Pinned ping

new ipns addresses (the actual important one): /ipns/k51qzi5uqu5dg6vv0qtwwotkadgbcbcgkuju87dm3e343r5tbhykd51fsq4hdc (landing page): /ipns/k51qzi5uqu5dk6jvz18cjd0972xb8c1lt3eqx5r6kdl15nlr88hwgabk5yis1v (beg page, not really important): /ipns/k51qzi5uqu5dmidk4lljre0ymq7q05lal5fhp6iugiycjbgr9czz4jj74y7jl8

Show thread
Pinned ping

if you or someone you know is in possession of assets, source code, or otherwise proprietary files "owned" by a game publisher or studio you may be entitled to be cool and leak their shit.

please contact us at your earliest continence by emailing or

alternatively contact @deletescape. while not directly involved in this project they love crime and would (probably) happily information for you.

new ipns addresses (the actual important one): /ipns/k51qzi5uqu5dg6vv0qtwwotkadgbcbcgkuju87dm3e343r5tbhykd51fsq4hdc (landing page): /ipns/k51qzi5uqu5dk6jvz18cjd0972xb8c1lt3eqx5r6kdl15nlr88hwgabk5yis1v (beg page, not really important): /ipns/k51qzi5uqu5dmidk4lljre0ymq7q05lal5fhp6iugiycjbgr9czz4jj74y7jl8

Show thread

kaizo, a member of nintendh03s, had their deadman's switch trigger.

after being unable to confirm the cause and allowing for an additional 24 hours for kaizo to confirm their saftey, we would like to publicly announce that communications from anyone claiming to be kaizo should not be trusted.

we had planned for an event like this. as such none of our projects or ipfs nodes have been compromised. we can verify nothing has been modified thanks to ipfs using these new fangled things called "hashes". is safe, along with our developement.... "infrastructure". will be operating at full capacity again soon. ipns keys are being regenerated just in case. TOTP keys have already been rotated.

we hope kaizo is ok. and if they happen to be reading this: you are a talented and incredible hacker. nintendh03s will carry on, and your contributions to current and upcoming projects have been emense. thank you, wherever you are, whoever you may be afk. we all hope you are free and happy.

tillie hosted infra (, re: tillie psa 

i do not have access to my infra anymore and from now on you should assume it is compromised and under US control.

Show thread

tillie psa 

assume all past communication with me to have been compromised. i have lost all my past accounts except for my fedi accounts, assume all communication from old accounts isn't me unless you can properly verify otherwise.

do not talk to me about any illegal activities or crimes. i do not plan on doing anything illegal for the near future.

i can be reached here:
@ nyanycrimew on telegram

you can ask me for signal.

if you're unsure about the legitimacy of this statement there are multiple people who can vouch for me, and i can also verify my identity to you personally if required.

tillie on nbc, mh institutions, prison, violence, and various other trauma triggers 

tillie on NBC 12 News ??

Show thread

breaking: APT-69420 Arson Cats believed to be nation state actors based on this mysterious flag members of the group frequently use.

if you have any information on the origin or meaning of this flag please call +1 888-993-5273.

tillie selfie, ec, extremely powerful, pls give boosts 🥺 

sorry for being so powerful~~

tillie on cbs, mh institutions, prison, violence, and various other trauma triggers 

tillie on CBS evening news??

verkada is lucky apt-69420 arson cats found their 150,000 root shell backdoors with fortune 500 grade internet and not the next big botnet author.

i don't think people are comprehending how much damage could have been done if anyone involved was motivated by wealth instead of ethics.

imagine mirai but with cloudflare, nissan, and tesla's corporate networks behind it.

CEOs aren't human.

i'm not saying they're aliens or anything like that, they just lack the empathy and compassion that defines humanity.

they're animistic, only motivated by their insatiable desire to accumulate more wealth.

@rysiek @nintendh03s It's interesting to also note that #CloudFlare claims in their FaQ that "you don't have to" trust them: Yet they see all HTTPS traffic in the clear. So the fact that they lie about the need for trust is in itself cause for distrust.

oh you want zero trust networking?

*turns off the router, and rips out all the cables*

Draft document published at


Satisfied with how I incorporated your feedback or toots?


I'll link to it from my webfeed & index page tomorrow in a new "networking" section.

Show thread

windevine drm 101: "DRM levels" (L1, L2, L3) 

widevine has three different levels of DRM for extra evil.

you may have heard "L1", "L2, or "L3" before but have no idea what they mean.

widevine l1 allows for any infected content to be played back. widevine l2 allows resolutions up to 540p, l3 maxes out at 480p.

each widevine l1 "enabled" device is certified by Google. Google verifies that the cryptography is sound per-device so no user will be able to extract the keys (at least in theory). it also must perform "content processing" (like adding gross watermarks). the DRM is processed in the trusted execution environment (TTE) of the CPU.

l2 does some cryptography on-device and must be certified by google, but content processing does not take place.

finally, l3 requires no approval from google, just a binary.

this makes an l1 keybox a rarity.

to extract l1 keys you need a device with a flawed implementation that neither google nor the engineers working on the device noticed in time to fix before production.

Show thread

windevine drm 101: why decryption keys are not published by scene groups 

it is more or less an "open secret" that widevine keys have been extracted by various scene groups and are passed around between friends. so why are none of them shared publicly?

this is because google has the ability to remotely revoke widevine keys, rendering them useless. given their relative difficulty to extract they aren't shared publicly almost ever. when they are they're rendered useless as soon as google finds them.

there is also a nasty watermarking scheme implemented. that scheme has been defeated now, but for a while it meant widevine keys were basically "one use" (upon sharing decrypted video content). you could tell what widevine keys were used to dump what based on the steganography in the video(s) . early on you would have to sacrifice entire devices (commonly the 2015 nvidia shield tv) for each new release (or release batch). that problem is solved now, but google's ability to revoke keys is still an unfixable problem.

O.K., one final toot on DHTs to clarify some false marketting!

DHTs can loose data. The difference is that it's more like a human forgetting something due to it becoming irrelevant to them than like invoking your Right To Be Forgotten on Google. Cryptographers have even proposed using this to share time-limited secrets!

It is possible for DHTs to enforce *some* invariants by not forwarding/storing invalid data.

I am very keen on adding a DHT to my browsers given it protects privacy!


Show thread
Show older

cybrespace: the social hub of the information superhighway jack in to the mastodon fediverse today and surf the dataflow through our cybrepunk, slightly glitchy web portal support us on patreon or liberapay!