Docker and docker-compose to help build AOSP or GrapheneOS and Chromium. Maybe someone might find it useful.

Hmm, can't seem to find how to enable and enforce 2fa in Jira. Looks like it doesn't support it out of the box. Or I'm missing something.

I've a catchall email on my domain and since yesterday started to get messages to different addresses like d7769fa77@doman.tld. The weirdest thing is that those are all registration confirmations from Facebook and some other social networks. Wtf?

Have been using it for some time now, and the main observation is this thing is for geeks. I'm not sure if an average user will want or will be even able to setup it

Hmm, No results found for "Google Citadel C2-PVT"

However protecting user data by automatically wiping the device with locked bootloader if debug cable is connected sounds like a good idea

Hmm, nope actually it seems I messed up it myself

Connected debug console to my Pixel 3 and it wiped out the device completely, so it doesn't even boot saying no valid os found.

Google Citadel, huh

Tweet from Hector Martin (@marcan42), at Jan 3, 19:53

Anyway, if you rely on BitLocker in TPM mode (boot without PIN), you should know that anyone can steal your computer, sniff 32 bytes off of the LPC bus, stick them into libbde, and decrypt your disk. Yes, it's that easy. Solder 7 wires to $favorite_fpga_board, decrypt drive.

Finally managed to install to the desktop (Ryzen / Radeon RX550) as well. Using inst.vnc option. It appears that the kernel 4.13 used in installation iso doesn't support the rx550 video card properly.


That browser issue you've been talking about. It's now exploited in the wild by Russian authorities This script is loading on the main page and scans open ports on

Can't wait to try hardened malloc in my own AOSP build


Tweet from DanielMicay (@DanielMicay), at Dec 22, 02:53

I've published sample releases of AOSP 9 with the next generation hardened malloc implementation and some other changes at It's at the domain I registered for the Updater app for the time being since I don't have a name for the OS hardening project yet.

The new toy has finally arrived. This is a OnlyKey, a pin protected GPG, SSH, TOTP, U2F and password manager hardware dongle with some other interesting features. Also compatible with yubikey OTP.

How is it different than any other tokens? The firmware is

Friendly reminder: don't use the same password for everything.

Botnet brute forcing login on one of the projects I manage. A lot of breaches happened recently and tons of login/password pairs leaked, and crooks trying to find the ones that will work somewhere else.

Interestingly telegram nginx version banner is 1.12.2 everywhere which is an outdated and vulnerable version. Probably to misguide attackers. But the common practice is to hide the version completely.

Show more
Mastodon for Tech Folks

This Mastodon instance is for people interested in technology. Discussions aren't limited to technology, because tech folks shouldn't be limited to technology either!

We adhere to an adapted version of the TootCat Code of Conduct and follow the Toot Café list of blocked instances. Ash is the admin and is supported by Fuzzface, Brian!, and Daniel Glus as moderators.

Hosting costs are largely covered by our generous supporters on Patreon – thanks for all the help!