Context, man.
If you’re looking for something, use more words. If you’re x11/Wayland trolling, this is weak.
- 0 Posts
- 246 Comments
Joined 2 years ago
Cake day: June 16th, 2023
You are not logged in. If you use a Fediverse account that is able to follow users, you can follow this user.
22·2 days agoSure, but if the compromise stays within its own app, like for a browser, sandboxing won’t help.
The bulk, and I mean like 95% of the compromises I see are normal employees clicking on things that “look legit”.
Excel is now wrapped in a browser. Discord, almost all work apps are all wrapped in a browser. So you can be completely locked down between apps like grapheneos, but if you are choosing to open links, no amount of sandboxing is going to save you.
This is why we deploy knowbe4 and proofpoint, cause people are a liabilities, even to themselves.
Sure, but op chose to follow a link. You can be sandboxed to high heaven and still get pwned if you make choices like that. Discord is particularly rife with this.
OK, I’ll bite… How exactly?
Yep.
I was hoping not to sound too harsh, I’ll have to work on that.
Unbelievably poor taste.
You aren’t going to like this:
Because if you got yourself pwned by a malicious link in discord, your account highjacked, etc., then having discord in a vm, container, chroot, jail, or whatever won’t help you on the server-side api abuse that got you pwned. In this case, you yourself should have been more vigilant.
From your article, and with respect, I think its nice you’re thinking more about security, but you’re mixing up quite a few concepts, and you should probably make smaller moves toward security that you actually understand, instead of going all-in on qubes with only a vague concept of the difference between sandboxing and paravirtualization.
The idea itself is fine (not getting into how not cool it is that a vendor holds the key to your bitlocker-encrypted disk once secure boot is turned on).
But so is WEP for WiFi, but no one uses that anymore because it’s considered compromised.
some are
65% of all TPM keys is “some”, I suppose. But that’s not the issue. Keys leak, it happens. The more troubling part is that Microsoft will cheerfully use the leaked key on your affected TPM and you’ll get the “safe” check mark in your next audit.
And this was warned about in 2011 when it started rolling out.
As for FUD, I don’t have a “fear” angle here. I can’t tell you how to live your life, use secure boot if you feel safe doing so.
I don’t understand… Your motivation for a secure operating system was from an incident where you were nearly social engineered? How will a “more secure” os help you with that?
21·4 days agoEntendre les memes arguments contre le Français au Canada hors-Quebec pour 50 ans.
If everyone has a copy of my passwords and authenticator keys, that wouldn’t suddenly make 2 factor auth a compromised idea.
Not sure how this relates. If you’re saying it was a good idea at the outset, then sure… If the keys hadn’t almost all been leaked by AMI and Phoenix. MS was supposed to have created a Microsoft Certified hardware vendor program for this, which fell apart pretty quickly.
Secure Boot is a joke, both practically (there are many, many tools in use to bypass it) and in my professional circles, it is considered obsolete like WEP. My audit controls for Secure Boot demand that an endpoint management solution like InTune is deployed.
You don’t have to take my word for it, obviously. I’m not trying to tell you how to live your life.
No, it doesn’t.
In Canada, housing coops get grants and tax exemptions to get major capital projects done, even more to start one. Governments like coops because they ease social housing burden.
The reason they aren’t more popular is that a developer can’t extract nearly as much profit from building them vs private builds.
I know this because I ran the board of a co-op for almost a decade.
Secure Boot keys are considered compromised.
If you are recommending secure boot as a security measure, you should stop doing so.
Nice, and good job.
With respect:
- You are describing the init process, after the boot stuff is done. Not sure if you meant that or not.
- vmlinuz is the bootable kernel image distinct from the kernel itself. It contains the compressed bootable ELF kernel image (which itself contains bvmlinuz) and gzip decompress function, bsetup code, bbootsect system.map, and a handful of commands for the kernel image to bootstrap itself.
- Kernel space doesn’t stop once user space is allocated memory and initialized, they both run at the same time. Maybe I read that wrong, but it didn’t seem right to me.
I want to be careful here not to discourage you, this is great exploration!
I realize I’m handing out unsolicited advice here, but when I was first learning about Unix/Linux kernels in the Solaris and HP/UX days, the thing that helped the process “click” for me was compiling a kernel and building an ELF. And if you’re going to continue on this journey (which I hope you do), you should probably read a bit on memory segmentation and broadly about assembly instructions.
Good luck!
Your find statement is not creating a variable “file” because it’s missing the first part of the for loop. This:
find ./ -type f \( -iname \*.jpg -o -iname \*.png \) | while IFS= read -r -d '' file; doshould be this:
for file in "$(find ./ -type f \( -iname \*.jpg -o -iname \*.png \))"; doHowever, the above command would find all files in current and subdirectories. You can just evaluate current context much more simply. I tested the below, it seems to work.
#! /bin/bash echo "This script will rename all files in this directory with unique names. Continue? (Y/N)" read proceed if [[ "$proceed" == "Y" ]]; then echo "Proceed" for file in *.{jpg,JPG,png,PNG}; do echo "in loop" echo "$file" dir=$(dirname "$file") base=$(basename "$file") echo "'$dir'/'$base'" new_name="$dir/$(uuidgen -r)" echo "Renaming ${file} to ${new_name}" #mv "$file" "$new_name" #uncomment to actually perform the rename. done echo "After loop" else echo "Cancelling" fiYou could also find matching files first, evaluate if anything is found and add a condition to exit if no files are found.
Edit: who the fuck downvoted this, it literally works and the for loop was the issue.
Are you just reverse-engineering this for fun, or are you trying to learn how qemu builds on a bootstrap?
Understandable. Real estate and law can be obscure topics.
TPM is great on paper, but in practice, there was little planning to ensure that cryptographic keys would be safeguarded by hardware manufacturers, and that’s exactly what happened. Now TPM is considered weak as a means of securing data.
There is a big difference between Title and Fee in Canadian property law. And most of us hold the fee to our property, not the title.
So even the headline of this article starts off badly.
I just tried a few fonts on my old Kobo, as I’ve done a few times here and there, and I always end up back with a serif font. I’m not sure why, but I have suspicion that reading paperbacks and newspapers before ereaders existed has trained me to read faster with serif fonts.