ditto
kiwifarms.net
- Joined
- Aug 17, 2019
Linux file permissions explained for Zoomers
Back in my day we did file permissions in octal and we liked it
Back in my day we did file permissions in octal and we liked it
The Linux Thread - The Autist's OS of Choice
- Thread starter tehpope
- Start date
- Joined
- Jul 4, 2022
And then there is selinux, I still can't get my head around it.
It sounds great in theory, a text editor shouldn't be able to connect over the network and download a file to execute, but setting up rules for everything is pretty painstaking.
ditto
kiwifarms.net
- Joined
- Aug 17, 2019
OpenBSD does it right with the pledge syscall which lets programs declare their resources and drop everything else.
SELinux was built by the NSA for their purposes so I'll never trust that.
- Joined
- Jan 5, 2015
Speaking of KDE, I set up a Debian Sid VM and gave the Trinity Desktop Environment a spin. Immediately I realized what I had done and installed like 800+ different programs at once and now it felt like I was using a prearranged distribution. Way, way too much default applications. I didn't realize there was a base that could leave out most of the bloat, but holy shit, it was giving current versions of KDE and even GNOME a run for their money.
Well, it "works" as a nostalgia bait, and that's all I get from TDE at this juncture. The Konqueror browser is one of the most pointless additions because it can barely pull its own weight for the most basic tasks, and I do not know of it'd be safe to remove.
Well, it "works" as a nostalgia bait, and that's all I get from TDE at this juncture. The Konqueror browser is one of the most pointless additions because it can barely pull its own weight for the most basic tasks, and I do not know of it'd be safe to remove.
Last edited:
- Joined
- Aug 17, 2022
@ditto - I'm fairly certain that's the one legitimate use of octal in the entire universe
@Another Char Clone - just use Docker, it's pretty much superseded SELinux for sandboxing shit
@Another Char Clone - just use Docker, it's pretty much superseded SELinux for sandboxing shit
- Joined
- Jan 28, 2018
SELinux is so overtly complicated that that is an attack surface by itself. I was always a follower of the philosophy that good security needs to be dead simple, so that there can be no misunderstandings and so that there's also precious little room for bugs.
I have the feeling many of these mandatory access control features of the kernel have fallen out of favor in favor of namespaces, probably because they're easier to set up, cleaner and also have other uses besides security. I used to use Tomoyo for a while as it was the simplest of the MAC there is, it still was pretty complicated vs. a tool like bwrap. Performance also was kinda poor.
I still think Docker is painfully overcomplicated garbage and like half the people that offer Docker containers don't have any idea what they're doing and it shows, though.
I have the feeling many of these mandatory access control features of the kernel have fallen out of favor in favor of namespaces, probably because they're easier to set up, cleaner and also have other uses besides security. I used to use Tomoyo for a while as it was the simplest of the MAC there is, it still was pretty complicated vs. a tool like bwrap. Performance also was kinda poor.
I still think Docker is painfully overcomplicated garbage and like half the people that offer Docker containers don't have any idea what they're doing and it shows, though.
- Joined
- Jul 4, 2022
I discovered unshare(1), even more lightweight. Fake chroot, fake PIDs, fake UIDs, network sandboxing, it's great when you the app you want to run is already installed as a regular program, no need to download gigabytes of runtimes. I have selinux running on my gentoo in permissive mode, so the logs are more for debugging why something is behaving retarded more than as security.
unshare(2) is sort of the Linux version of BSD, sadly I don't use BSD due to lack of hardware support, its already tough with Linux.
- Joined
- Jul 4, 2022
Bug #1996682 “racist, misogynist, homophobic, fascist content in...” …
archived 18 Nov 2022 13:52:27 UTC
Offensive package has offensive humor, I'm shocked I tell you, shocked!
- Joined
- Aug 17, 2022
That's an interesting point, I'd not considered that before. It's a bit like Windows' ACLs: sounds great in theory, far too complicated in practice.
Hard agree. I like Docker, but only because I can put my own Gentoo instance in there and tweak it how I want. I wouldn't trust anyone else's container.
- Joined
- Sep 27, 2022
Oh they can fuck off.View attachment 3890181Bug #1996682 “racist, misogynist, homophobic, fascist content in...” …
archived 18 Nov 2022 13:52:27 UTCarchive.ph
Offensive package has offensive humor, I'm shocked I tell you, shocked!
Glad I've got copies of old packages still.
- Joined
- May 23, 2022
Your archive missed the essential last two replies:View attachment 3890181Bug #1996682 “racist, misogynist, homophobic, fascist content in...” …
archived 18 Nov 2022 13:52:27 UTC
Offensive package has offensive humor, I'm shocked I tell you, shocked!
- Joined
- Jan 28, 2018
Namespaces! I use bwrap and some scripts to basically rip programs out of linux distributions and run them in subdirectories "the windows way" where an easy rm -r can get rid of them and also their dotfiles get put somewhere where they don't clutter $HOME. This allows me to maintain my own base without having to agree to decisions by tranny distro jannies like in that post about no-no words in fortune up there but still use complex software without having to compile it myself. Made me give up on gentoo which has been marred with bad decision making in the last few years in favor of running my own KISS fork. It's also good for things like e.g. Firefox doing an absolutely ludicrous amount of writing to it's profile files and battering my drive, so this also allows me to put them into a tmpfs first.
I've been steadying myself to become a *BSD refugee for years by now and switched over to a lot of BSD tools. I even use ksh. I made the same experience though, every time I get my hands on a new system I get that tinge to maybe switch with that system to a *BSD and every time I come back with the realization "as long as I like using the network hardware or GPU, it's not an option" Really sucks and I don't blame them at all for the absolutely 0 support they're getting compared to even Linux, but that's them breaks. If I will live to see it, I guess the day that'll finally push me over is Linus dying/retiring/getting canceled and the corpos (through their useful idiots the trannies) taking the kernel over completely. they're 4/5 there already as is. I'll just do then what I did with Linux many years ago: Buy hardware with the express goal of running *BSD on it.
- Joined
- Nov 21, 2020
- Joined
- Aug 17, 2022
View attachment 3890181Bug #1996682 “racist, misogynist, homophobic, fascist content in...” …
archived 18 Nov 2022 13:52:27 UTC
Offensive package has offensive humor, I'm shocked I tell you, shocked!
From https://wiki.ubuntu.com/SteveLangasek:
About me
Name: Steve LangasekLocation: Portland, OR, US
Of course it's Portland. It's always fucking Portland.
- Joined
- Jan 5, 2015
- Joined
- Dec 28, 2014
People who abuse "bug" reports to whine about irrelevant bullshit that isn't a bug should be banned.
- Joined
- May 6, 2020
- Joined
- Apr 19, 2021
I simply chuck a couple WD Red 8tb in my cargo shorts every time I go out.
- Joined
- Nov 21, 2020
I'm apparently just using the Docker container these days, looks like Apache. Seems to work fine for all 1 of my users.
- Joined
- May 6, 2020
I've ran it on Apache well enough before, worked well for personal use. Just rebuilding some stuff now and have an opportunity to install everything from scratch. Trying to determine if nginx will be lighter on the CPU and RAM usage compared to Apache.