tasankovasara @ tasankovasara @sopuli.xyz

Posts

10

Comments

158

Joined

2 yr. ago

Yes, or SSH keys or any other means of user authentication. The cool thing in this technique is that it's twofold and you (as an attacker) can cherry-pick the info given. If you walk up locally to someone's running system, you could skip the first half and go with the 'hey, can you resize this XFS image for me' bit.

The technique described here is only a concern if the 'bad actor' has access to a user account on your machine in the first place.

The dev's VSCode application installs a helper package in /root/.vscode-server. Separate copy for every user that connects. It runs a bunch of 'node' processes that often stack up more used CPU time than MySQL. I'm not a fan...

Thanks, that'll come in handy!

I guess it's worth mentioning that once (only once) I've seen ripgrep bring a whole LAMP stack production server to a full tilt. A dev using VSCode (which has rg as part of its 'trojan horse' vscode-server it installs and runs as root on any server it's used to edit) did a search and ripgrep went into some kind of death loop hogging 100% of all cpu cores. Probably rare, but kind of shocked me. All our servers now babysit vscode-server with cgroups...

The sharp uptick of crap flown around 2.6 piques my interest. As does someone's introduction of 'retard' into the vocabulary shortly prior. Must have been popcorn times.

The only caveat here is the fire-hazard non-removable lithium batteries.

Here too. Free 2012 Mac Mini that's been servering away for a couple of years already 24/7 on UPS power. Gets a deserved smile every time I look at it :)

I'm looking at replacing my 2018 desktop machine (a Thinkcentre Tiny) soon with one of the new AMD 395 mini-pcs. When that happens, the Mac Mini will be retired...

Had to look it up XD Just regular papa and mama bear with cubs :)

Amateurs.

(90-packs due to two bodybuilder household – amateurs, as in not professional :)

Itellä GrapheneOS ja kaksi profiilia, toinen käytössä 99 % ajasta (ei well played -palveluita) ja toinen vilahtaa vain silloin kun tarvii mobilepaytä, smartumia tai easyparkkia. Jälkimmäisessä googlepalvelut tietty asennettuna, mutta hatusta vedetyllä googletilillä. Suosittelen.

Ouu, I want Amiga keys on mine! You left a crucial link out of your post :)

ctrl-A-A would be a nice combo to hibernate...

I've been keeping a sandboxed chromium on my machines only to access Facebook. For everything else I use qutebrowser.

When chromium started doing this (letting it access my keyring was not an option), I decided that instead of looking in the config or switching to firefox, it's time to finally drop Facebook from my life. Problem solved, hundreds of megabytes freed :)

Nice styles, lucky she's good :D

Has anyone not mentioned Openbox yet? Window decorations look like the NeXT style, just colourful.

I too was doing an analytic chemistry course when this first popped :) Never forget!!

Hit extra hard because a friend was in a performing techno duo called Polytron.

Since getting my first fragile smartphone (HTC Hero, 2009) I've zero phone drops on my soul. Guess the question is why drop phones? Daddy buys new one?

Came here to post just that :D

Kultainen Sopuli -ehdokkuus AP:lle ansiokkaasta referoinnista ja kommentoinnista!

Laughs in Finnish