HiddenLayer5

HiddenLayer5, 5 months ago (edited 2 months ago)

Coding at night with the lights off makes you feel like one of the cool movie hackers.

HiddenLayer5, 5 months ago

Why survive like a Ferengi when you can die like a Klingon warrior?

HiddenLayer5, 5 months ago (edited 2 months ago)

For people who don’t know, there is already a fully Rust OS: www.redox-os.org

Microkernel too which is pretty cool.

HiddenLayer5, 5 months ago

It’s a pretty classic liminal space.

HiddenLayer5, 5 months ago (edited 2 months ago)

Except they won’t go today or tomorrow. They’ll stay here to finish the job of destroying our planet, then go.

HiddenLayer5, 5 months ago (edited 3 months ago)

I wonder how easy it is to DIY something like that. Like would it be as easy as picking up an off the shelf power supply with the right voltage and current and 3D printing an attachment that fits into the battery slot with a DC jack on the side (or even just gutting a dead battery pack and taking out the batteries and control electronics, soldering a DC jack straight onto the main contacts, and drilling a hole for it to poke through)? Or do modern power tools actually need to authenticate the battery with some kind of tool DRM?

HiddenLayer5, 5 months ago (edited 3 months ago)

I think the main issue for the companies is that power adapters have a nearly unlimited lifespan in comparison to lithium batteries, so it would be less profitable for them to sell you a direct attached power adapter than a bunch of batteries and a charger where you have to keep crawling back to them when the batteries inevitably give out in three years.

It would be trivial to design a blank battery attachment with a DC jack, and just have it hooked up to what is essentially a beefed up laptop charger. There are plenty of applications where a corded tool is perfectly adequate and even superior to cordless tools, so the fact that none of the manufacturers have it as an option hints that it was a business decision as opposed to merely an oversight.

HiddenLayer5, 5 months ago

I hope this is done over VPN and that you have 2FA configured on the VPN endpoint? Please don’t tell me it’s just portforward directly to a VNC running on the servers or something similar because then you have bigger problems than just random ‘oops’.

I have never accessed any of my servers from the internet and haven’t even adjusted my router firewall settings to allow this. I kept wanting to but never got around to it.

Since these are home systems the potential monetary damage from downtime and re-install isn’t huge, so personally I’d just take the hit and wipe/reinstall. I’d learn from my mistakes and build it all up again with better routines and hygiene. But that’s what I’d do.

Yeah this and other comments have convinced me to reinstall and start from scratch. Will be super annoying to set everything back up but I am indeed paranoid.

HiddenLayer5, 5 months ago

So is the main worry with GUIs that they have potential code execution vulnerabilities? Or is the worry that the plugins themselves are malicious?

HiddenLayer5, 5 months ago

Mainly that. I want to be able to have multiple terminal windows open and have them stay open independent of my main PC. Part of the reason I have a file server instead of plugging all the drives into my PC is so I can offload processor heavy operations onto it (namely making archives and compressing files for long term storage) so I don’t have to use my PC for that.

People have mentioned programs like screen but IMO it’s way more annoying to juggle multiple terminals with it than if they were just windows, and also screen doesn’t scroll so whatever goes beyond the top edge is just inaccessible which I find really annoying. I’ve also been screwed by mistyped file operations on the terminal before (deleting stuff I didn’t mean to mainly) and I just find it safer to use a GUI file manager where it’s a lot harder to subtly mess something up and not notice until it’s too late.

HiddenLayer5, 5 months ago (edited 3 months ago)

I had actually moved from a fully CLI server to one with a full desktop when I upgraded from a single board computer to x86. The issue is that it’s not just a NAS, but I regularly use it to offload long operations (moving, copying, or compressing files, mostly) so I don’t need to use my PC for those. To do that I just remote into it and type in the command, then I can turn my PC off or do whatever without affecting the operation. So in a way it’s a second PC that also happens to be a server for my other machines.

I use screen occasionally, and I used to use it a lot more when it was CLI only, but I find it really unwieldy due to how it manages multiple active terminals where you have to type in the ID of each screen to go back into it, and also because it refuses to scroll even when run in a terminal emulator that supports scrolling, where it just cycles between recent commands when you move the scroll wheel.

Not trying to make excuses, just trying to explain my reasoning. I know it’s bad practice and none of these are things I’d do if I was managing an actual production server, but since it’s only accessible from my LAN I tend to be a lot more lax with it.

I’m wondering if I could benefit from some kind of virtualized setup that separates the server stuff while still letting me remote into a desktop on the same machine for doing stuff, or if I can get away with just remoting into not the root user. Though I’ve never used a hypervisor and have no idea how to so I’m not sure how well that would go, since the well-known open source ones like Xen seem really technical and really feels like something not meant to be used outside an actual data centre.

HiddenLayer5, 5 months ago

Please don’t do this! DEs are not tested to be run as root! Millions of lines of code are expected to not have access to anything they shouldn’t have and as such might be built to fail quietly if accessing something they shouldn’t in the first place. Same thing applies to Firefox, really.

Could you elaborate on this? I’m genuinely surprised because Fedora just asks you if you want to have the option to log into root from KDE during installation, so I always just assumed that it’s intended to be used that way.

HiddenLayer5, 5 months ago (edited 3 months ago)

Thank you.

Say there’s some exploit that allows some component of KDE to be used to read a file. If it’s running under an unprivileged user - it sucks. Everything in user’s homedir becomes fair game. But if it runs as root - it’s simply game over. Everything on the system is accessible. All config, all bad config, files of all applications (databases come to mind). Everything.

This is also something I’m thinking about: All the hard drives mounted on the server is accessible to the only regular user as that is what my other computers use to access them. I’m the only one with access to the server so everything is accessible under one user. The data on those drives is what I want to protect, so wouldn’t a vulnerability in either KDE or Firefox be just as dangerous to those files even running as the regular user?

Also, since my PC has those drives mounted through the server and accessible to the regular user that I use my PC as, wouldn’t a vulnerability in a program running as the regular user of my PC also compromise those files even if the server only hosted the files and did absolutely nothing else? Going back to the Firefox thing, if I had a sandbox breach on my PC, it would still be able to read the files on the server right? Wouldn’t that be just as bad as if I had been running Firefox as root on the server itself? Really feels like the only way to 100% keep those files safe is to never access them from an internet accessible computer, and everything else just falls short and is just as bad as the worst case scenario, though maybe I’m missing something. Am I just being paranoid about the non-root scenarios?

How does a “professional” NAS setup handle this?

HiddenLayer5, 5 months ago (edited 3 months ago)

Huh. I never even thought of that. I use my ISP’s router in bridge mode and have my own router running on mostly default settings, IIRC the only thing I explicitly changed was to have it forward DNS requests to my Pihole. I should inspect the settings more closely or as you said just configure the server to block the relevant ports from outside the LAN. Thank you.

HiddenLayer5, 5 months ago

In all seriousness: yes. Any app or even website can scan your local network and attempt to access other devices. This is apparent in the fact that dedicated network scanner apps like Fing don’t require any permissions to scan your network, therefore any app can if it wanted to.

HiddenLayer5, 6 months ago (edited 3 months ago)

Paved roads disrupt rainwater movement as they physically block water from permeating and also have fast flowing storm drains. They have been shown to significantly reduce groundwater replenishment and increase the speed and volume of run off into rivers and streams, which exacerbates flooding risks.

HiddenLayer5, 6 months ago (edited 3 months ago)

If you only have the option to drive and it looks like it will never change where you live, then yes, driving electric is better than driving an ICE car. You’re not the problem for needing to live your life with the limited options you have access to. However, that does not mean the intrinsic problems with cars disappear the instant they become electric, and this meme is mainly meant to respond to the techbro people who think just because electric cars exist now it makes transit obsolete or it solves literally everything wrong with cars in general, and use that to actively resist public transportation or attempt to turn public opinion against it. I should have added additional context to make that clearer.

HiddenLayer5, 6 months ago (edited 3 months ago)

I live in Vancouver and our transit agency is seriously considering ripping the trolleybus lines out. Just like how they ripped the streetcars out before the trolleybuses came and then shamelessly told us that it’s too expensive to reinstall the tracks so we’re just never getting it back. In both cases it was because “it’s getting too expensive to maintain” after they deferred maintenance for ages so everything is falling apart and the small problems got compounded into showstoppers from neglect.

HiddenLayer5, 6 months ago

Hey stop making assumptions! It could be a shitting contest too!

HiddenLayer5, 6 months ago

He’s giving her a sign to just surrender already.

HiddenLayer5, 6 months ago (edited 3 months ago)

Care Bears are the truly biblically accurate angels confirmed

HiddenLayer5, 6 months ago

Just use the compass in your maps app FFS who even has a dedicated compass app anymore?

HiddenLayer5, 6 months ago

Also, Santa, who’s implied to be the guardian of the reindeer, chose not to intervene in the slightest on behalf of Rudolph. He never at any point even acknowledged the bullying and went straight to using Rudolph for his own benefit. This, despite a 0% chance he didn’t know about the bullying considering that his literal thing is knowing if you’re bad or good. Bullying isn’t considered bad?