➖Dustin Miller➖ Profile picture
Oct 15, 2020 27 tweets 6 min read Read on X
This Hunter Biden laptop story is fucked.

Docs show the laptop was dropped on Apr 12, 2019. They also show an external drive and its serial number.

Western Digital’s web site says that drive’s **3-year** warranty expires Apr 18, 2022…meaning it was manufactured Apr *18*, 2019. ImageImageImage
If the data was on the MBP’s NVMe SSD, it was either readable or not. The TRIM command is constantly shuffling blocks around to level the wear on the memory cells, and any legit data recovery firm will tell you: recovery of damaged/deleted files from an NVME drive is impossible.
The external drive was claimed to be used to recover the data, but there is no “recovery” of a solid state disk drive, such as the one in Hunter’s alleged Mac. If the data is corrupted or deleted, it’s lost forever, unless the Mac’s owner runs a *specific* command from a shell.
That command would disable the TRIM command. It’s not at all common practice, and the kind of person who’d use a strip mall repair shop certainly wouldn’t know about it.

The drive could have been used as a *destination* for a backup of a *working* SSD. So let’s explore that.
If the internal solid state drive was working, but the computer was not, it would take specialized equipment and skill to remove it. It’s not a “drive,” it’s a bunch of memory chips soldered directly onto a circuit board inside. It would mean desoldering the chips, and…
…we’re already past what a neighborhood repair shop can do. Certainly not for $75.

Which leaves one last option: the computer was bootable, the internal drive was working, and The Mac Shop just cloned it onto a My Passport Pro they bought…weeks after they got the computer.
It’s clear by the date that the drive wasn’t Hunter’s. So we’ll proceed from there.

They could’ve used Target Disk Mode for this, if the problem with the MacBook was its display, but it was otherwise bootable.

Which brings us to price.
Again, the drive wasn’t Hunter’s. So the shop had to buy it. The 2TB My Passport for Mac is $80 today. It was likely more when it came out. Yet Hunter only paid $75 for the repair?

No repair shop owner is that dumb.

Let’s sum up:
Ext. drive wasn’t Hunter’s, it was bought after the MacBook was dropped off. The internal drive wasn’t corrupted, because you can’t recover from a corrupted NVMe SSD. Which means it was copied to a drive that costs more than the cost of the service, and no repair shop does that.
Slight correction: Hunter was charged $85, not $75. My bad.

Why not continue a bit on this thread? Image
Let’s set aside the external drive that the Mac shop bought for the express purpose of copying data that can’t be recovered from a corrupted drive and isn’t the server that the quote specified.

Let’s focus on a “water damaged” MacBook Pro, as alleged in the NY Post piece.
How would you know (as a consumer) if it’s water damaged? Does the keyboard not work? The screen? Due to the internals of a MacBook Pro, if they don’t work because of water damage, it’s likely that the drive can’t be accessed either; i.e. it won’t boot.
Which puts us back to “no recovery” because of the kind of solid state storage in the MacBook Pro. The only conclusion left: the computer was working fine, data was copied (by *someone*) to an external drive bought at retail, and once there, the data is easily changed/forged.
Hell, the emails were “printed” to PDF in October 2019, according to metadata in the PDF files linked by the NY Post story. Six months after the computer was allegedly dropped off by someone who may or may not be Hunter Biden.
Basically, there isn’t one part of their story that holds even a small amount of water.

You know what does “fit” the narrative, though?

Some sketchy dude overcharged his customer (whom he didn’t recognize at first) for “recovery” (making a backup of a working drive)
He realized what a treasure trove he had, and gave up the goods to Rudy’s lawyer for a cash payment. From there, they used their numerous (a and documented) connections to foreign nationals to mix some choice forgeries into the other legitimate data on the (backup) drive.
This thread is going nuts, so I’m muting it. It’s only one small example of the inconsistencies of only one small part of a big, crazy story. It’s not a smoking gun when there’s smoke coming from all over the NY Post story.

It just shines a light on one tiny, little piece.
What I learned may not be relevant. It may suffer from a false premise that invalidates a huge chunk of it.

In a story with many disconnected premises, I wouldn’t be surprised, and neither should you.

By the way, have you voted yet? Do you have a plan to vote?

Be good to you.
I’ll stipulate to one more thing: it’s possible that the laptop was old enough to have a removable NVMe drive, which would make it possible to transplant it into another (older) MacBook Pro. I don’t think the drive was corrupted at all, in any case.
Okay, now I’m muting it. Night, all.
UPDATE: It’s unclear why, but Western Digital’s warranty tracker now shows May 17, 2022 as the expiration date for its three year warranty, but still indicates that no registration/dated proof of purchase was provided (the edit icon goes away when a WD drive is registered). Image
UPDATE 2a: As some commenters mentioned, the specific MacBook Pro model (13-inch, 2017, Two Thunderbolt 3 ports)—the short-lived pre-TouchBar model, does have a removable NVMe SSD. You wouldn’t need to desolder memory chips to remove that drive.
UPDATE 2b: As I mentioned, though: I really don’t think the drive was corrupted at all. The whole story stinks no matter which part of it you smell.
CLARIFICATION: The warranty expiration date of an unregistered product begins on the date of manufacture (why this one changed without being registered is weird). WD even warns you: “To ensure your warranty expiration date is current, please register your product…” Image
ABOUT THE PREMISE: I don’t believe this whole thing went down the way it was reported by the NY Post, but for the purposes of this original thread, I operated under the premise that the laptop itself exists and was dropped off at this repair shop.
It’s clear to me that this was a disinformation campaign, and Rudy was the driver. It may actually be Hunter Biden’s—Apple knows who owns the laptop, after all.

It may have been stolen, and forged files added to it. The laptop could be a plant, and not owned by Hunter.
The potential provenance of the hardware itself is murky, at best. And that’s I tried to illuminate w/the WD drive. It was clearly purchased well after Apr 12, and for the express purpose of copying the data on the laptop…that’s about the only thing that’s clear about all this.

• • •

Missing some Tweet in this thread? You can try to force a refresh

Keep Current with ➖Dustin Miller➖

➖Dustin Miller➖ Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!


Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @spdustin

Dec 10, 2022
The format of this post isn’t Slack’s default format.

The way <!here> is rendered is the giveaway that non-employees have been given a (potentially complete) export of Twitter’s private Slack workspace.

Such exports can (and often do, for enterprise users) include Slack DMs
If I was a former Twitter employee, I’d be furious. Access has been described as “complete” and “unfettered.” Combined with the screenshot, it leads me to believe that non-employees were given a complete “compliance export” of Twitter’s private Slack Enterprise Grid workspace.
If true, it’s likely in violation of California’s tough privacy laws. Yes, even internal corporate chats would be covered once they’re shared outside the corporation, like Twitter’s current leadership appears to have done here.

Ex-tweeps: call your lawyers. You’re under attack.
Read 7 tweets
Jan 12, 2021
With the bounty of raw video and photo files available from the January 6th Capitol terror attack, participants can potentially be identified using the video taken by someone else. Or, more specifically, by identifying who is recording the video.

A thread!

Every cellphone uses a sensor to convert a visible image (or video) into digital data that is processed to create the final media file. These sensors—and the digital signal they create—are imperfect (because physics). But every sensor is *uniquely imperfect*.

These imperfections result in digital “noise” in the data. Videos taken by one cellphone can be analyzed to extract a sort of “fingerprint” of the digital noise inherent in that cellphone’s imperfect image sensor. That fingerprint persists, even in videos taken weeks apart.

Read 11 tweets
Jan 10, 2021
Parler getting kicked off AWS is really wild. Don’t get me wrong, AWS has the absolute right to do it, but the fact that they ARE doing it is mostly unheard of.

For sure, the act *itself* makes Parler toxic to every other cloud computing provider with infrastructure in the U.S.
Google Cloud Platform and Microsoft’s Azure certainly won’t touch them with a ten foot pole. And as much as Parler admins claim they developed the site to avoid vendor lock-in, that’s probably the most expensive way to host on AWS, and is almost certainly not true in real life.
And they have, what, a day to move the site? There’s probably enough data alone to make that impossible, even with Mercer Money. Unless they’ve been backing up offsite to external media (highly doubtful), they likely won’t be able to get all their data out in time.
Read 7 tweets
Jan 9, 2021
Twitter told @verge: “If a government account, like @POTUS, was used to evade @realDonaldTrump’s ban, Twitter said that it would remove the content associated with this behavior and try to remove Trump’s access to this account.”

theverge.com/2021/1/8/22218… ImageImageImageImage
Looks like he already deleted them.

But @TwitterSafety / @Twitter knows he did it.
Aside from his ban-evasion tweets from minutes ago (now deleted), the last time Trump tweeted as @POTUS was June 1, 2018—two and a half years ago. Image
Read 6 tweets
Jan 6, 2021
Protesters are now **inside** the Capitol Building. Senate hearings are suspended.

These MAGA terrorists are now brawling with police inside the U.S. Capitol Building, and trying to get through to the interior chambers.

Doors to the Senate have been locked, Pence and Grassley were whisked away to a secure location, remaining senators instructed to stay away from the doors and remain silent.

Your kids know what that feels like.
Read 49 tweets
Jan 6, 2021
We’re gonna win this thing.
I’m serious, we’re gonna win this thing.
New York Times reporter @jennymedina liveblogs, “Georgia election officials have suggested we may not know final numbers until midday tomorrow,” which is true.

But it looks like we’ll know tonight if we won the Senate.

(It sure does look that way.)
Read 5 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!


0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy


3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us!