5.6.1:
https://gynvael.coldwind.pl/?lang=en&id=782#stage2-ext

TL;DR: in 5.6.1 there's some code added that looks for specific signatures in files in tests/files, and if found, it grabs some data from these files, deciphers them, and executes them. NO FILES WITH THESE SIGNATURES EXIST YET, so it's like a way to extend the backdooring scripts in the future by just adding new binary test files. Guess things weren't supposed to end here.

#xz #liblzma

xz/liblzma: Bash-stage Obfuscation Explained

Jeff HodgesMar 29, 2024
Show threadAndresFreundTecMar 29, 2024

I was doing some micro-benchmarking at the time, needed to quiesce the system to reduce noise. Saw sshd processes were using a surprising amount of CPU, despite immediately failing because of wrong usernames etc. Profiled sshd, showing lots of cpu time in liblzma, with perf unable to attribute it to a symbol. Got suspicious. Recalled that I had seen an odd valgrind complaint in automated testing of postgres, a few weeks earlier, after package updates.

Really required a lot of coincidences.

Jeff HodgesMar 28, 2024
This account has movedMar 27, 2024

It is 2024, and we're back once again on the "to counteract malign Russian influence, we must adopt speech-suppressing laws identical to those they have in Russia" bullshit. This time, the offending party is the California state legislature. Californians, call your state senators to oppose SB 1228:
https://leginfo.legislature.ca.gov/faces/billNavClient.xhtml?bill_id=202320240SB1228

"This is like Russia!" isn't hyperbole, it's a literal fucking actual law they passed a whole-ass decade ago:
https://www.theverge.com/2014/5/7/5690410/putin-signs-law-forcing-bloggers-to-register-with-russian-media-office

Bill Text - SB-1228 Large online platforms: user identity authentication.

Jeff HodgesFeb 27, 2024
Show threadCodaFeb 26, 2024
Here's the design, sketches of IND-CCA/sUF-CMA proofs in the multi-user insider model, and a neat lil Rust impl: https://github.com/codahale/pqc-signcrypt
GitHub - codahale/pqc-signcrypt: An entirely untested, unproven post-quantum signcryption scheme.

An entirely untested, unproven post-quantum signcryption scheme. - codahale/pqc-signcrypt

GitHub
Jeff HodgesFeb 17, 2024
Yao Yue 岳峣Feb 17, 2024

The common link behind the companies challenging NLRB's legal authority is Morgan Lewis. They represented Elon Musk's various companies, Trader Joe's, and Amazon in many NLRB cases. The lawyer leading the charge for Morgan Lewis, Catherine Eschbach, was also present at my NLRB hearing during the first day, during which X/Twitter was represented by another Morgan Lewis attorney.

Morgan Lewis is, and has been for a very long time, one of the most anti-union law firms in the country.

Jeff HodgesFeb 6, 2024
You're on macOS. Which are you picking?
Colima
60%
Podman
40%
Poll ended at .
Jeff HodgesJan 2, 2024
scott fJan 1, 2024

It is now illegal in California to park a car within 20 feet approaching a marked or unmarked crosswalk (i.e. most intersections), even if the curb is not painted red.

Cities can’t write tickets for this until Jan 1, 2025 but can write warnings now.