HiddenLayer5

HiddenLayer5, 1 year ago

It’s a pretty classic liminal space.

HiddenLayer5, 1 year ago (edited 1 year ago)

I had actually moved from a fully CLI server to one with a full desktop when I upgraded from a single board computer to x86. The issue is that it’s not just a NAS, but I regularly use it to offload long operations (moving, copying, or compressing files, mostly) so I don’t need to use my PC for those. To do that I just remote into it and type in the command, then I can turn my PC off or do whatever without affecting the operation. So in a way it’s a second PC that also happens to be a server for my other machines.

I use screen occasionally, and I used to use it a lot more when it was CLI only, but I find it really unwieldy due to how it manages multiple active terminals where you have to type in the ID of each screen to go back into it, and also because it refuses to scroll even when run in a terminal emulator that supports scrolling, where it just cycles between recent commands when you move the scroll wheel.

Not trying to make excuses, just trying to explain my reasoning. I know it’s bad practice and none of these are things I’d do if I was managing an actual production server, but since it’s only accessible from my LAN I tend to be a lot more lax with it.

I’m wondering if I could benefit from some kind of virtualized setup that separates the server stuff while still letting me remote into a desktop on the same machine for doing stuff, or if I can get away with just remoting into not the root user. Though I’ve never used a hypervisor and have no idea how to so I’m not sure how well that would go, since the well-known open source ones like Xen seem really technical and really feels like something not meant to be used outside an actual data centre.

HiddenLayer5, 1 year ago (edited 1 year ago)

Thank you.

Say there’s some exploit that allows some component of KDE to be used to read a file. If it’s running under an unprivileged user - it sucks. Everything in user’s homedir becomes fair game. But if it runs as root - it’s simply game over. Everything on the system is accessible. All config, all bad config, files of all applications (databases come to mind). Everything.

This is also something I’m thinking about: All the hard drives mounted on the server is accessible to the only regular user as that is what my other computers use to access them. I’m the only one with access to the server so everything is accessible under one user. The data on those drives is what I want to protect, so wouldn’t a vulnerability in either KDE or Firefox be just as dangerous to those files even running as the regular user?

Also, since my PC has those drives mounted through the server and accessible to the regular user that I use my PC as, wouldn’t a vulnerability in a program running as the regular user of my PC also compromise those files even if the server only hosted the files and did absolutely nothing else? Going back to the Firefox thing, if I had a sandbox breach on my PC, it would still be able to read the files on the server right? Wouldn’t that be just as bad as if I had been running Firefox as root on the server itself? Really feels like the only way to 100% keep those files safe is to never access them from an internet accessible computer, and everything else just falls short and is just as bad as the worst case scenario, though maybe I’m missing something. Am I just being paranoid about the non-root scenarios?

How does a “professional” NAS setup handle this?

HiddenLayer5, 1 year ago

In all seriousness: yes. Any app or even website can scan your local network and attempt to access other devices. This is apparent in the fact that dedicated network scanner apps like Fing don’t require any permissions to scan your network, therefore any app can if it wanted to.

HiddenLayer5, 1 year ago (edited 1 year ago)

Care Bears are the truly biblically accurate angels confirmed

HiddenLayer5, 1 year ago

Most likely their backup generators only power the absolutely critical equipment and everything else still goes down when the power goes off.

HiddenLayer5, 1 year ago (edited 1 year ago)

I’m running Fedora 39 KDE. I think I’m going to see what the file metadata of my other Fedora systems look like and try to replicate that. Worst case I just reinstall. At this point I’m a little curious how the system will react.

HiddenLayer5, 1 year ago (edited 1 year ago)

Sorry that’s not allowed either. Read the other sticker:

ALL STICKERS EXCEPT STICKERS ABOUT STICKERS BEING PROHIBITED EXCEPT STICKERS ABOUT STICKERS BEING PROHIBITED BEING PROHIBITED ARE PROHIBITED.

HiddenLayer5, 1 year ago

Thank you!

HiddenLayer5, 1 year ago

What is wrong with you Carl?

HiddenLayer5, 1 year ago

I was promised microchips. I haven’t gotten a single brain notification from Elon Musk yet. This some bullshit.

HiddenLayer5, 1 year ago (edited 1 year ago)

They could always do what Android does and give you a prompt to force close an app that hangs for too long, or have a default subprocess limit and an optional whitelist of programs that can have as many subprocesses as they want.

HiddenLayer5, 1 year ago (edited 1 year ago)

I just map both the user cache and the /tmp directory to a RAM drive. I allocated 4 GB but in practice it never gets even close to that much, and Linux seems to not be reserving the entire 4 GB at boot so I would assume how much RAM is used depends on how much is actually in your cache.

It also defers cache and tempfile related problems to turning it off and on again.

HiddenLayer5, 1 year ago

Look at this plebian making contact with the toilet when shitting. What’s wrong, not enough thigh strength?

/s

HiddenLayer5, 1 year ago

“Y’all kids today spend too much time on devices.”

Yeah, because that device literally gives us access to all the information the entire human race has amassed. Not only that, but we also have our work and/or school tied into it, so for those things we literally need to be on it at least part of the time. Instead of hoarding expensive books that you’ve never read to justify having an oversized McMansion with a “library”, we access our information as needed.

HiddenLayer5, 1 year ago

And gastroscope is the type specifically for the esophagus and stomach.

HiddenLayer5, 1 year ago (edited 1 year ago)

It’s honestly sad that nurses are so underpaid in the US that one could potentially imagine them doing this for free food.

HiddenLayer5, 1 year ago (edited 1 year ago)

Consent forms don’t protect you from negligence though.

They also don’t protect you from criminal charges which Wonka definitely has many of by the end of it.

HiddenLayer5, 1 year ago

Poll time! If you HAD to switch from Linux to BSD, which one are you choosing?

HiddenLayer5, 1 year ago (edited 1 year ago)

Yeah, unfortunately speed limits don’t mean anything and studies show that drivers pretty much always drive as fast as they think they can regardless. The issue is that North America has stroads which are highly conducive to driving fast, damn near highway speeds. If we had the narrow, potentially tile or even cobblestone local streets that European and Asian cities have it would be less of a problem because those conditions directly promote lower speeds and more attentive driving.

HiddenLayer5, 1 year ago (edited 1 year ago)

With the recent track record of AAA game studios and their milking of long-running series, it might not even be worth pirating.

HiddenLayer5, 1 year ago (edited 1 year ago)

The job in that case is property management, not being a landlord in and of itself. If you do upkeep yourself as in renting out a basement or a second property, you’re technically both a landlord and a property manager. Homeowners can have property managers as well, such as in a condo, in that case the property manager is hired by the owners council and paid for with condo fees.

The “professional” landlords, the type that are hated by far the most, hire dedicated property managers who do basically everything (up to and including approving new renters and evicting people in some cases) and basically the only thing the actual landlords personally do is hold the deed, which is why those businesses are called holding companies.

HiddenLayer5, 1 year ago

It’s not even a service IMO

HiddenLayer5, 1 year ago

Good advice. Thank you!

HiddenLayer5, 1 year ago

Reminder that their CEO unapologetically said that he doesn’t think water is a human right.