[-] moonpiedumplings@programming.dev 1 points 1 hour ago* (last edited 1 hour ago)

Programs/orgs like Conda are like the #1 reason projects like Guix exist.

Conda's default repos are only technically free for personal use, and you have to pay an exorbitant amount if you want to use them in a company. But what happens is devs install Conda anyways, not realizing this, the software phones home, and all of a sudden you have a bunch of lawyers on your case, demanding 10 gorbillion dollars.

And because programs like Conda, or Oracle Java, or so on are technically not malware (even though they literally act like ransomware in some ways), they aren't, and will not ever be caught by antivirus software.

So the solution people come up to not have to deal with those, with, is to restrict all installation of software entirely, via things like AppLocker on Windows. This makes it so that only approved software can be installed. Software can be manually vetted, confirmed to actually be free for the business, or paid for, before being explicitly allowed.

But the problem with this, is that users like being able to autonomously install the tools they need in order to solve problems. So now they just get frustrated that they can't do that at all.

Guix, and other projects which only ship open source software, present a middle ground. They distribute a large repo of software, that is essentially confirmed safe for a business to use, and for their users to install autonomously. If I gave someone Guix, I could feel confident that they could install various tools they needed without risking totally-not-ransomware from getting onto the systems.

Anyway. There is nonguix and other additional guix package channels if you want, say CUDA so it's an option. I'm just trying to explain why some people insists on this model, and why someone would see that as a benefit.

Woops, a duplicate?

[-] moonpiedumplings@programming.dev 17 points 6 hours ago

Did you reboot?

It could be that a system service was installed, and activated. This service could stay running even after the packages are removed, since the programs would remain in memory.

5
Swarm Simulator (www.swarmsim.com)

cross-posted from: https://programming.dev/post/52054729

Swarm simulator is an open source idle game:

https://github.com/swarmsim/swarm

10
Swarm Simulator (www.swarmsim.com)

cross-posted from: https://programming.dev/post/52054729

Swarm simulator is an open source idle game:

https://github.com/swarmsim/swarm

7
Swarm Simulator (www.swarmsim.com)

Swarm simulator is an open source idle game:

https://github.com/swarmsim/swarm

[-] moonpiedumplings@programming.dev 19 points 8 hours ago* (last edited 8 hours ago)

Thank you so much. This was so annoying. Although another comment mentions that this appears to be specific to samsung devices, and doesn't work on general android/aosp.

For those the ADB solution another comment mentions probably must be used.

[-] moonpiedumplings@programming.dev 5 points 15 hours ago

It's not about trusting the source code or binaries to not have malicious additions.

It's about protecting myself and other users from anti features, by modifying or forking the software of the need ever arises. If software ever adds tracking or telemetry, the community can either modify it downstream (i.e. the way many linux distros compiled out audacity's telemetry), or they can directly fork it.

There is no need to worry about vendor lock in to a proprietary ecosystem, because the option to exit is always there.

[-] moonpiedumplings@programming.dev 2 points 22 hours ago

randomise your web interface port

Randomized interface ports change nothing except for stopping automated scanners. They don't really help. Just lock it behind ssh, physical access or similar, and then never worry about it again.

Yeah only if you enable their cloud api

No, all of the local web interfaces have had problems too. Literally every router or network appliance has had similar issues.

ts not an isp or consumer router

ISP, consumer, and enterprise routers have all the same issues due to the same architecture. All of them.

have also pen tested my router remotley.

Me too. But it's just not about my router being secure today, it's about it being secure tomorrow. I want to be able to rest easy knowing that if a new vulnerability appears in xyz component then I don't have to worry about it.

[-] moonpiedumplings@programming.dev 3 points 22 hours ago* (last edited 22 hours ago)

Every issue with tp link has been. You need to have acces to the router physically to implement.

Come on, this is not true and you know it. Finding a counterexample was easy:

https://www.anavem.com/en/news/cybersecurity/tp-link-patches-critical-router-flaws-enabling-rce

Auth bypass + auth rce flaw. Literal remote code execution, instant own.

The problem with network appliances/routers is that they all have web ui's, and management api's or something of the sort. Web UI's are extremely complex services, with lots of difficult to secure attack surface. In a router, that attack surface is now running as root (because it has to be, to manage linux (or freebsd, routers are usually based on one of the two) kernel routing and networking.

So literally every single network appliance and router has had it's own critical vulnerabilities, even open source ones like openwrt.

The real solution here is to recognize that web interfaces are a security nightmare, and to either disable them or lock them behind ssh.

(Open)ssh, is known for having extremely few vulnerabilities, only 2.5 critical ones over it's 25+ years of existence. That's a big difference compared to some of these network appliances/routers which have 2+ critical vulns every quarter.

I'm so tired of news articles that hype up fairly mundane stuff, acting like it's the next big bomshell.

In addition to that, by misrepresenting what is happening, it's literally actively harmful to consume this kind of news, which is so common on the cybersecurity news cycle.

Yet another cyberslop article.

Not really. Immutability can be overriden by root, who can then edit files.

And in addition to that, /etc/, system config files, including pam files mentioned here, are not immuable even in immutable distros.

SIX. SEVEN.

Frantically does hand gesture

Yes this is the best way.

On Linux I've never had to install drivers for any printers, it comes with a "generic" driver that works for a ton of brands,

[-] moonpiedumplings@programming.dev 6 points 3 days ago* (last edited 3 days ago)

This is not the same. The AUR was a supply chain attack, where good packages where replaced with malicious one's.

Nix is better at stopping things like that from happening, becuase they have a monorepo, where most package updates or changes are reviewed by another person. The AUR is just a collection of individual git repos (or branches), where each maintainer can make updates or changes with no oversight.

26
43

I can't find the source code for this, I am posting here to save it to remind myself to search later.

525
This site is so much fun (programming.dev)

Other fun answers:

This site is: https://youraislopbores.me/

This site is a "fake chatgpt" where you can pretend to be chatgpt or ask questions to people pretending to be chatgpt.

31

Phone game that measures how high you can throw your phone into the air...

25
29
submitted 2 months ago* (last edited 2 months ago) by moonpiedumplings@programming.dev to c/linux@programming.dev

It was fairly easy. I used rustic to back up my entire home directory to a USB flash drive.

The trick is to ensure that all applications (except KDE) are closed. Firefox, for example, really hates if you try to actively sync or copy over it's profile directories while it is running.

And then I also nuked my podman user data. (podman system reset). Podman sometimes makes the ownership of it's files weird, but also the container images take up a lot of space that I don't really care about actually backing up. It's okay if those aren't on the new laptop.

Then I backed up to the usb flash drive:

rustic init -r /path/to/repo — this will prompt you for a password

rustic backup -r /path/to/repo /home/moonpie

One cool thing about the backups is that they are deduplicated and compressed. So I backed up 120 gb of data, but it was compressed to 80 gb.

restic snapshots -r /path/to/repo

The snapshots are deduplicated as well. Data that doesn't change between snapshot versions, doesn't take up any extra space.

rustic restore -r /path/to/repo snapshotid /

The / is needed because rustic restores to paths underneath the thing. It gave me a bunch of permission errors about not being able to read stuff not in my home directory, but eventually it restored all of my data.

And then yeah. All my data. Except Wifi passwords, which I had stored as unencrypted for all users, because I didn't like having to unlock the KDE wallet to get to Wifi passwords when connecting. I had (and have) LUKS encryption so I didn't worry about that too much. But it means that data not in my home directory was not copied over.

It was surprisingly smooth, and now I have all my data and firefox profiles and stuff on the new machine.

27

Finally I can doomscroll books

27
submitted 3 months ago* (last edited 3 months ago) by moonpiedumplings@programming.dev to c/linux@programming.dev

As usual, phoronix is full of trolls. I was surprised to see only 17 comments, but perhaps that's because I viewed this very early. A highlight from the first page:

Everyday we stray further from GNU, POSIX, C, X11 and now SysVinit. 80s are over. Party is over. Wake up. It's 2026. Adapt or perish in irrelevance. Future is bright and is inevitable. Long live systemd, Wayland, Rust, Gnome and atomic and immutable distros.

Given the way this covers Systemd, SysV, and AI agents, and the way that I see trolling on the first page, There is a very real chance this could be one of those legendary Phoronix threads that manages to hit the 500 comment limit.

EDIT: more relevant threads: https://www.phoronix.com/linux/systemd

31
Incus 6.22 has been released (discuss.linuxcontainers.org)

Youtube video: https://www.youtube.com/watch?v=xrIFL7wSRw4

I am excited about the changes to incus-migrate that allow for direct importation of a remote qcow2 or vmdk. Although many people distribute vmdk's zipped or in tarballs, but it's still a cool feature.

view more: next ›

moonpiedumplings

joined 2 years ago