Happy belated new year! Linux 6.19 is now out in the wild and… ah, let’s just cut to the chase. We know what you’re here for! 😁

https://asahilinux.org/2026/02/progress-report-6-19/

Thank you once again to everyone supporting us on OpenCollective and GitHub Sponsors!

"Choose" I think the word you were looking for there was "choose."

#lockPicking

Today's threads (a thread)

Inside: The Reverse Centaur’s Guide to Criticizing AI; and more!

Archived at: https://pluralistic.net/2025/12/05/pop-that-bubble/

#Pluralistic

1/

For whoever might be interested, finally got some time to put together an iBoot & SecureROM loader for both Binary Ninja and IDA that maps segments (TEXT, CONST, DATA, BSS) correctly.

https://github.com/jonpalmisc/ibis

i see an argument that mastodon.social is needed for onboarding

so, let’s do something very scientific: which fedi instance did you start with?

(boost for bigger sample)

(mastodon forks count as mastodon)

edit: can’t believe i have FAQs for a poll but here you go:

• “what counts as big?” → use your subjective judgement. the “scientific” part is a recurring joke in polls here so don’t worry too much about it. here are some suggested criteria, but feel free to use your own:
  • if it needs a team to moderate, it’s big
  • if the local timeline is always busy, it’s big
  • if the monthly active users are in thousands, definitely big
• “what does ‘current instance’ mean?” → it means the one you started with is the one you’re currently on
• “what if more than one options apply?” → if you starts on mastodon.social or if you self-host, select the respective options. if both of those apply, then you must be gargron, in which case please choose whichever option you want.
• “does managed hosting like masto.host count as self-host?” → i’d say yes, but if you feel like it doesn’t, then don’t count it.
• “if i join it but immediately switch to another, which one should be the answer?” → whichever one makes you think “so this is fedi, it’s worth a try/worth staying on”
• if you already voted but with a different assumption from what said above → don’t worry about it

I've seen a number of people (including some well-respected people in the infosec sphere) promoting a particular blog post/writeup recently about the macOS secure boot chain. As someone who has done a fair bit of research and reverse engineering of iBoot and Apple's secure boot chain over the years, this naturally piqued my interest so I decided to take a look, at minimum to see how much it lined up with my RE of iBoot over the years.

Unfortunately after reading the blog post thoroughly, I can pretty confidently say this: the writeup is almost certainly a pile of AI slop. Let's dive into it and discover some major red flags that I found.

Let's talk about something that I think a lot of the people reposting this post haven't realized yet: this post was very factually wrong when it was first posted. (Here is a link to the earliest version on the Wayback Machine, very good resource btw ) Shoutouts to @nicolas17 btw for making archives once he noticed the article rapidly changing, he puts in a lot of work in the archival side of things that imo goes very unnoticed, but his work helps Apple security research in the long run.

This original version of the post has several factual errors (there are too many to list but some of the VERY obvious ones include Apple silicon chips starting at EL3 when no M-series Mac chip has implemented EL3 (which is optional per ARM spec) In addition there is contradictory info about the ECID, incorrect info on security fuses, etc, there's a LOT of slop to digest here along with tons and tons of jargon that makes no sense.)

The fact the post gets stuff wrong in and of itself is not the issue (a mistake here and there is completely understandable and in fact quite human), the issue is with the magnitude of how many factual errors were posted publicly, seemingly without any fact checking or sourcing, it really is quite egregious just how wrong this post is (even the current version of the post still has many of these errors), especially to any person who has even took a cursory glance at iBoot or the secure boot chain.

The syntax, per people I discussed this with, screams that it was based on prompting Claude (an LLM that seems to have more natural writing style than some of the others.)

However, what really is super insidious is the history behind this post. This is a link to diffs of the post over time, and it's pretty damning. The post had very very large chunks changed in very short amounts of time across multiple parts of the very long post, and with how long the post is, this is probably outright infeasible for a human to do in that short time frame (especially when incorporating time to fact-check the updated parts, which any writeup worth their salt imo should be doing.)

Per these two comments on HackerNews, along with the drastic changes mentioned before (especially considering that the post changed quite drastically between revisions, saved versions of which you can find here), it's pretty clear that what's been happening here is the person used AI to churn out this "writeup", then used the fact it was blatantly wrong to get people who knew how these systems actually worked to correct the post, and then told the AI to incorporate said corrections into the original post.

Let's be clear what's happening: the person is outright baiting people using this AI slop into correcting the post, incorporating said corrections without attribution to the people who corrected the post and then took the credit for said corrections silently. This isn't okay, this is a blatant abuse of community goodwill and the benefit of the doubt to fraudulently boost your own credibility and platform, without even a legitimate effort or attempt at doing proper research or fact-checking. (Not even diving into how LLMs are plagiarism laundering machines that yoink real human work and mash it together without any attribution.)

This "writeup" is nothing but of AI slop, and I strongly advise avoiding giving it attention. I'm very disappointed that people, even people I respect quite a bit, are promoting this like it's legitimate without reading it deeper and realizing this is AI slop.

Here are some writeups I strongly recommend reading, that have real, human, legitimate research placed into them:

• This fantastic writeup/thesis by Mortiz Steffin and Dr. Jiska Classen on the GXF-protected portions of iOS (SPTM, TXM, Exclaves/SecureKernel) and how it all makes XNU closer to a true microkernel architecture.
• JJTech's writeup on iMessage and how it worked as of 2023 (yes, 2023 was two years ago, but this writeup is still worth reading regardless)
• Snoolie's writeup on an Apple Archive vulnerability, this is a great writeup that goes further in depth on CVE-2024-27876.

it's a pity on x86 everyone uses XOR AL, AL instead of MOV AL, 0
because we're missing out on the scariest instruction encoding:

b0 00!

TIL: Ever wanted to compress data or use cryptographic algorithms but you don't want to link to C libraries or you're just plain lazy?

The Linux kernel has you covered! Create a socket of type AF_ALG, bind to your favorite algorithm, send() in your data and recv() it back!

This seems to support deflate, SHA, RSA and some more on ppc64le and additionally even zstd, chacha, lzo, hmac and more on ARM!

https://www.kernel.org/doc/html/latest/crypto/userspace-if.html

Two new https://arm.jonpalmisc.com updates:

- the search bar should now return better results thanks to better page indexing; and

- when it doesn’t, there are now “all instructions” and “all registers” pages you can CMD+F manually.