@smlx@fosstodon.org
@smlx@fosstodon.org avatar

smlx

@smlx@fosstodon.org

Free software and cloud wrangler. Security Engineering dabbler.

This profile is from a federated server and may be incomplete. Browse more on the original instance.

pid_eins, to random
@pid_eins@mastodon.social avatar

9️⃣ Here's the 9th installment of my series of posts highlighting key new features of the upcoming v256 release of systemd.

I am sure you are aware of systemd-nspawn, systemd's minimal container manager focussed on full OS containers, that can boot up a Linux image from an OS in a disk image or from a directory. systemd-nspawn was originally a development tool, to make it easy for us to develop the service manager without constantly having to reboot.

Nowadays it's a lot more than that, …

smlx,
@smlx@fosstodon.org avatar

@pid_eins so are you saying that I can use this to have socket activated services which are actually running in VMs?

pid_eins, to random
@pid_eins@mastodon.social avatar

5️⃣ Here's the 5th installment of my series of posts highlighting key new features of the upcoming v256 release of systemd.

I am pretty sure all of you are well aware of the venerable "sudo" tool that is a key component of most Linux distributions since a long time. At the surface it's a tool that allows an unprivileged user to acquire privileges temporarily, from within their existing login sessions, for just one command, or maybe for a subshell.

"sudo" is very very useful, as it…

smlx,
@smlx@fosstodon.org avatar

@pid_eins It sounds like a great improvement on sudo, but I have a question: how do you pronounce "run0"?

drewdevault, (edited ) to random
@drewdevault@fosstodon.org avatar

The massive rise in fraud, spam, DoS attacks, and malicious traffic generally across the entire internet in 2024 alone is of such a scale and variety that I cannot help but wonder if there is a nation state behind it

Reply to this thread with references to incidents in 2024 that you know of. I have: fediverse spam, sourcehut DDoS and spam, codeberg DDoS and spam, spam on gitea/forgejo instances generally, and the latest malware flood on GitHub. What else is going on?

smlx,
@smlx@fosstodon.org avatar

@drewdevault I've seen several pieces of research regarding massive new botnets.
E.g. https://www.bitsight.com/blog/hunting-privateloader-malware-behind-installskey-ppi-service

Plus with cryptocurrency prices spiking and several national elections this year I guess there's more financial and political incentive to spread malware.

drewdevault, to random
@drewdevault@fosstodon.org avatar

Statement regarding the ongoing SourceHut outage

https://outage.sr.ht

smlx,
@smlx@fosstodon.org avatar

@drewdevault Great news, what a week! Really appreciate your transparency throughout.

drewdevault, to random
@drewdevault@fosstodon.org avatar

Richard Stallman's political discourse on sex

https://drewdevault.com/2023/11/25/2023-11-26-RMS-on-sex.html

smlx,
@smlx@fosstodon.org avatar

@drewdevault thanks for documenting this stuff. I didn't know the stats on the signatures of those open letters. Depressing.

mjg59, to random
@mjg59@nondeterministic.computer avatar

Dear interwub, is there any way I can reasonably have git use a different ssh agent for a given git repo other than having a wrapper around ssh-keygen that sets SSH_AUTH_SOCK and having per-repo config to set gpg.ssh.program? My hardware keys are in another agent.

smlx,
@smlx@fosstodon.org avatar

@mjg59 I worked around this problem by putting all my keys (file and hardware) in a single agent. Then you can set "git config user.signingKey" per repo and it all just works.

smlx,
@smlx@fosstodon.org avatar

@mjg59 which kind of hardware do you have?

kjaymiller, to random
@kjaymiller@mastodon.social avatar

Okay trying something!

NERDY TECH BLACK PEOPLE SAY HI SO I CAN FOLLOW YOU!

Maybe it's that easy (or maybe I followed them all and this thing just doesn't feel like home for folks like me) 🥺

smlx,
@smlx@fosstodon.org avatar

@kjaymiller G'day 👋

WPalant, to random

There is apparently more evidence that the attackers who breached last year did it for money. And this is really the best-case scenario.

Yes, millions of dollars stolen from crypto wallets is sad and everything, and I hope that LastPass is sued into oblivion for their negligence. But just imagine what a state-level actor would have done with passwords of millions of users. There will certainly be some in this pile who are of significant interest to them. And who knows how many companies e.g. with ties to the US government used (still use?) LastPass.

Really, your regular crooks looking to make some money are the friendly bunch in comparison.

smlx,
@smlx@fosstodon.org avatar

@WPalant interesting, do you have a link for the motivations behind the LastPass hack?

smlx,
@smlx@fosstodon.org avatar

@WPalant thanks, I found it

XOrgFoundation, to random
@XOrgFoundation@floss.social avatar

As you may have seen, gitlab.freedesktop.org has been offline for maintenance for the past 24h.

This maintenance operation was supposed to last ~4h on Sunday morning, but was extended to expedite a number of much-needed upgrades:

  • migration to a new datacenter which would save us ~$20K/year
  • updated postgresql, allowing us to upgrade to gitlab 16.x

1/3

smlx,
@smlx@fosstodon.org avatar

@XOrgFoundation :oof: sending to the sysadmin team

  • All
  • Subscribed
  • Moderated
  • Favorites
  • provamag3
  • GTA5RPClips
  • magazineikmin
  • tacticalgear
  • khanakhh
  • InstantRegret
  • Youngstown
  • mdbf
  • slotface
  • thenastyranch
  • everett
  • osvaldo12
  • kavyap
  • rosin
  • megavids
  • DreamBathrooms
  • Durango
  • normalnudes
  • ngwrru68w68
  • vwfavf
  • ethstaker
  • modclub
  • cubers
  • cisconetworking
  • Leos
  • anitta
  • tester
  • JUstTest
  • All magazines
    •