chat it happened again.

i think booting into windows somehow breaks my audio drivers on linux.

wuh? Linux has randomly decided I didn't need any audio output coming from the audio jack. Bluetooth headphones are fine. audio through hdmi too. only the headphone jack.

i decided to see what would happen if i deleted a few important directories, so i got rid of /proc, /dev, /sys and /snap (you can't delete all of it for some reason, but i removed everything i could)

at first not much happened, but some programs couldn't run and i wasn't able to mount any devices

i present to you: broken neofetch

i then wanted to to some Browsing, but firefox wasn't working since i broke snaps, so i wanted to download falkon. in the meantime i got bored and tried to open a new terminal

which was not possible. falkon finished installing and just, didn't work. it crashed whenever i tried looking up a site. didn't have much else to do so i wanted to check if the os would survive a reboot

guess rebooting doesn't work either. after forcing it to reboot it loaded just fine, with everything working correctly except for firefox. i'm guessing this is because /proc, /sys and /dev get moved from the initramfs to the root at boot or something, but /snap doesn't so it remains fucked

I just spent my entire fucking day dealing with initramfs issues (and a shit ton of help from a discord server) after upgrading from Ubuntu 22 to 24. I'm so fucking done with this distribution, I just need it for one class. Next time Im using mint and a distrobox.

Like

From 11 pm to 2 am all I did was hunt SO posts only for the issue being the ramfs file in kernel 6.8 being broken (it took an hour to restore) but guess what? IT NEVER RESTORED. I had to wipe 6.8 from the face of the earth god bless the fact that it still had 6.5.

linux side of tumblr why my monitor not turn back on when system come back from suspend mode.

i have early kms and i had to add the edid to my initramfs to get it working is there some other config file i need to put it in to make it work when coming back from suspend mode

my initramfs corrupted today this is your fault

It's true, I live in your computer and I eat the code. I'm not sorry.

@nala @linux @debian .@debian @ubuntu @cnet @techpowerup @wired @wireduk @pcwelt .@l inux .@arch @archlinux @xfceofficial @windowsdev @ubuntu  #nala ,  #stylistic #fron tend #for #apt stylistic frontends donot matter asmuchas the deep serious app in se rious systems but you    ************ #keypoint should offer to enhance bootscreen these agony rescue shells either ma n update-initramfs  iiiiiiwould enhanc e it additionally with: as: logfile integration into commandfeedback offered option or automatically  makecommands functional but in full control ************ ie  offer or automatically mount ramdrives circu mvent (whensome shxitballs fail on lackof storage etc) becausehowitis is fail myt hic and logfile w h e r e v e r tonsof logs everywhere clogging drivespace #refr amed ireally like your apt frontent verwork goodjob! iamjustnotsure how much added benefit fromsomething automatic unproblematic is but itis  a a a a w y e s  l e a n thankheavens but mediocre gain onthe re aldal may slow you down I am Christian KISS BabyAWACS - Raw Independent Sophisti cation #THINKTANK + #INTEL #HELLHOLE #BLOG https://www.BabyAWACS.com/ Inquiry@BabyAWAC S.com [email protected] Helpful? support. donnate. pa y. https://wise.com/share/christiank426 https://www.paypal.com/paypalme/christiankiss

@nala @linux @debian .@debian @ubuntu @cnet @techpowerup @wired @wireduk @pcwelt .@linux .@arch @archlinux @xfceofficial @windowsdev @ubuntu #nala , #stylistic #frontend #for #apt stylistic frontends donot matter asmuchas the deep serious app in serious systems but you ************ #keypoint should offer to enhance bootscreen these agony rescue shells either man update-initramfs iiiiiiwould…

The Case of the Vanishing Mouse: When Chrome Eats Your USB Devices

You know that moment when you're 47 Chrome tabs deep into "research" (read: watching YouTube tutorials for hobbies you'll never start while simultaneously checking email, Reddit, and that one website where people draw mustaches on renaissance paintings), and suddenly your USB mouse decides it's had quite enough of this digital circus and ceremoniously disconnects itself?

It's not being dramatic. It's not mercury retrograde. It's a genuinely fascinating hardware quirk that exposes the precarious timing ballet happening inside your computer.

What's Actually Happening

What I've discovered through extensive analysis (and by "extensive analysis" I mean "becoming irrationally angry at my mouse and diving into kernel logs") is a delightful system architecture quirk:

When Chrome tabs consume significant CPU resources (mine were cheerfully gobbling ~44% each), the system experiences microscopic delays processing USB interrupts. For most devices, these delays are inconsequential—like being one person behind in line at the coffee shop. But USB mice, especially low-speed ones, are the technological equivalent of that person who checks their watch every 8 seconds while waiting for the elevator.

The error (-71 EPROTO) translates to: "I asked a question and didn't get an answer fast enough, so I'm disconnecting myself in protest."

The Class Divide of Input Devices

The most fascinating part? Your laptop's built-in touchpad continues working flawlessly during this mouse rebellion. This is because your touchpad lives on computing's equivalent of the Upper East Side—it connects through dedicated internal buses with VIP access to the kernel. When it speaks, the system listens.

Meanwhile, your USB mouse is essentially showing up to the party without being on the guest list, forced to communicate through the baroque bureaucracy of the USB stack, desperately hoping someone important notices its increasingly frantic message requests.

The Fix (Besides "Use Fewer Chrome Tabs" Which We Both Know Isn't Happening)

For those who refuse to close their 83 open tabs explaining why you should close your tabs:

#Tell your kernel to respect the mouse's feelings echo "options usbhid quirks=0x[your-vendor-id]:0x[your-product-id]:0x40" | sudo tee /etc/modprobe.d/usbhid-mouse-fix.conf # Boost USB interrupt priority

echo "options xhci_hcd interrupt=7" | sudo tee /etc/modprobe.d/usb-priority.conf # Refresh your kernel's perspective on life sudo update-initramfs -u

This essentially tells your system: "I don't care if Chrome is in the middle of rendering 47 JavaScript-heavy tabs about cryptocurrency—when this mouse speaks, you LISTEN."

The Broader Existential Crisis

The truly delightful thing about this issue is how it exposes the fragile assumptions underpinning our computing experience. We've built technological cathedrals on the digital equivalent of "well, it probably won't rain THAT hard."

So the next time your mouse vanishes while you're deep in a Chrome rabbit hole, know that you've stumbled upon one of computing's hidden fault lines—where timing-sensitive hardware protocols crash against the resource-hungry realities of modern web browsers.

And remember: your laptop isn't broken. It's just experiencing an existential crisis about resource allocation priorities. Aren't we all?

me (trying to walk him through an arch install): initramfs is like a temporary file system the kernel chucks in there to get things up and moving.

my british cat: i thought you knew? why are you asking me?

Chimera-Linux with btrfs

Chimera Linux is a rather new from the ground up Linux Distribution built with LLVM, MUSL, BSDUtils and dinitit comes with GNOME and KDE Plasma. It, however doesn't come with a installer so here's how to install the KDE flavour with btrfs root and home directories plus a swap partition for use in Linux KVM with UEFI.

Step 1. Get a Chimera live image from https://repo.chimera-linux.org/live/latest/

I use the chimera-linux-x86_64-LIVE-XXXXXXXX-plasma.iso image with KDE Plasma 6 and the following steps assume you do the same.

Step 2. Boot the live image

Step 3. Prepare the target disk with KDE Partition Manager

/dev/vda /dev/vda1, vfat, EFI System, 500 MB /dev/vda2, btrfs, Root FS, subvols @ & @home , rest of the disk /dev/vda3, swap, SWAP FS, 2x RAM Size

Step 4. Open Konsole and do the following

doas -s mkdir -p /media/root mount -t btrfs /dev/vda2 /media/root chmod 755 /media/root btrfs subvolume create /media/root/@ btrfs subvolume create /media/root/@home btrfs subvolume set-default /media/root/@ umount /media/root mount -t btrfs -o compress=zstd:5,ssd,noatime,subvol=/@ /dev/vda2 /media/root mkdir -p /media/root/home mount -t btrfs -o compress=zstd:5,ssd,noatime,subvol=/@home /dev/vda2 /media/root/home mkdir -p /media/root/boot/efi mount -t vfat /dev/sda1 /media/root/boot/efi

let's bootstrap our new chimera system

chimera-bootstrap -l /media/root exit

time to chroot into our vergin system

doas chimera-chroot /media/root

time to bring everything up to date

apk update apk upgrade --available

if something is iffy

apk fix

we want our swap to show up in the fstab

swapon /dev/vda3

Let's build a fstab

genfstab / >> /etc/fstab

install the latest LTS Kernel

apk add linux-lts

install the latest released kernel

apk add linux-stable update-initramfs -c -k all

time for EFI GRUB

apk add grub-x86_64-efi grub-install -v --efi-directory=/boot/efi update-grub

install KDE, Firefox, Thunderbird

apk add plasma-desktop flatpak smartmontools ufw firefox thunderbird qemu-guest-agent-dinit spice-vdagent-dinit

Set root password

passwd root

create main user

useradd myuser passwd myuser

add user to relevant groups

usermod -a -G wheel,kvm,plugdev myuser

Set hostname

echo chimera > /etc/hostname

set timezone

ln -sf /usr/share/zoneinfo/Europe/Berlin /etc/localtime

Configure some services

syslog-ng

dinitctl enable -o syslog-ng

sshd

dinitctl enable -o sshd

KDE Login Manager

dinitctl enable -o sddm

only needed when in KVM VM

dinitctl enable -o spice-vdagentd dinitctl enable -o qemu-ag

network time client

dinitctl enable -o chrony

network manager defaults to dhcp client on first ethernet interface

dinitctl enable -o networkmanager

optional: enable firewall if installed

dinitctl enable -o ufw

see the firewall status

ufw status

configure flatpak

flatpak remote-add --if-not-exists flathub https://dl.flathub.org/repo/flathub.flatpakrepo

just to be sure

update-initramfs -c -k all update-grub

exit from chroot

exit

umount drive

doas umount /media/root/boot/efi doas umount /media/root/home doas umount /media/root

Step 5. Reboot the System

Frood, an Alpine Initramfs NAS

https://words.filippo.io/dispatches/frood/

linux posting

people shit on systemd for its complexity but god damn i've been screwing with alpine lately which uses openrc and i would rather deal with systemd than have to figure out why the fuck something that's happening in init isn't working on there

(i had an instance of busybox's 'syslogd' spinning in place and taking up a whole core on my build of postmarketos which uses the latest kernel 6.11, when i dug in it turned out that instance of syslogd wasn't even supposed to survive initramfs, and i have no idea why the 'kill' that's in the init script doesn't work because the init script does try to kill it)

Mandiant Finds UNC5820 FortiManager For Data Exfiltration

Mandiant and Fortinet worked together in October 2024 to look into the widespread abuse of FortiManager appliances across more than fifty potentially compromised FortiManager devices in a range of businesses. A threat actor can use an unauthorized, threat actor-controlled FortiManager device to run arbitrary code or commands against susceptible FortiManager devices with the vulnerability, CVE-2024-47575 / FG-IR-24-423.

As early as June 27, 2024, Mandiant saw a new threat cluster that is currently monitor as UNC5820 taking advantage of the FortiManager vulnerability. The configuration information of the FortiGate devices controlled by the compromised FortiManager was staged and exfiltrated by UNC5820. Along with the users and their FortiOS256-hashed passwords, this data includes comprehensive configuration details for the controlled equipment. UNC5820 might utilize this information to target the enterprise environment, advance laterally to the controlled Fortinet devices, and further attack the FortiManager.

The precise requests that the threat actor made in order to take advantage of the FortiManager vulnerability were not yet documented in the data sources that Mandiant examined. Furthermore, as of this point in Google cloud study, there is no proof that UNC5820 used the configuration data it had acquired to migrate laterally and endanger the environment even more. It therefore don’t have enough information at the time of publication to evaluate actor location or motivation. Mandiant will update this blog’s attribution assessment as new information emerges from investigations.

A forensic investigation should be carried out right away by any organizations whose FortiManager may be exposed to the internet.

Exploitation Details

The first known instance of Mandiant being exploited was on June 27, 2024. Several FortiManager devices were connected to the default port TCP/541 on that day via the IP address 45[.]32[.]41[.]202. Around the same time, the file system stored the staging of different Fortinet configuration files in an archive called /tmp/.tm that was compressed using Gzip. The files and folders mentioned in below Table were included in this bundle.FilenameDescription/var/dm/RCSFolder containing configuration files of managed FortiGate devices/var/dm/RCS/revinfo.dbDatabase containing additional information of the managed FortiGate devices/var/fds/data/devices.txtContains a list of FortiGate serials and their corresponding IP addresses/var/pm2/global.dbGlobal database that contains object configurations, policy packages, and header and footer sensor configuration for IPS/var/old_fmversionContains current FortiManager version, build, and branch information

Mandiant noticed a second attempt at exploitation using the same symptoms on September 23, 2024. Outgoing network traffic happened soon after the archive was created in both exploitation scenarios. The size of the archive is marginally less than the number of bytes delivered to the corresponding destination IP addresses. The specifics of this action are listed in below Table .

The threat actor’s device was linked to the targeted FortiManager during the second exploitation attempt. Figure shows the timestamp at which the illegal FortiManager was introduced to the Global Objects database.

The threat actor’s unknown Fortinet device showed up in the FortiManager console after they had successfully exploited the FortiManager.

The files /fds/data/subs.dat and /fds/data/subs.dat.tmp contain additional indicators of the exploitation that include an associated disposable email address and a company name as listed in Figure .SerialNumber=FMG-VMTM23017412|AccountID= [email protected]|Company=Purity Supreme|UserID=1756868

Lack of Follow-On Malicious Activity

Mandiant examined rootfs.gz, the device’s initramfs (RAM disk) that is mounted to /bin. During the period of exploitation activity, did not discover any malicious files that had been produced or altered.

Affected clients who displayed comparable activities in their environments were alerted by Google Cloud. In order to help identify Fortinet device exploit attempts, Google Cloud Threat Intelligence also conducted retrohunts while creating detections for this activity and manually escalated Pre-Release Detection Rule notifications to impacted SecOps customers.

Apart from working with Mandiant, Fortinet made aggressive efforts to notify its clients in advance of their advise so that they may improve their security posture before it was widely made public.

Mitigation Strategies / Workaround

Restrict only authorized internal IP addresses from accessing the FortiManager admin portal.

Permitted FortiGate addresses should be the only ones allowed to connect to FortiManager.

Deny FortiManager access to unidentified FortiGate devices.

Available 7.2.5, 7.0.12, 7.4.3 and later (not functional workaround on 7.6.0). config system global set fgfm-deny-unknown enable end

Detection

YARA-L

IOCs mentioned in this blog post can be prioritized using Applied Threat Intelligence, and rules were released to the “Mandiant Intel Emerging Threats” rule pack (in the Windows Threats group) if you are a Google SecOps Enterprise+ customer.

Relevant Rules

Suspicious FortiManager Inbound and Outbound Connection

UNC5820 Fortinet Exploitation and File Download

UNC5820 Fortinet Exploitation and non-HTTPS Command and Control

UNC5820 Fortinet Exploitation and HTTPS Command and Control

Other SIEMs

Create searches for the following pertinent IOCs using Fortiguard logs. Specifically, if activated, the Malicious Fortinet Device ID need to deliver a high quality alert.

In the FortiManager logs, establish baselines and thresholds for distinct processes. Specifically, “Add device” and “Modify device” procedures can be infrequent enough for your company to issue a useful warning until this vulnerability is fixed.

In the FortiManager logs, baseline and establish thresholds for the changes field. When the word “Unregistered” appears in the changes field, take into account a higher sensitivity.

Every day, count the Fortigate devices and notify you when a device name that hasn’t been seen in the logs is detected.

Indicators of Compromise (IOCs)

Registered users can access a Google Threat Intelligence Collection of IOCs.

Read more on govindhtech.com

>reading about dracut and kernel init stuff for fun

>well this is fun but this is so niche im never going to need to know about this

>literally next day

>update

>theres a kernel update

>"dracut creating initramfs image file. error: could not write to pipe (broken pipe)"

>SCARY

(not really scary but this is what tells the bios to load and start the kernel so if its not there or not correct the os just wont boot until you fix it)

>google search: endeavouros forum: oh yeah haha it does that sometimes its probably fine

>NOBODY else is saying this or having this problem except on the endeavouros forum

>reboot

>its fine

ようするにこの症状だった pacman - 再起動後に "Unable to find root device" エラー - ArchWiki 手元の計算機では LVM を使っているので 「 /dev/mapper/main-root がマウントできない 」といったメッセージであり、上記メッセージとは異なるが、ようするに initramfs がルートファイルシステムをマウントできなかった。 最後に pacman -Syu したとき initramfs を作るろうとしてエラーになっていたんだが 「 initramfs なんぞそうそう更新することはないんだから 」と無視して reboot したら見事にダメでした。 たしかそのときのエラーは mkinitcpio が sd-lvm2 モジュールが無い mount.ceph が無い といったエラーを出していた。 sd-lvm2 や mount.ceph については /etc/mkinitcpio.conf の HOOKS に書かれている ( mkinitcpio - 通常のフック - ArchWiki) ものであり、 HOOKS に書かれているフックは mkinitcpio 実行時に initramfs に組み込まれるのだが、 これらがエラーとなり、 initramfs がおかしくなり(?) Arch Linux 起動時に initramfs が /dev/mapper/main-root をマウントできなくなったようだ。 sd-lvm2 についてはどうも名前が変わったらしく、 lvm2 と書くのが正しい。 自分で /etc/mkinitcpio.conf は書いたことがないので Arch Linux の誰かが sd-lvm2 から lvm2 へ変更しなかったか。 mount.ceph については HOOKS の filesystems が影響している。 mount.ceph という名前から分かるとおり ceph ファイルシステム ( Ceph - Wikipedia ) をマウントするためのコマンドである。 ceph ファイルシステムなんぞ使わんので filesystems から除外したいんだが mkinitcpio はどこで filesystems に ceph を含めているのか分からない。ふと /lib を見ると /lib/ceph というディレクトリや /lib/libcephなんとか.so といったファイルがある。 これかな。 どうも過去の自分が ceph パッケージをインストールしたらしい。 Arch Linux の ceph は AUR となっている ( AUR - ceph ) ので yay -R ceph-bin ceph-libs-bin を実行してアンインストールした。 再度 mkinitcpio -p linux を実行するとエラーなく完了した。 その後 reboot したらちゃんと Arch Linux が起動した。

Arch Linux を pacman -Syu 後に reboot したら起動しなくなったので復旧させた - ヨタの日々(2024-03-27)

I'm on endeavourOS but I don't do any of the following things that would speed up the boot because I don't want to.

you can get from power button to login faster by

changing BIOS settings to give less time to hit F12

remove the bootloader and boot from EFISTUB (uefi+gpt only)

change the partition uuids https://uapi-group.org/specifications/specs/discoverable_partitions_specification/ (also means you won't need an fstab)

unified kernel image (initramfs and kernel combined)

change kernel cmdline options to include kernel profiling, display less data, disable splash screen

some of what this guy https://youtu.be/Ktigx6iXUWs?si=AM6MGgwIdSZ4mpY0 says

nvme SSD

very few services enabled for startup in systemd

compile your own kernel to exclude drivers you don't need

change the CPU power profile governance to performance instead of eco or balanced

*turn my laptop on*

*It only takes 3 seconds to get to the login screen*

Eat me, Windows users.