marauding_gibberish142 @ marauding_gibberish142 @lemmy.dbzer0.com

Posts

16

Comments

399

Joined

4 mo. ago

Sorry I didn't open the article. Who is suing them?

Thank you for that. Yes, I only really follow his post roughly.

Unfortunately, I don't think secureblue is going to be a possible choice. I like the secureblue project, I think it's awesome but what I'm working with will likely only come with a Rocky/AlmaLinux base.

You raise a valid point. In which case, I want to try and prevent malicious privilege escalation by a process on this system. I know that's a broad topic and depends on the application being run, but most of the tweaks I've listed work towards that to an extent.

To be precise, I'm asking how to harden the upcoming AlmaLinux based Dom0 by the XCP-NG project. I want my system to be difficult to work with even if someone breaks into it (unlikely because I trust Xen as a hypervisor platform but still).

I admit I was a bit surprised by the question since I've never consciously thought about a reason to harden my OS. I always just want to do it and wonder why OSes aren't hardened more by default.

What do you mean? I want to harden it in a general sense against exploitation

Upvoted. Awesome project

Germany is quickly changing.

Thank you for the note. I'm been cursing myself for not being able to provide my devs with something similar (they don't complain but I know it will make their lives easier). I will start nix from scratch if I learn it but nixops definitely seems like it can help because terraform isn't that great at the example you provided. Thanks.

focused on security hardening

Could you elaborate?

I am serious. I am a cloud engineer (glorified system admin for cloud + Linux VMs) and I'm still stuck on Ansible + Terraform (stuck isn't the right word, we are a RHEL and Alpine shop for our VMs and Containers and things work well enough). My friends in bigger companies are using Nix though, but I was always scared of the learning curve. I want to see clear benefits of using nix so I can push myself to actually learn it, which is why I asked. Thanks for the link.

Please tell me more about your work and how you use Nix in it. I'm interested.

Not to be too pedantic but those aren't alternatives to Android; they're simply custom Android ROMs as alternatives to stock ROMs.

GrapheneOS is available for the older pixels. If you can get a Pixel 7 or 8 series phone at a good deal then there's no better Android than GrapheneOS. They take security seriously. I equate GrapheneOS to be the Qubes of the Android world

Have you tried bigger models?

Haha I know

Well I guess if you have a GPU then Ryzen Zen 3 processors are better bang for the buck

That's great to know. Do you regret not having the performance of Nvidia? I would prefer not to buy green but I'm not sure from the comments about the delta in performance from ROCM vs CUDA

You raise a good point. I think that if an RSS reader could pull from different websites at separate times and either programmatically use the TOR browser /at elast have support for stream isolation along with randomly scheduling when to pull from what website, it should be able to evade most automated measures of surveillance. Timing and correlation attacks are the only ones I can think of other than NSA paying for over 50% if TOR nodes.

I'm not the OP, and yeah I saw that too. Thanks

I see. Thanks

How quantized? I don't think 16GB of RAM is enough to run a full fat 12B model at FP16 but maybe I'm wrong.

Nvidia cards are just too expensive

How do you not configure the network stack? If you have an Intel NIC on the motherboard/any PCIE lanes in theory it should be able to connect.

What worries me is that someone could perform a reverse shell on my system with/in addition to a magic packet and get full ring 0 access to my system. I'm investigating network monitoring tools that can help me find traces of ME on my network.

The downside is that it probably is a great fingerprint if you go through vpn or tor. But it also could limit your tor/vpn connection time to the shortest time possible.

What do you mean? How is it any less private than on the clearnet?