unlawfulbooger @ unlawfulbooger @lemmy.blahaj.zone

Posts

14

Comments

127

Joined

2 yr. ago

Well yes, assuming that:

1. you trust the hardware manufacturer
2. you can install your own keys (i.e. not locked by vendor)
3. you secure your bios with a secure password
4. you disable usb / network boot

With this you can make your laptop very tamper resistant. It will be basically impossible to tamper with the bootloader while the laptop is off. (e.g install keylogger to get disk-encryption password).

What they can do, is wipe the bios, which will remove your custom keys and will not boot your computer with secure boot enabled.

Something like a supply-side attack is still possible however. (e.g. tricking you into installing a malicious bootloader while the PC is booted)

Always use security in multiple layers, and to think about what you are securing yourself from.

And don’t just fork it on GitHub, if the original repo gets deleted, any forks might too.

Also do a git clone locally, or set up a mirror on another host.

Remember: militaries usually buy from the lowest bidder, so anything military-grade is probably low quality.

Also, email isn’t a great medium for communicating securely, since the other party has to be just as mindful about security as you; otherwise it’s basically security theater.

I get it, sometimes you just do something for the challenge.

It’s really great what you can accomplish when you know a little more than the bare minimum of the tools at your disposal (^^,)

And I had the same experience after learning a bit more about awk for the fist time, hahaha.

Virtual memory is different from swap memory.

Swap memory is used when you run out of physical memory, so the memory is extended to your storage.

Virtual memory is an abstraction that lies between programs using memory and the physical memory in the device. It can be something like compression and memory-mapped files, like mentioned.

And yes, some swap is still useful, up to something like 4G for larger systems.

And if you want to hibernate to disk, you may need as much swap as your physical memory. But maybe that’s changed. I haven’t done that in years.

In the end I've used the first command you wrote, because KISS, but I appreciate your explanation

There’s no shame in combining multiple tools, that’s what pipelines are all about 😄.

Also there’s a different tool that I would use if I want to output a specific column: awk

 sh

    
df -h —output=avail,source | awk ‘/\/dev\/dm-2/ {print $1}’

  

For lines matching /dev/dm-2 print the first column. awk splits columns on whitespace by default.

But I would probably use grep+awk.

Sed is definitely a very powerful tool, which leads to complex documentation. But I really like the filtering options before using the search/replace.

You can select specific lines, with regex or by using a line number; or you can select multiple lines by using a comma to specify a range.

E.g. /mystring/,100s/input/output/g: in the lines starting from the first match of /mystring/ until line 100, replace input with output

The easiest way is probably without sed, which you mentioned:

 sh

    
df -h --output=avail /dev/dm-2| tail -n1

  

But purely with sed it would be something like this:

 sh

    
df -h --output=avail,source | sed -n ‘/\/dev\/dm-2/s!/dev/dm-2!!p’

  

-n tells sed to not print lines by default

/[regex]/ selects the likes matching regex. We need to escape the slashes inside the regex.

s/// does search-and-replace, and has a special feature: it can use any character, not just a slash. So I used three exclamation points instead , so that I don’t need to escape the slashes. Here we replace the device with the empty string.

p prints the result

Check the sed man page for more details: https://linux.die.net/man/1/sed

🦀 🦀🦀🦀🦀🦀🦀🦀

Boy am I glad I don’t do C++ anymore. That string handling with the overloaded bitshift operator was wild.

What the heck is endl???

If you’re not already, just erase your darlings.

Then you can preview what files are lost on reboot (see blogpost).

You can use your token with the REST api. And use that to do whatever you want.

you can also use your token for git clone like so:

 sh

    
$ git clone https:/git:put_your_token_here@github.com/myown/repo

  

That would be block storage like glusterfs or ceph, or object storage like minio or rook.

You could also use ZFS to provide PVCs for your Pods, with openebs.

If the mini-servers don’t have hardware redundancy, I’d stick to Replicated Volumes only…

If you go the openebs+ZFS route, you can make a kubernetes service (DaemonSet because it should run on every node) that makes and sends/exposes ZFS snapshots.

Here's an article that does this: https://iridakos.com/programming/2018/03/01/bash-programmable-completion-tutorial

I have done this for one of my own tools ta, which is a function that switches to a tmux session, or creates it if it doesn't exist:

 sh

    
# switch to existing tmux session, or create it.
# overrides workdir if session name is "Work"
function ta() {
        case "$1" in
                Work) workdir="${HOME}/Work/" ;;
                *) workdir="${HOME}" ;;
        esac
        if tmux has-session -t "$@" &>/dev/null; then
                tmux switch-client -t "$@"
        else
                tmux new-session -A -D -d -c "${workdir}" -s "$@"
                tmux switch-client -t "$@"
        fi
}

# complete tmux sessions
# exclude current session from completion
function _ta_completion() {
        command="${1}"
        completing="${2}"
        previous="${3}"
        [[ "${command}" != 'ta' ]] && return
        current_session="$(tmux display-message -p '#S')"
        IFS=$'\a' COMPREPLY=( $(tmux list-sessions -F '#{session_name}' | grep -i "^${completing}" | grep -v "^${current_session}$"| tr '\n' '\a' ) )
}
# enable completion for ta function
complete -F _ta_completion ta


  

Usage

 sh

    
$ tmux (starts session "0" by default)
$ ta Personal # create session "Personal" because it doesn't exist
$ ta Work # create session "Work" because it doesn't exist
$ ta <tab> 
0 Personal
$ ta P<tab> -> $ta Personal
$ ta <tab>
0 Work

  

Artists will probably have their own setup, software and workflow that they are comfortable with. I’d recommend letting them use their own workflow, and just discussing the interface, so to speak: what file format(s) to use and such. I think GLTF is used for assets, but I’m definitely not an expert.

As for other devs, most required tooling (e.g. Unity or Pycharm or whatever) are one-time installs that you can list somewhere. And language libraries/dependencies are a solved problem (e.g. pipenv, cargo, yarn).

But if you really want to set this up, nix (or lix) is probably your best bet for a total devenv that is exactly reproducible, assuming that works for WSL (or no one uses windows).

Otherwise docker/podman or devenv will probably be doable as well.

Maybe you can use the spicy tape to prevent your pets from eating the cables (assuming that works on them)?

Orher than that, maybe you can setup some metrics (and alerting?) to keep an eye on the diskspace?

Congratulations!

Tip: don’t use /dev/nvme0n1 directly, but use device aliases in /dev/disk/. I prefer /dev/disk/by-id/ but maybe another works better in your case.

 sh

    
# find all aliases for nvme drives (no partitions)
find /dev/disk/ -type l -ilname '*nvme?n?' -printf '%l %p\n' | sed 's!^../../!!' | sort

  

Try starting vim without config, I think that’s

    
vim -u NONE

  

Does it still occur then?

If not, it’s a config issue in /etc/vimrc and/or ~/.vimrc (or maybe ~/.config/vim/vimrc or something?)

If it does, it has to be something else.

Free.mp3 - Dubioza Kolektiv
(It’s a surprise that will help us later)