Max_P

Max_P, 20 hours ago

Fairly new to ham, what’s nice to listen to during an aurora? Just funny noise bursts? Any antenna precautions so I don’t fry my SDR?

Max_P, 1 day ago

Nothing hotter than a giant electric fleshlight whirring away as you get off.

I saw one in a sex shop, it looks like such a chore to get going and clean up afterwards. It’s fucking huge too. Hands are so much easier to clean, and readily available anywhere anytime.

Max_P, 1 day ago

Crashes on LineageOS 21 as well.

Max_P, 2 days ago

I’ve actually ran into some of those problems. If you run sudo su --login someuser, it’s still part of your user’s process group and session. With run0 that would actually give you a shell equivalent to as if you logged in locally, and manage user units, all the PAM modules.

systemd-run can do a lot of stuff, basically anything you can possibly do in a systemd unit, which is basically every property you can set on a process. Processor affinity, memory limits, cgroups, capabilities, NUMA node binding, namespaces, everything.

I’m not sure I would adopt run0 as my goto since if D-Bus is hosed you’re really locked out and stuck. But it’s got its uses, and it’s just a symlink, it’s basically free so its existence is kBs of bloat at most. There’s always good ol su when you’re really stuck.

Max_P, 2 days ago

Basically, the SUID bit makes a program get the permissions of the owner when executed. If you set /bin/bash as SUID, suddenly every bash shell would be a root shell, kind of. Processes on Linux have a real user ID, an effective user ID, and also a saved user ID that can be used to temporarily drop privileges and gain them back again later.

So tools like sudo and doas use this mechanism to temporarily become root, then run checks to make sure you’re allowed to use sudo, then run your command. But that process is still in your user’s session and process group, and you’re still its real user ID. If anything goes wrong between sudo being root and checking permissions, that can lead to a root shell when you weren’t supposed to, and you have a root exploit. Sudo is entirely responsible for cleaning the environment before launching the child process so that it’s safe.

Run0/systemd-run acts more like an API client. The client, running as your user, asks systemd to create a process and give you its inputs and outputs, which then creates it on your behalf on a clean process tree completely separate from your user session’s process tree and group. The client never ever gets permissions, never has to check for the permissions, it’s systemd that does over D-Bus through PolKit which are both isolated and unprivileged services. So there’s no dangerous code running anywhere to exploit to gain privileges. And it makes run0 very non-special and boring in the process, it really does practically nothing. Want to make your own in Python? You can, safely and quite easily. Any app can easily integrate sudo functionnality fairly safely, and it’ll even trigger the DE’s elevated permission prompt, which is a separate process so you can grant sudo access to an app without it being able to know about your password.

Run0 takes care of interpreting what you want to do, D-Bus passes the message around, PolKit adds its stamp of approval to it, systemd takes care of spawning of the process and only the spawning of the process. Every bit does its job in isolation from the others so it’s hard to exploit.

Max_P, 2 days ago

I haven’t had D-Bus problems in quite a while but actually run0 should help with some of those issues. Like, systemctl --user will actually work when used with run0, or at least systemd-run can.

Haven’t used it yet so it’s all theoretical, but it makes sense to me especially at work. I’ve used systemd-run to run processes in very precise contexts, it’s worth using even if just to smush together schedtool, numactl, nice, taskset and sudo in one command and one syntax. Anything a systemd unit can do, systemd-run and run0 can do as well.

I’m definitely going to keep su around just in case because I will break it the same I’ve broken sudo a few times, but I might give it a shot and see if it’s any good just for funsies.

Just trying to explain what it does and what it can do as accurately as possible, because out of context “systemd adds sudo clone” people immediately jump to conclusions. It might not be the best idea in the end but it’s also worth exploring.

Max_P, 2 days ago

Some executables are special. When you run them, they automagically run as root instead! But if sudo isn’t very, very careful, you can trick it into letting you run things as root that you shouldn’t be able to.

Run0 DM’s systemd asking it to go fork a process as root for you, and serves as the middleman between you and the other process.

Max_P, 1 day ago

If you dig deeper into systemd, it’s not all that far off the Unix philosophy either. Some people seem to think the entirety of systemd runs as PID1, but it really only spawns and tracks processes. Most systemd components are separate processes that focus on their own thing, like journald and log management. It’s kinda nice that they all work very similarly, it makes for a nice clean integrated experience.

Because it all lives in one repo doesn’t mean it makes one big fat binary that runs as PID1 and does everything.

Max_P, 2 days ago

The same is on the way in the US with how hard conservatives are fighting to keep graduates dumb and educated. Educated people don’t lean towards wars.

Max_P, 2 days ago

Yeah, even Asahi has better OpenGL support than real macOS. They make damn sure you have to use Metal to get the most out of it, just like eventually you get caught up in DirectX on Windows whether you want it or not. You can use Vulkan and OpenGL, but the OS really wants to work with Metal/DirectX buffers in the end.

I appreciate that the devs care enough to make it really good from the start, because that sets the benchmark. Now the Linux version has to have a similar enough polish to it.

In comparison, Atom and VSCode both worked fine on Linux just about day one thanks to Electron, but it was also widely disliked for the poor performance. It’s a part of what Zed competes on, performance compared to VSCode.

Max_P, 3 days ago

Pixel phones are basically the gold standard of Android phones for flashing custom ROMs. Google doesn’t lock anything down and provide everything necessary to not only build your own, but it even fully supports relocking the bootloader with your own keys and all the secure boot security features.

In most cases I think Google has an online tool you can run right from the browser to fully reflash the stock OS on it.

The only thing that won’t work is apps using Play Integrity which some bank apps and streaming apps use for DRM, including Google Pay/Wallet. There’s not much you can do about it especially in the longer term, as this is hardware-backed so unless some major exploit gets dropped, you can’t really fake the phone being stock to apps. Reverting to stock should bring back full functionality.

You really have to go out of your way to brick a Pixel and mess with overclocking to do permanent hardware damage.

Have fun!

Max_P, 4 days ago

You can try unsubscribing and resubscribing. The switch to “subscribed” from “subscription pending” depends on the remote server sending you an activity acknowledging the subscription. New instances sometimes struggle initially, because the remote instance has to discover you first and I think there’s a race condition where it won’t send the activity because it doesn’t know if your instance is up yet. (There’s an instance sync job that runs periodically to ping all linked instances, and it pauses sending activity to instances that are not considered active. If your subscription is the first interaction, you’re not “active” yet as it just learned about your instance)

Max_P, 4 days ago

That’s why half decent VPN apps also add firewall rules to prevent leakage. Although nothing can beat Linux and shoving the real interface in a namespace so it’s plainly not available to anything except the VPN process.

Max_P, 4 days ago

Most VPN providers don’t use DHCP. OpenVPN emulates and hooks DHCP requests client-side to hand the OS the IP it got over the OpenVPN protocol in a more standard way (unless you use Layer 2 tunnels which VPN providers don’t because it’s useless for that use case). WireGuard doesn’t support DHCP at all and it always comes from configuration.

Max_P, 4 days ago

The attack vector here seems to be public WiFi like coffee shops, airports, hotels and whatnot. The places you kinda do want to use a VPN.

On those, if they’re not configured well such as coffee shops using consumer grade WiFi routers, an attacker on the same WiFi can respond to the DHCP request faster than the router or do an ARP spoof attack. The attacker can proxy the DHCP request to make sure you get a valid IP but add extra routes on top.

Max_P, 4 days ago

Adding routes for other thing on the network the clients can reach directly and remove some load from the router. For example, reaching another office location through a tunnel, you can add a route to 10.2.0.0/16 via 10.1.0.4 and the clients will direct the traffic directly at the appropriate gateway.

Arguably one should design the network such that this is not necessary but it’s useful.

Max_P, 4 days ago

The guy that manages Kbin has been having personal issues and stepped away from the fediverse so yeah Kbin is kind of in limbo at the moment and indeed not well moderated. There’s mods but there’s just so much they can do. The software doesn’t federate the deletions so even if they’re gone on Kbin, they remain everywhere else.

Max_P, 4 days ago

Tagging @ijeff

Your server’s all outta space

Max_P, 5 days ago

And it’s NVIDIA so it’s still gonna be a flickery mess until explicit sync is all done and rolled out.

Max_P, 5 days ago (edited 5 days ago)

On my computer that’d unmount my home directory, my external storage, my scratch space and my backup storage, and my NAS.

It would also unmount /sys and /proc and /tmp and /run. Things can get weird fast without those, for example that’s where the Xorg/Wayland socket is located.

If all you have is home and root on the same partition I guess it’s not too bad because it’s guaranteed to be in use so it won’t let you, but still, I wouldn’t do that to save like 5 keystrokes in a terminal.

Max_P, 5 days ago

Fair enough, TIL. I’ve used mount -a a fair bit, but unmounting the world is not something that crossed my mind to even attempt. It would still unmount a good dozen ZFS datasets for me.

Good example with the Snaps! Corrected my post.

Max_P, 5 days ago

And using loads of sensitive permissions to pull it off, like accessibility to read the screen. It’s not stealing the auth cookies from the app nor throwing exploits at Android to escape the sandbox.

Headline definitely makes it sound like it’s a drive-by exploit, but no it’s just the usual social engineering everyone is familiar with.

Max_P, 5 days ago

Docker would still go through the kernel for the mount, that’s one of the few things Docker can’t do because it’s the same kernel as the host.

That said I doubt it’s been removed from the kernel, only the Samba server. OP is a client.

Max_P, 5 days ago

Definitely very subjective. People keep saying macOS has amazing font rendering but for me it just looks like a blurry mess, especially on non-retina displays. My fonts are set to be as sharp as possible on Linux because when coding and in the terminal I want very sharp fonts so they’re easier to read for me.

Seconding the dependence on the particular font as well. Cantarell, Ubuntu and OpenSans are all fairly blurry regardless, unless seen on HiDPI screens in which case they do look more like macOS. DejaVu Sans can be very sharp in contrast at very low resolutions because it’s been made in the 800x600 and 1024x768 days and optimized to look sharp when small.

Max_P, 5 days ago

Masquerading a normal looking link for another one, usually phishing, malware, clones loaded with ads.

Like, lets say I post something like

https://www.google.com

And also have my instance intercept it to provide Google’s embed preview image, and it federates that with other instances.

Now, for everyone it would look like a Google link, but you get Microsoft Google instead.

I could also actually post a genuine Google link but make the preview go somewhere else completely, so people may see the link goes where they expect even when putting the mouse over it, but then they end up clicking the preview for whatever reason. Bam, wrong site. Could also be a YouTube link and embed but the embed shows a completely different preview image, you click on it and get some gore or porn instead. Fake headlines, whatever way you can think of to abuse this, using the cyrillic alphabet, whatever.

People trust those previews in a way, so if you post a shortened link but it previews like a news article you want to go to, you might click the image or headline but end up on a phony clone of the site loaded with malware. Currently, if you trust your instance you can actually trust the embed because it’s generated by your instance.

On iMessage, it used that the sender would send the embed metadata, so it was used for a zero click exploit by sending an embed of a real site but with an attachment that exploited the codec it would be rendered with.