sudo isn’t simple at all. SUID binaries shouldn’t be LDAP clients, IMO. Unfortunate bugs like “user environment variables are used to select the editor” make all the complex configuration a huge risk, because permitting a single user to edit a single file suddenly gives the user full root access when they set the right env variables.
I have no specific love for run0 (doas works just as well) but sudo does way more than it should do in a binary with the SUID bit.
run0 doesn’t exist because systemd wanted to build their own sudo, they just realised their systemd-run already offers most sudo features so they may as well make them available to end users.
I bought a laptop yesterday, it came pre-installed with Windows 11. I hate win 11 so I switched it down to Windows 10, but then started considering using Linux for total control over the laptop, but here’s the thing: I keep seeing memes about how complicated or fucky wucky Linux is to install and run. I love the idea of open...
Every server I’ve encountered in my professional life runs either some kind of enterprise™ Linux like Red Hat (licensed, expensive ones), Ubuntu, or Debian, or some extremely customised Linux that’s unusable for any purpose other than whatever it was built for. Dev machines run Ubuntu, or maybe Fedora or some enterprise™ Linux.
I’ve heard from a lot of startups using nixOS and your Arch flavour of the week, but I’m pretty sure that’s only used because all four people in the company are Linux turbo nerds who have managed to agree on one specific obscure Linux distro.
Business people do complain about Ubuntu, though. They don’t like automatic updates (because their weird proprietary software only works with the specific versions they picked and they can’t be bothered to actuslly fix their code) so snaps are a threat. Ubuntu Pro expanding threatens their “use software someone else pays maintenance tax for without any bill” business plan. See also: “I like Debian but I dislike the way they patch things and how hard it is to install proprietary blobs onto it”.
They want their free software to be maintained for free not because they care about software freedom, but because they’re cheap, and Canonical and IBM starting to charge businesses for the software development they do threatens that business model.
Why? Because it asks the user if they would like to send feedback to Canonical during setup? Because that’s the only privacy issue I can remember re: Canonical, after their weird Amazon lens was quickly killed off.
Messing with 18650s is rather risky, I’m not sure if exposing them as individual cells is a good idea. I hope the company is smart enough to put a “if you burn your house down replacing the batteries, we’re only liable if we sent you the replacement” clause in their sales contract or they’ll be sued into the ground if this thing ever takes off.
As for ARM+games: with tools like Box64 you can get some impressive performance out of 3D games assuming your GPU is supported. The native code of the game will be running translated, but the expensive calls to 3D engines and such will all be caught and replaced by native ARM libraries. I doubt you’ll be running Cyberpunk on this thing, but don’t count it out just because of the translation step.
Depending on your skill level, you may want to consider a deduplicating file system, like BTRFS or ZFS. That way, you can make copies of the source drive and deduplicate unchanged segments, making every copy after the first only take up a small percentage of the apparant disk size.
I’ve personally used duperemove to deduplicate old disk images and it works very well in my experience.
I wouldn’t use NTFS with Linux. The driver is stable enough that it doesn’t corrupt the file system anymore these days, but performance isn’t as good as alternatives.
You can just turn off Bitlocker in the Windows settings from what I can tell. It just seems to default to encryption, like every other OS has for the last decade or so.
Can you provide a source for the 45% performance hit? The average consumer CPU can do a couple of GB per second of AES operations these days, so I wonder how you got to that number.
Onlyoffice is pretty usable, better than libreoffice. The company behind it is Russian, though, so better not use it if you deal with any kind of sensitive information in a western country (that includes stuff like business administration!).
You can also try the common activation scripts or manually configure vlmcsd. Or just use the free online stuff like Google Docs or Office Online.
The company is Latvian, but the Latvian company used to be owned by a Russian company. Right now, the company is owned by a British shell company, owned by a Singaporean holding. Fort a short while, the British company was owned by someone acting as a corporate advisor in Uzbekistan.
Legally speaking, they’re not Russian, but I find it hard to believe they’ve actually severed ties. I believe they changed their business structure to avoid EU sanctions. This could just be your basic corporate tax evasion as well, but i haven’t seen a tax evasion scheme like this in open source software before.
China is known to bully in international waters. They also have their own view of what “international waters” entails in the first place, laying claim to almost the entire South Chinese sea.
I doubt this has much to do with Russia or North Korea. It’s probably just China using armed forces to bully other countries again.
This seems to be the source of the linked article (though I’m not sure how official it is, the titles for every article contain at least the word “China” and read like SEO spam).
From what I can tell, the atlas seems to be print only. There’s a high-res JPEG (200MB) you can download, which I think is part of the atlas, but you’ll need to pay for the physical version if you want the full thing.
Edit: that link is from a publication dated two years ago. I’m guessing it’s a pre-print version? Still pretty cool, but maybe not the version the linked post is to be talking about.
I think Google Earth used to have both the moon and Mars as explorable options. Perhaps you can find an old copy that still has it? Mapping is based on the old NASA data but I doubt you’d notice the difference with the new Chinese data set when you get up close.
In 2022, a Texas family filed a lawsuit against Apple for damaging their son’s hearing after an Amber Alert went off while he was wearing Airpods. According to Google, the maximum volume of phone headphones is around 105 decibels. The family are claiming that the son now requires hearing aids after his eardrum ruptured....
I can’t find any mention of a specific dB level in the submitted documents though I can’t find every document online for free. Apple tried to have the case dismissed but seems to have messed up their paperwork.
The claim is not just about rupturing the eardrum, but also about tinnitus. While I doubt the 105dB maximum is enough to rupture the eardrums of a healthy young boy, I can imagine it being enough to induce tinnitus.
It remains to be seen if the supposed 105dB limit you quote was actually applied as intended. The limit is enforced in software, and software can be buggy.
I’m sure a medical professional will be consulted during the lawsuit, so you’ll probably get your answer eventually. The courts move slow, though, so it may take a while to get a definitive answer.
This has come up in the past. I believe Mandarin has a short and quick word for this. English doesn’t have the same cultural background so there’s no quick name for it.
Compare this to writing out “MothersOrFathersBrotherOrSistersDaughterOrSon” instead of “cousin”. In fact, my own language doesn’t even have a word for “sibling”, all we have is “brother or sister”, despite being surrounded by languages that do have such a word.
Same reason there would be an “or” in “BrotherOrSistersOrBrotherInLawsOrSisterI LawsDaughter” when describing “niece” in the same way.
English happens to have short words for certain cultural relationships that other languages don’t, and other languages have their own culturally relevant familial descriptions.
From what I recall, this is a translation of a Mandarin word.
Without some kind of signature scheme, this can easily be abused, though. The first server to fetch the embed can put just about anything in there when it pushes that embed to other servers.
Sharing Federated content in general works like that. However, the originating server will still receive an onslaught of HTTPS requests of remote servers fetching the signing key used to sign the federated message.
“Just defederate” is not a real solution. I’ve observed malicious behaviour on all major Lemmy, Kbin, and Mastodon services, and even more on smaller services like personal Mastodon servers.
That kind of centralisation is exactly what the Fediverse was built to prevent. What’s the point of decentralising if you’re going keep a whitelist of servers and break link previews for all other users? I would certainly keep that feature disabled.
ActivityPub doesn’t require followers, it’s a push-based protocol. You can tag a user, and your post gets embedded in the remote timeline. The lack of the ability to cut down on notifications is actually one of the problems many of the more popular fediverse accounts often talk about.
One could implement a sort of “I trust your supposed representation but only if the recipients follow you” approach, but then you’ll need to explain to users why sometimes link previews work and why sometimes they don’t.
This issue could still be prevented entirely in a whitelisted federation model where hacked servers get defederated immediately, but I don’t think that’s a particularly popular model within ActivityPub circles.
There are a few reputation systems out there, but they have the exact same problem email reputation services have: your small server will never be able to exchange messages with the four or five largest servers because there’s no way for you to build up a reputation in the first place, and a 30 minute hack can make your domain completely unusable.
I doubt they actually want people to stop sharing their content on Mastodon, as they share the content on Mastodon themselves. I think they want to get more attention for this issue.
Nobody seems to have done so, but it’d be trivial to use ActivityPub as an amplification factor for attacking small publications. Just register free accounts with a couple hundred servers, post links to articles (with unique garbage added to the end of the URL to bust basic server side caching), and tag a couple dozen random users from other servers. Every server, as well as every server whose user was tagged, will fetch the page, and if present, a header image. You can easily send out dozens of links per second to thousands of servers, enough to overwhelm any site that doesn’t have their content gatekept by internet giants like Cloudflare.
If the website is hosted on a server with expensive egress fees (“serverless”, Amazon, GCloud, Azure, hosters that don’t disconnect your server when you hit your bandwidth limit) you can run up a bill of tens of thousands. If the hoster does apply an egress cap, you can shut down a website for a couple of days at the very least.
I don’t have a workable solution to this problem, but the way the Fediverse seems to be built with the rather naïve idea that every request that passes the signature requirement is done in good faith has major implications on the wider internet. If we don’t find a solution to this problem, I expect websites to start blocking Fediverse user agents when the first DDoS waves start.
Admittedly, the 100MB isn’t that bad, though at 100MB per post with several posts per day such a website does need to deal well with caching. I certainly would take my blog down if every time I posted something I needed to pay 15 cents for the privilege on top of my existing hosting costs.
However, an orchestrated attack could do thousands times more damage. A small group of Japanese middle schoolers managed to overwhelm all moderation tools the Fediverse had available to them with a quick script, and that attack only stopped because the police got involved. I can think of several ways to abuse the presumptions of friendliness that’s present within most Fediverse software.
Having 18000 servers download a couple hundred pages per hour is enough to take down most small websites, especially thanks to the geographically distributed nature of the Fediverse that requires every CDN node to be fully populated (and likely populated with spam), and that’s not hard to pull off with a handful of small domains and maybe a couple of Amazon IP addresses.
I’m not so worried about the traffic caused accidentally (though there is a separate thundering horde problem with many ActivityPub implementations) but the potential for abuse is there and it needs to be solved before it someone malicious finds out.
With the phone spoofing though, does that mean two factor with a phone number is basically useless?
Spoofing is mostly done outbound. Anyone with enough money to buy SS7 line access can redirect almost any phone line in the world, though. It’s not cheap to get access to a network like that, but it’s also far from impossible. SIM jacking is a lot cheaper and just as effective, though.
Phone 2FA is better than nothing, but worse than almost all other options. Turn it on if it’s the only 2FA method, better leave it off if you can use TOTP or another 2FA mechanism.
IMSIs are a bit weird since the introduction of 5G, to combat illegal IMSI catchers. The identifiers remain, but they’re not used directly anymore, like a MAC or IP address would be.
SIMs can be swapped between devices so I don’t really see them as device identifiers. I suppose SIMs are hardware too, unless you’re using eSIM.
I can’t really take Rossman seriously when it comes to this app.
He makes good points about how terrible Youtube as a platform is, but his “solution” is some kind it proprietary video player that just plays Youtube videos.
He’s setting himself up for a lawsuit he can’t win that’ll cost him and his supporters a huge amount of money. “We can pirate because we’re making a new Invidious app” won’t hold up in court and he knows.
Luckily for him, Youtube’s legal team tends to send empty threats for a while before they take actual legal action. I seriously doubt anyone looked I to his app for more than a minute before sending these letters. If their app does gain significant market share, it’ll be shut down quickly.
As for his “muh freedom” shtick: while I agree that we should have the freedom to download videos, I doubt he doesn’t know that attempts to popularise alternative downloads will only lead to Google taking actual action against these apps. It really wouldn’t that hard for Youtube to block his app, they just haven’t bothered telling some random Youtube dev to out effort into it.
This will only end in an arms race that will make Youtube worse for people who don’t pay for Youtube content. Expect more DRM, more log-in requirements, fewer resolutions available for free, more fingerprinting, strict remote attestation, you name it. Google hasn’t even scratched the surface of what they can do against third party clients on a technical level, probably because making some intern in Legal send out a template letter is effective enough and doesn’t cost as much as putting in effort.
Any good pirate knows that you need many people to pay for the stuff they pirate, or the stuff they pirate will stop being made. If everyone took this stuff for free, there would be no stuff to take. Directly undermining Youtube’s business model with an app of your own is the direct opposite of that, unless you know your app will never make a significant dent into the bottom line of the people you’re taking content from.
There’s only one thing that can make Youtube better, and it’s competition. Unfortunately, nobody wants to pay for online stuff, either with money or through ads, so it won’t happen. Youtube’s free model doesn’t make any business sense, which is why it’s the only platform that works like Youtube, except maybe for Billibilly because the CCP blocked Youtube. We, the internet consumers, have all played ourselves by demanding everything to always be free. We’re almost doing fucking around, and moving quickly into the “finding out” stage.
Either Rossman knows his app will never take off, he’s trying to get sued into the ground to prove a point, or he’s willing to accept Youtube becoming worse for everyone. I miss when he was mostly concerned about right to repair, at least his approach on that subject had some merit.
Last time I checked my router’s statistics, IPv6 destinations were a bit over 50%. That included torrents, though, actual website traffic is much better.
The only website I can think of that I can’t reach over IPv6 is Github.
Systemd Looks to Replace sudo with run0 (news.itsfoss.com)
I don't know anything about Linux and the idea of installing it frightens me. Where do I start?
I bought a laptop yesterday, it came pre-installed with Windows 11. I hate win 11 so I switched it down to Windows 10, but then started considering using Linux for total control over the laptop, but here’s the thing: I keep seeing memes about how complicated or fucky wucky Linux is to install and run. I love the idea of open...
This laptop was MADE to be HACKED! (www.youtube.com)
Suggestions for filesystem.
Hello all,...
Windows 11 24H2 will enable BitLocker encryption for everyone — happens on both clean installs and reinstalls (www.tomshardware.com)
Worth the effort to obtain a copy of MS Office on the high seas? *SOLVED
It’s for my mother, who so far cannot stand LibreOffice.
Australian helicopter forced to take evasive action after Chinese fighter intercepts with flares (www.abc.net.au)
China Creates a High-Resolution Atlas of the Moon (www.universetoday.com)
Really important step towards expanding our research on the moon, is creating highly detailed maps of the entire surface....
Is a sound level of 105 decibels for a few seconds enough to rupture a person's eardrum?
In 2022, a Texas family filed a lawsuit against Apple for damaging their son’s hearing after an Amber Alert went off while he was wearing Airpods. According to Google, the maximum volume of phone headphones is around 105 decibels. The family are claiming that the son now requires hearing aids after his eardrum ruptured....
Best constant in all of iOS! (developer.apple.com)
Part of the contact management framework. The label for the contact’s mother’s sibling’s younger son or father’s sister’s younger son.
The Fediverse has a DDoS problem (aumetra.xyz)
I was recommended to share this article I wrote a few days ago on here, too; so here we are!...
Please Don’t Share Our Links on Mastodon: Here’s Why! | itsfoss.com (mastodon.social)
Why don't computers have "computer-numbers" equivalent to phone numbers
Why doesn’t every computer have 256 char domain name, along with a private key to prove it is the sole owner of the address?...
Youtube send a Letter to Grayjay Creator (www.youtube.com)
There's no place like `[::1]`
I bet all those people that got tattoos of “There’s no place like 127.0.0.1” are so embarrassed now that IPv6 has been adopted globally.