I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system)
I’m not going to judge you (too much), it’s your system, but that’s unnecessarily risky setup. You should never need to logon to root desktop like that, even for convenience reasons.
I hope this is done over VPN and that you have 2FA configured on the VPN endpoint? Please don’t tell me it’s just portforward directly to a VNC running on the servers or something similar because then you have bigger problems than just random ‘oops’.
I do also remember using the browser in my main server to figure out how to set up the PiHole
To be honest, you’re most probably OK - malicious ad campaigns are normally not running 24/7 globally. Chances of you randomly tumbling into a malicious drive-by exploit are quite small (normally they redirect you to install fake addons/updates etc), but of course its hard to tell because you don’t remember what sites you visited. Since most of this has gone through PiHole filters, I’d say there’s even smaller chance to get insta-pwned.
But have a look at browser history on the affected root accounts, the sites along with timestamps should be there. You can also examine your system logs and correlate events to your browser history, look for weird login events or anything that doesn’t look like “normal usage”. You can set up some network monitoring stuff (like SecurityOnion) on your routers SPAN, if you’re really paranoid and try to see if there’s any anomalous connections when you’re not using the system. You could also consider setting up ClamAV and doing a scan.
You’re probably OK and that’s just paranoia.
But… having mentioned paranoia… now you’ll always have that nagging lack of trust in your system that won’t go away. I can’t speak to how you deal with that, because it’s all about your own risk appetite and threat model.
Since these are home systems the potential monetary damage from downtime and re-install isn’t huge, so personally I’d just take the hit and wipe/reinstall. I’d learn from my mistakes and build it all up again with better routines and hygiene. But that’s what I’d do. You might choose to do something else and that might be OK too.
I hope this is done over VPN and that you have 2FA configured on the VPN endpoint? Please don’t tell me it’s just portforward directly to a VNC running on the servers or something similar because then you have bigger problems than just random ‘oops’.
I have never accessed any of my servers from the internet and haven’t even adjusted my router firewall settings to allow this. I kept wanting to but never got around to it.
Since these are home systems the potential monetary damage from downtime and re-install isn’t huge, so personally I’d just take the hit and wipe/reinstall. I’d learn from my mistakes and build it all up again with better routines and hygiene. But that’s what I’d do.
Yeah this and other comments have convinced me to reinstall and start from scratch. Will be super annoying to set everything back up but I am indeed paranoid.
I have never accessed any of my servers from the internet and haven’t even adjusted my router firewall settings to allow this. I kept wanting to but never got around to it.
Does that mean you realistically don’t even know your network (router) setup? Because it’s entirely possible your machine is completely open to the internet - say, thanks to IPv6 autoconfiguration - and you wouldn’t even know about it.
It’s pretty unlikely but could potentially happen with some ISPs. Please always set up a firewall, especially for a server type machine. It’s really simple to block incoming outside traffic.
Huh. I never even thought of that. I use my ISP’s router in bridge mode and have my own router running on mostly default settings, IIRC the only thing I explicitly changed was to have it forward DNS requests to my Pihole. I should inspect the settings more closely or as you said just configure the server to block the relevant ports from outside the LAN. Thank you.
Oh if you even have your own router then have a firewall (primarily) there, and simply block every incoming forward connection except the ones you actually want (probably forwarded to your server). Similarly even for the router input rules you likely need only ICMP and not much else.
Mainly that. I want to be able to have multiple terminal windows open and have them stay open independent of my main PC. Part of the reason I have a file server instead of plugging all the drives into my PC is so I can offload processor heavy operations onto it (namely making archives and compressing files for long term storage) so I don’t have to use my PC for that.
People have mentioned programs like screen but IMO it’s way more annoying to juggle multiple terminals with it than if they were just windows, and also screen doesn’t scroll so whatever goes beyond the top edge is just inaccessible which I find really annoying. I’ve also been screwed by mistyped file operations on the terminal before (deleting stuff I didn’t mean to mainly) and I just find it safer to use a GUI file manager where it’s a lot harder to subtly mess something up and not notice until it’s too late.
Screen (and any other muxer) can scroll just fine. You just have to learn how to do it in each one. Tmux, for example, is ctrl+b [ to enter scroll mode.
mistyped file operations
Get a good TUI file manager. I use and recommend ranger.
You will never be a real display server. You have no hardware cursors, you have no xrandr, you have no setxkbmap. You are a toy project twisted by Red Hat and GNOME into a crude mockery of X11’s perfection.
All the “validation” you get is two-faced and half-hearted. Behind your back people mock you. Your developers are disgusted and ashamed of you, your “users” laugh at your lack of features behind closed doors.
Linux users are utterly repulsed by you. Thousands of years of evolution have allowed them to sniff out defective software with incredible efficiency. Even Wayland sessions that “work” look uncanny and unnatural to a seasoned sysadmin. Your bizarre render loop is a dead giveaway. And even if you manage to get a drunk Arch user home with you, he’ll turn tail and bolt the second he gets a whiff of your high latency due to forced VSync.
You will never be happy. You wrench out a fake smile every single morning and tell yourself it’s going to be ok, but deep inside you feel the technical debt creeping up like a weed, ready to crush you under the unbearable weight.
Eventually it’ll be too much to bear - you’ll log into the GitLab instance, select the project, press Delete, and plunge it into the cold abyss. Your users will find the deletion notice, heartbroken but relieved that they no longer have to live with the unbearable shame and disappointment. They’ll remember you as the biggest failure of open source development, and every passerby for the rest of eternity will know a badly run project has failed there. Your code will decay and go to historical archives, and all that will remain of your legacy is a codebase that is unmistakably poorly written.
This is your fate. This is what you chose. There is no turning back.
I don’t get it anyway, if you login remotely, why don’t you just open firefox locally but on the remote servers? This makes not much sense.
But If you absolutely have to. … At least be careful with your surf-targets. A search-engine and wiki would most likely be fine. Some pron-, stream- or warez-sites? Nah. Surely not.
Using any UI application as root is a bigger risk. That’s because every UI toolkit loads plugins and what not from all over the place and runs the code from those plugins (e.g. plugins installed system wide and into random places some environment variables point to). Binary plugins get executed in the context of the application running and can do change every aspect of your program. I wrote a small image plugin to debug an issue once that looked at all widgets in the UI and wrote all the contents of all text fields (even those obfuscated to show only dots in the UI) to disk whenever some image was loads. Plugins in JS or other non-native code are more limited, but UI toolkits tend to have binary plugins.
So if somebody manages to set the some env vars and gets root to run some UI application with those set (e.g. using sudo), then that attacker hit the jackpot. In fact some toolkits will not even bring up any UI when run as root to avoid this.
Running any networked UI application as root is the biggest risk. Those process untrusted data by definition with who knows what set of plugins loaded.
Ideally you run the UI as a normal user and then use sudo to run individual commands as root.
Plugins are a code execution vulnerability by design;-) Especially with binary plugins you can call/access/inspect everything the program itself can. All UI toolkits make heavy use of plugins, so you can not avoid those with almost all UI applications.
There are non-UI applications with similar problems though.
Running anything with network access as root is an extra risk that effects UI and non-UI applications in the same way.
The POSIFLEX issue might have to do with MBR. On your final linux installation, your partition table should NOT be using gpt but mbr and that might solve the issues.
It has to do with older BIOS not recognising gpt and henceforth being unable to boot from the disk.
N.B. you might have to configure your GRUB/systemd loader accordingly.
but no one seems to be discussing how risky it actually is.
That is because people stopped doing it ages ago.
But shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system?
Security is always a matter of layers. Any given layer can fail some of the time but you want to set up your security so situations where all the layers fail together are rare.
I just found myself that C is the worst programming language as many people say, but the security and simplicity is more than any language in security. Thank you so much for this!
C: "Lemme just accept anything the user gives me, write beyond the input buffer, glitch out, and start executing whatever the fuck the user injects in there."
Still a decent language though, but like an oxy-acetylene torch, it's powerful tool, but you better know what you're doing.
In that talk he called C “the worst language” and said he chose it to troll the industry. How does that support your point?
He also said that you should choose “least privilege” whenever possible. That is precisely the value that Rust brings over C. So how does that talk support the idea that C is more secure than Rust?
I think you misunderstood or… don’t get the point “worst language” part from what he said. My point come from his point who’s more expert. If you think like that, what can I say? and I’m not trying convience you to understand too…
Back to your knowledge and understanding. But at least for me, I agree with him that rust is ‘hype-like’ or ‘pop culture’ thing. Like cyrpto (he said in ask session), but from technical perspective, that I personally understand. I just lost the source to explain this, but it’s up to you…
A decade ago (almost!) I had one of those HP swivel-screen jobs - a Compaq TC4200. Replaceable battery, dock, external attachable battery, resistive touch screen, fully user-serviceable… it was the best laptop I’ve ever had, in terms of feature set.
People often claim they don’t make 'em like they used to, but it’s true. Framework is a step in the right direction with servicability, but they still have a way to go to get to everything laptops of a decade ago.
nix is like the i3 of package managers. does it work sure but you’ll spend your 80% of your time learning code and configuration to make your sick packaging rice /sarcasm
That’s only true you succumb to the hardcore Nix fanatics and follow their recommended “declarative” way. However, Nix, as a package manager, is perfectly usable - and accessible - with the imperative way, without having to subscribe to their religion and learn their language and terminology.
In the imperative path, Nix is as easy to use as any other package manager, yet it still retains many of the unique Nix features such as versioned packaged, instant rollback, non-root user-based installs etc.
It’s a shame because Nix is actually really cool and very easy to use if used this way - and especially useful on immutable distros, locked-down systems or distros which have a limited number of packages - but unfortunately, most people are missing out because the fanatics keep preaching the declarative way as if it’s the only option out there.
linux
Newest
This magazine is from a federated server and may be incomplete. Browse more on the original instance.