Skip Navigation

InitialsDiceBearhttps://github.com/dicebear/dicebearhttps://creativecommons.org/publicdomain/zero/1.0/„Initials” (https://github.com/dicebear/dicebear) by „DiceBear”, licensed under „CC0 1.0” (https://creativecommons.org/publicdomain/zero/1.0/)IN
Posts
1
Comments
273
Joined
2 yr. ago

  •  
        
    // abandon all hope ye who commit here
    (?:[a-z0-9!#$%&'*+/=?^_`{|}~-]+(?:\.[a-z0-9!#$%&'*+/=?^_`{|}~-]+)*|"(?:[\x01-\x08\x0b\x0c\x0e-\x1f\x21\x23-\x5b\x5d-\x7f]|\\[\x01-\x09\x0b\x0c\x0e-\x7f])*")@(?:(?:[a-z0-9](?:[a-z0-9-]*[a-z0-9])?\.)+[a-z0-9](?:[a-z0-9-]*[a-z0-9])?|\[(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?|[a-z0-9-]*[a-z0-9]:(?:[\x01-\x08\x0b\x0c\x0e-\x1f\x21-\x5a\x53-\x7f]|\\[\x01-\x09\x0b\x0c\x0e-\x7f])+)\])
    
      

    Edith: damit, Not the first to post this abomination

  • Theoretically it is possible to exploit a hardware (or maybe even a very big software) bug inside the JavaScript engine, to execute code as root.

    See also this real world example hardware exploit that gives somewhat arbitrary ram read/write access to an attacking website with zero clicks that can grant you root.

    Kernel Protection hadn't helped here though, hardware bugs aren't an easy fix.

  • A bit late but: The Linux kernel can prevent unsigned code from being inserted into it, the signing key is generated by the one building the kernel image and automatically signs all modules that are build with the kernel.

    This only happens if lockdown is enabled, which happens automatically if you use secure boot. The distros I use also support secure boot so I have it for example.

    See https://www.man7.org/linux/man-pages/man7/kernel_lockdown.7.html for more info

    On a different note, selinux enabled desktop systems (like Fedora linux for example) do limit the root user depending on context (services and so on)

  • I have rss feeds for my main service updates so I know what new features I have, the services mostly run in podman containers and update automatically each Monday. I also have daily backups (timed to run just before the update on monday) in case anything does break.

    If it breaks I fix it depending on how much I want/need it, mostly it's a matter of half an hour to fix it and with my current NixOS/Podman system I haven't yet needed to fix anything this year so it breaks infrequently.

    Also why are you using Kubernetes on a single host if you want minimal maintenance? XD

    My recommendation is to switch to just managing containers, you should just be able to export the volumes out of kubernetes and import them as normal volumes, as long as they're mounted in the right place you keep your data and if it doesn't work just try again. Not like you need to destroy the current system to slowly replace it.

    Edit: I also recommend to update and reboot frequently, this stops updates and unstable configurations from piling up.