• 0 Posts
  • 19 Comments
Joined 1 year ago
cake
Cake day: June 9th, 2023

help-circle

  • A process owned by any user will be able to exploit a userspace vulnerability, whatever this user is. Selinux, chroot, cgroups/containerization add a layer of protection to this, but any vulnerability that bypass these will be as exploitable from nobody as from any other local user. It will protect a user files from some access attempts but will fail to prevent any serious attack. And as usual when it comes to security, a false sense of security is worse than no security at all.

    Remember that some exploits exist that can climb outside of a full-blown virtual machine to the virtualisation host, finding a user escalation vulnerability is even more likely.

    The only real protection is an up-to-date system, sane user behavior and maybe a little bit of paranoia.







  • Others has answered the specific cases where TTM is paramount.

    When time is less of an issue, in my experience it’s in no particular order a mix of:

    • product owners or similar role wanting “everything and right now” for no reason whatsoever, except maybe some bonus;
    • bosses bossing around to try and justify their existence instead of easying progress ;
    • developers being not much more than code jockeys with a tendancy to develop by StackOverflow copy/paste;
    • operations lacking time, resources or knowledge to build a proper CI/CD pipeline - when it’s not an issue of operations by ServerFault copy/paste;
    • experts (DBA, virtualization, middlewares) being kept out of the project, and only asked for advice when things go terribly wrong later.

    All in all, instead of short term profit, it’s a lack of not-so-long term vision and engagement from everyone involved. They just don’t care.

    Yeah, I’m the one in charge of fixing the mess, why you ask?










  • Unplug your mouse. Seriously. Do it. It might sound like the “kicking and screaming” method but you’ll learn to rely on your keyboard even for GUI tools and you’ll vastly improve how fast you navigate your computer. You should find yourself more and more in the terminal, obviously, but you may learn also some nice tricks with everything else.



  • Given the state of this world, there’s better things to do than to add such gimmicks in EV. There’s enough energy and matter wasted in useless widgets to at least spare the new generation of such stupidity. I could get behind a new kind of recycled ICE vehicles, operating on captured-carbon fuel and paid at a premium for those who need to love the rumble of a well-tuned engine, but that should stay a fringe hobby.

    Time’s for a compromise on the length of the fuse is over, we, as a whole, should be focussing on preventing the climate bomb to do too much damages to humans.

    Or maybe we should double down, extract and burn even more fuel, produce and discard even more plastic, without forgetting to have it circle five times the Earth before before it hands in the customers’ hands: it wouldn’t be the first mass extinction and the planet will get through. Us humans, though…