I'll now start blocking the KeePassXC hate mob. We're all trying to do our best here and I don't need to constantly engage with new haters while trying to navigate a foreign cities metro system.
1️⃣3️⃣ Here's the 13th installment of posts highlighting key new features of the upcoming v256 release of systemd.
ssh is widely established as the mechanism for controlling Linux systems remotely, both interactively and with automated tools. It not only provides means for secure authentication and communication for a tty/shell, but also does this for file transfers (sftp), and IPC communication (D-Bus or Varlink).
@pid_eins "...and that is why we are now introducing systemd-ssh. Comes with native support of xz compression, graciously contributed by Jia Tan. Enjoy!"
My annual plea for a thing: I want a type 1 hypervisor that just has a small isolated VM and then passes through the rest of the hardware to the main VM which runs Linux. The small VM is intended to be used to run small pieces of code that the main OS should not be able to interfere with. Does such a thing exist? (Think Xen, but with a Dom0 that can't see into DomUs)
5️⃣ Here's the 5th installment of my series of posts highlighting key new features of the upcoming v256 release of systemd.
I am pretty sure all of you are well aware of the venerable "sudo" tool that is a key component of most Linux distributions since a long time. At the surface it's a tool that allows an unprivileged user to acquire privileges temporarily, from within their existing login sessions, for just one command, or maybe for a subshell.
@pid_eins@phako the JavaScript engine does not process untrusted inputs, only trusted configuration, so it's really not a security problem anyway. People like to talk down js but it's extremely popular and well know and stable and there are tiny engines like duktape, unlike other alternatives with similar properties like lua
@pid_eins@phako not really, JS was chosen because you need to be able to express complex configuration rules, and it's better to use a known tool than inventing a new one. It's not about IPC, the transport doesn't matter, you need a configuration-like DSL because it's unfeasible to ask every admin/user to write and deploy a new program every time some rule needs to be adjusted.
@pid_eins@phako because writing a new config file and writing a new running program are not the same thing, and while for us developers there's not much difference, for non-developers the difference is huge. JS was already a though sell because, while the dialect used is minimal and restricted, it's still potentially a full-blown language. Dealing with writing and deploying and maintaining fully independent executables would be way too much. You need dependency tracking, pipelines, etc etc.
#systemd v256~rc1 is out! You know the drill, download it, run it, find all the bugs and report them - possibly to somebody else, I'll be at the nearest pub
1️⃣ So let's try something new. As we are closing in on tagging systemd v256-rc1, let's see if I manage to post a brief mastodon item about major new features of the upcoming release, every few days until the final release of v256. I figure not everyone reads NEWS files, even if curious. Hence let's start today with the 1st post: the new .v/ directories. You know those .d/ directories that are quite popular in low-level Linux packages these days? While .d/ dirs never have been formalized properly…
for a full-feature build, down 5 libs which are now dlopened on demand. Last one, libcap, will need to be swapped for some ioctls which won't happen for this release.
@codonell thanks - seems to be working well!
If some company had a pile of cash to throw at this, especially in light of the 'xz' situation, it would be really nice if we could get support for OSX-like lazy loading/resolving of shared libraries, so that they are loaded only after the first symbol is actually called. IIRC dylibs on OSX have this feature since forever
@codonell yep, hardening becomes more difficult, no idea how they solve that on OSX. Another nice feature of dylibs is that AFAIK you can detect when such a lazy loaded library is not available and fallback, like we do when dlopen fails, which is perfect for optional features
@codonell afraid not, as it's hearsay from @pid_eins 😃 iirc you can simply check if a function exists before calling it, but again all second-hand knowledge, never did OSX development work myself
Basically found decent train routes Marburg - Madrid with 36h layover in Paris to get a day in Paris in but haven't figured out how to book them, certainly doesn't work online. Not sure if it works offline.
Would be nice to get one contiguous ticket for passenger rights reasons.
@juliank On the TGV yes, it depends on the route though. About 30 euro on the Brussels-Paris route last month.
It's cheap in other countries though, 5 to 10 in Germany/Austria/Italy for ICE/RJ/FR