• 2 Posts
  • 112 Comments
Joined 10 months ago
cake
Cake day: January 25th, 2024

help-circle



  • Y’all need to get a word in with your representatives that what’s needed is legislation preventing budget bills from containing anything other than budgets.

    That would solve this problem real quick. It’s been sounding stupider and stupider using the budget meeting to force unpopular agendas down throats or else the government is held hostage.

    I think it would fit the bill if budgeting was held up over allocations, one side wants more border spending, one side wants more educational spending, etc, that would make sense but “allow us to attach this whole other unrelated law to declare the sky is actually green(which also contains a tag along that I get to be emperor), or nobody gets paid” is just ridiculous.





  • Sometimes it feels technology may doom us all in the end. We’ve got a rough patch in society starting now, now that liars and cheats can be more convincingly backed up, and honest folk hidden behind credible doubt that they are the liars.

    AI isn’t just on the path to make convincing lies, it’s on the path to ensuring that all truth can be doubted as well. At which point, there is no such thing as truth until we learn yet a new way to tell the difference.

    “They don’t need to convince us what they are saying, the lies, are true. Just that there is no truth, and you cannot believe anything you are told.”



  • One thing I can think of is an overzealous corporate security solution blocking or holding back your email purely for having an attachment, or because it misunderstands/presumes the cipher-looking text file to be an attempt to bypass filtering.

    Other than that might be curious questions from curious receivers of the key/file they may not understand, and will not be expecting. (“What’s this for? Is this part of the contract documents? Oh well, I’ll forward it to the client anyway”)

    Other than that it’s a public key, go for it. Hard (for me anyway) to decide to post them to public keychains when the bot-nets read them for spam, so this might be the next best thing?



  • The way I understand it, I think the real issue here is that Proton Drive should clear the sync state or identity when uninstalled. The identification of the PC should be unique to each install, so that when you reinstall it later it understands that it is now a “new” system needing to be reworked from scratch, and that the empty folder is awaiting initial download, not mass cloud deletion. Would that lead to multiple copies in the “Computers” backup section? Sure, but that can be a good thing too, or at least better than wiping the drive, and more easily remedied.




  • I enjoy it, but I feel like it’s something they could do more with and don’t.

    Maybe one day they’ll find other ways to sneak it into new content, like the Necramech. That was also interesting but underwhelmingly supported, and now they try to squeeze it into places to make it relevant. But it still feels like it needs….more.

    Oh, and who remembers Fish Team? I don’t even know if that feature got added, I avoid the Lich stuff.





  • Since you mention setup instead of any manual install screwery, I’d say root(uid 0) is still very real, you just didn’t setup any login for it. Every time you sudo (substitute-user-do), you(probably uid 1000) are running that command as root instead of you. In fact, just sudo -i and you are now “logged in” as root.

    Edit: Missed the context. Should still be useful info but you probably are not accidentally remoting into an account you never setup the login for.


  • Raspbian is sometimes a compromise between security and usability, because it is designed to go into the hands of new users. It also used to ship with a default “pi/rasberry” login hardcoded and IIRC permitted root password login over ssh. Things experience users change or turn off, but needs to start friendly for the rest, you know?

    By doing this, they can take a step in the right direction by separating the root and login user, without becoming annoying asking for a password frequently as a newbie copies and pastes tutorial commands all week.

    And as I said it’s unlikely, even very unlikely, but just not impossible. Everything comes with a risk, I just believe it’s up to you, not me, what risks mean in your environment. Might be you’d like to have the convenience on the home dev server, but rather have as much security as possible on a public facing one.

    Or maybe you’d like to get really dialed in and only allow specific commands to be run without a password, so you can be quick and convenient about rebooting but lock down the rest. Up to you, really, that’s the power of Linux.