metiulekm

It seems OP wanted to pass the file name to -k, but this parameter takes the password itself and not a filename:

       -k password
           The password to derive the key from. This is for compatibility with previous versions of OpenSSL. Superseded by the -pass argument.

So, as I understand, the password would be not the first line of /etc/ssl/private/etcBackup.key, but the string /etc/ssl/private/etcBackup.key itself. It seems that -kfile /etc/ssl/private/etcBackup.key or -pass file:/etc/ssl/private/etcBackup.key is what OP wanted to use.

Oracle trilateration refers to an attack on apps that have filters like "only show users closer than 5 km". In case of the vulnerable apps, this was very accurate, so the attacker could change their position from the victim (which does not require physical movement, the application has to trust your device on this, so the position can be spoofed) until the victim disappeared from the list, and end up a point that is almost exactly 5 km from the victim.

Like if it said the user is 5km away, that is still going to give a pretty big area if someone were to trilateral it because the line of the circle would have to include 4.5-5.5km away.

This does not help, since the attacker can find a point where it switches between 4 km and 5 km, and then this point (in the simplest case) is exactly 4.5 km from the victim. The paper refers to this as rounded distance trilateration.

I like btdu which is essentially ncdu, but works in a way that is useful even if advanced btrfs features (CoW, compression etc.) are used.

I am afraid you are still a bit misled; WireGuard is exactly what they use for the demo video. In general the underlying protocol does not matter, since the vulnerability is about telling the system to direct the packages to the attacker, completely bypassing the VPN.

My understanding is that all issues are patched in the mentioned releases, the config flag is not needed for that.

The config flag has been added because supporting clients with different endianness is undertested and most people will never use it. So if it is going to generate vulnerabilities, it makes sense to be able to disable it easily, and to disable it by default on next major release. Indeed XWayland had it disabled by default already, so only the fourth issue (ProcRenderAddGlyphs) is relevant there if that default is not changed.

I really love watching ARAMSE and Brian Quan, they have a lot of knowledge about coffee and are very entertaining at the same time.

I also enjoy watching The Real Sprometheus. He is more focused on espresso hardware, which is a topic that doesn't really interest me that much, but I still find his videos interesting.

The bootloader is stored unencrypted on your disk. Therefore it is trivial to modify, the other person just needs to power down your PC, take the hard drive out, mount it on their own PC and modify stuff. This is the Evil Maid attack the other person talked about.

Isn't this the point though? Like, if you spot that (let's concretize) the trash is starting to overflow, you can either take it out right now which will take you 2 minutes and (hopefully) barely interrupt your day, or you can add it to your list of things to do. And so you get that list of 59 things by ignoring the 2-minute rule, not by applying it.