DefederateLemmyMl @ SpaceCadet @feddit.nl

* Gen𝕏

---

Read more

Posts

1

Comments

585

Joined

2 yr. ago

The same people who still think of millennials as people in their early/mid 20s instead of late 30s early 40s.

Doesn't sound as catchy I guess?

You're good. That's the latest image, it's just the confusing Debian version scheme where the package version is not the same as the kernel version. Debian package version 6.1.0-17 = kernel version 6.1.69-1

See:

 `

    
$ uname -a
Linux debian12 6.1.0-17-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.69-1 (2023-12-30) x86_64 GNU/Linux
`
  

And:

 `

    
$ dpkg-query --list linux-image-6.1.0-17-amd64
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name                       Version      Architecture Description
+++-==========================-============-============-=================================
ii  linux-image-6.1.0-17-amd64 6.1.69-1     amd64        Linux 6.1 for 64-bit PCs (signed)
`
  

I remember when PC keyboards had zero Windows keys.

For a laugh, view the page source and scroll down.

In Belgium, hundreds of tons of unexploded ordnance from World War 1 are still being found and cleaned up, often chemical grenades as well. For 2022 the total figure was 166 ton. Almost everyday there is an intervention by the demining service. Occasionally people still get hurt or killed by it too.

And Belgium was just a small section of the WW1 frontline, the figures for France will probably be much higher.

That's what I said yes.

Realistically it's not super dangerous, and no you probably don't have a virus just from browsing a few tech support sites, but you do eliminate your last line of defense when you run software as root. As you know, root can read/change/delete anything on your system whereas regular users are generally restricted to their own data. So if there is a security problem in the software, it's made worse by the fact that you were running it as root.

You are right though that Firefox does still have its own protections - it's probably one of the most hardened pieces of software on your computer exactly because it connects to the whole wide internet - and those protections are not negated by running as root. However if those protections fail, the attacker has the keys to the kingdom rather than just a sizable chunk of the kingdom.

To put that in perspective though, if there is a Firefox exploit and a hacker gets access to your regular user account, that's already pretty bad in itself. Even if you run as a regular unprivileged user they would still have have access to things like: your personal documents, your ssh keys, your Firefox profile with your browsing history, your session cookies and your saved passwords, your e-mail, your paypal account, your banking information, ...

As root, they could obviously do even more like damage like reading all users' data, installing a keylogger or screengrabber, installing a rootkit to make themselves undetectable, but for most regular users most of the damage is already done when their own account is compromised.

So when these discussions come up, I always have to think about this XKCD comic:

uBlock can do much more refined and targeted blocking than a pihole because it has access to the entire page that is being served and can selectively filter elements. The pihole only has access to the DNS name, and DNS blocking is a rather crude tool to block ads that can be defeated by serving the ads from the same domain.

For example: a pihole doesn't work for blocking YouTube ads, because they come from the same domain.

I know wlroots exists. It's a library that helps you implement a compositor (i.e. does some of the heavy lifting), but at the end of the day the window manager developer is still implementing a compositor and is responsible for maintaining their compositor.

The mere fact that wlroots, and other efforts like louvre, are necessary at all actually prove my point that it was an idiotic design to push everything off into "compositors".

I agree that at some point you have to be able to ditch technical debt, but you still should be able to do more or less the same things with the new system as with the old system and that's currently still not the case.

The problem is that the architecture of Wayland and the organization around it themselves impose limitations that have a chilling effect on development for it. One issue is that Wayland has been deliberately left very slim, leaving a lot of complexity and implementation details up to the compositor. A compositor can be seen as something that approaches the size and complexity of an entire X display server. This means that if someone wants to create a window manager, they have to implement a whole compositor first. So instead of writing window manager code, which is what the developer is probably the most interested in, they are spending most of their time implementing the compositor.

Naturally this also leads to a lot of duplication of effort. For example: GNOME, KDE and the window managers that have implemented a wayland version each have their own compositor that by and large does the same thing.

Another issue is the standardization of the protocols and interfaces that the different compositors use, or lack thereof. There is a steering group containing the major stakeholders that votes on proposed extensions, but good proposals often get shot down because the major stakeholders can't agree on it and sometimes ego or principles gets in the way. And then you have cases where one compositor just goes their own way and implements something regardless of what the others do.

For example, as a result of this there's still no standard screen capture API, so if you want to do things like screenshots, remote desktop, desktop streaming, ... whether or not you can do that, and with which tool, depends on the compositor you use. Another example: they're currently still bickering over whether or not an application should be allowed to place windows with absolute coordinates, and how that should be implemented. We're currently 15 years after initial release of Wayland...

In my opinion, this is all completely backwards. Both in an organizational and technical sense way too much has been left up to the individual compositors that should have been a core part of Wayland itself.

Unfortunately, it's all too late to fix this. We're 15 years into Wayland development, and the flawed architecture has been set in stone. Wayland isn't going to go away soon either, too many parties are invested in it. So for me the reasonable thing to do is to wait and stick with X11 until the dust settles and something emerges on the other side that is better than what I currently have.

they cannot access the data from software because it is blocked by login screen

The system may still be vulnerable to over the network exploits. So for example, if the system is running sshd, and a couple of months from now a root exploit is found (à la heartbleed), the attacker may get inside.

It's somewhat of a long shot, but it's still a much larger attack surface than butting your head against a LUKS encrypted drive that's at rest.

they cannot access the data from hardware because it is protected by FDE.

RAM is not protected by FDE. There are (obviously non-trivial) ways to dump the RAM of a running system (Cold Boot attacks, and other forensic tools exist). So if the attacker is dedicated enough, there are ways.

One of the misconceptions I had before is that I assumed that the disk will be decrypted when you enter the LUKS password. This is not true, the password is loaded into the ram, and only decrypts necessary parts to RAM. All the data on the disk is never decrypted, even when you are working in your OS.

Hah! That would be impractical :) Imagine having to decrypt your entire 32TB drive array everytime you booted your computer.

Besides, if anyone tries to boot any other OS which is not mine, the keys are erased.

There are forensic tools that can capture the contents of RAM, and so access your decrypted LUKS encryption key.

I guess it depends on who you are protecting against, but if for example law enforcement wants evidence against you for what they think is a serious enough crime, they just may go through the trouble to do it.

Well he wrote it like he wanted to be applauded for it or something.

I also find the irony of your comment extremely funny ... although that's probably lost on you.

Later, dude.

You are strawmanning, and your links are not countering any point I made. I never disputed the depreciation as fact, and I never recommended that beginners should use egrep over grep -E

I disputed your claims that the egrep command has just been a distro hack all these years, when in fact GNU to this day still distributes egrep through its source tarballs and only very recently started to warn about it through the wrapper script. And again, the only "portability problem" here is the fact that they deprecated it in the first place, i.e. a self-inflicted one.

Then as a Linux and Unix veteran I gave my subjective opinion by lamenting and criticizing the fact that this depreciation happened, and how changes like this always feel like unnecessary pedantry to me. Yes it's an expression of frustration, but I am allowed to feel frustrated about it. I don't need people like you invalidating how I feel about breaking changes in software that I use daily.

GNU grep, the most widespread implementation, does not include egrep, fgrep and rgrep for years. Distributions (not all, but many) provide shell scripts that simply run grep with corresponding option for backward compatibility. You can learn this from official documentation.

It seems you need to read the official documentation yourself. While it's new information to me that egrep is no longer a symlink, as it used to be a couple of years ago, but a shell script wrapper to grep -E instead, the egrep command is to this day still provided by upstream GNU grep and is installed by default if you run ./configure; make; make install from source. So it is not a backward compatibility hack provided by the distribution.

You can check for yourself. Download the source from https://ftp.gnu.org/gnu/grep/grep-3.11.tar.gz, unpack and look for src/egrep.sh or line 1756 of src/Makefile. Apparently the change from symlink to shell script was done in 2014, and the deprecation warning was added only last year.

In any case, my larger point is that the depreciation of egrep was a pointless and arbitrary decision that does not benefit users, especially not veterans like myself who have become accustomed to its presence. I don't mind change, but let's be honest, most people are not in the habit of checking the minutiae of every little command line utility they use, so a change like this violates the principle of least surprise. It's one thing if things are changed with a good reason and the users do not only suffer the inconvenience of the change but get to reap the benefits of it as well, but so far I haven't found any justification for it yet, nor can I think of any.

So if there is a portability problem with using egrep now, it's a self-inflicted portability problem that they caused by deprecating egrep in the first place.

Also, my scripts are not full of bashisms, gnuisms, linuxisms and other -isms, I try to keep them portable unless it is really necessary to use some unportable command or syntax.

Good for you. Do you want a cookie or something?

nowadays egrep is not recommended to use. grep -E is a more portable synonim

Not directed at you personally, but this is the kind of pointless pedantry from upstream developers that grinds my gears.

Like, I've used egrep for 25 years. I don't know of a still relevant Unix variant in existence that doesn't have the egrep command. But suddenly now, when any other Unix variant but Linux is all but extinct, and all your shell scripts are probably full of bashisms and Linuxisms anyway, now there is somehow a portability problem, and they deem it necessary to print out a warning whenever I dare to run egrep instead of grep -E? C'mon now ... If anything, they have just made it less portable by spitting out spurious warnings where there weren't any before.

I ditched Ubuntu LTS for my homelab virtual machines around 20.04 when they started to push snaps, netplan and cloud-init, meaning I would have to spend a significant amount of effort redoing my bootstrap scripts for no good reason and learning skills that are only applicable in the Ubuntu ecosystem. I went with debian stable instead, and was left wondering why I hadn't done that sooner. It's like Ubuntu without all the weirdness.

Not sure if this is the root cause of your boot failure, but underscores in hostnames are not allowed. A- Z, 0-9 and - are the only allowed characters.

“Have you ever gone zero to sixty?” was my only response. Of all the facts and figures, 0-60 has you to be one of the least important when buying a car

It is a relative performance indicator that is easy to measure and verify.

Of course you rarely ever actually do 0-60, but it gives you an idea of how well the car accelerates relative to other cars. So in a way 0-60 is like a cinebench score for cars.