On the ISS missions the astronauts have a weight allowance that they’re allowed to take. It may be the same case here.

Big Cleveland out here trying to fool us again. There’s nothing north of Mississippi, so they say.

I went into my bathroom and it was full of electromagnetic radiation and 5G. Checkmate, atheists

I grabbed a few all-in-one desktops from an office that was upgrading to Windows 11.

I loaded it up with a nice 1TB retroarch image with bunch of ROMs and gave them to the nieces and nephews.

Pre-windows 11 hardware is great for repurposing with Linux, there’s just so much available thanks to Microsoft.

What is the security hole in systemd?

You haven’t answered this.

systemd-tmpfiles exists to delete inactive files in /tmp. That’s not a security flaw, that’s system maintenance. It’s the documented purpose of systemd-tmpfiles and it performs exactly was documented.

The security hole is in snap-confine which does not verify that its own directory is owned by root before mounting it AS ROOT. That’s the security hole.

So, again, what is the security hole in systemd?

If you don’t have an answer then just say so. Resorting to name calling and trying to frame this as if I’m the irrational one is absurd.

It seems like a lot of these pop-up proprietary projects are failing to diagnose the problem with Discord, namely the centralized control.

It’s like people leaving Twitter for Bluesky… it doesn’t actually change the situation. We’ve just created a new centralized service with a different group of people who can change things on a whim as it suits their financial goals.

There is no systemd flaw here.

snap-confine creates /tmp/.snap owned by root.

systemd-tmpfiles can delete this directory because it also has root privileges. It will do so if the directory is inactive for, by default, 30 days. Files can be excluded from this by adding a .conf file to /etc/tmpfiles.d/, snap-confine does not do this.

Because the files are not excluded they will be deleted. systemd-tmpfiles can do this because it is running as root.

Once they are deleted a USER can recreate /tmp/.snap with malicious code.

snap-confine never verifies that the directory is owned by root, and performs its security checks before its privileged file operations, creating a race window. Because snap-confine is setuid root, it then bind-mounts files from the attacker-controlled /tmp/.snap into the snap sandbox’s filesystem, allowing an attacker to execute arbitrary code as root.

What is the systemd-tmpfiles flaw? It does exactly what it is supposed to do, and it provides a means to exclude directories from its process. snap doesn’t configure systemd to ignore the directories and it doesn’t perform appropriate checks on the directory’s ownership.

LUKS

https://www.thelinuxvault.net/blog/how-to-use-a-file-as-a-luks-device-key/

https://wiki.archlinux.org/title/Dm-crypt/Device_encryption

Anyone who does that will find themselves quickly out of business and bankrupt from lawsuits.

The headline is a fantasy, it’s a tool that augments professionals in some situations. It doesn’t replace them.

Let them eat cake

Letting your users get hacked just to own the AIs is certainly a strategy.

Nice! I’m glad you were able to figure it out :)

Systemd is the worst init system except for all of the others.

Think of all of the job it would create, creating tax revenue in the tens of dollars.

I understand the process, I simply have not seen a single fork that has any kind of traction or support outside of the individual running the repository.

The people who are making a big deal out of this are not the same people who have both the technical capability and willingness to take on a project as big as systemd.

At best someone will create a script that deletes the lines from userdb and a user can run that and then compile and install systemd themselves.

This is not the kind of technical disagreement that leads to actual forks. This is a flash point of outrage that will disappear as these people move on to new topics.

Any one serious about fighting Age verification laws are politically aware enough to understand that it is laws and politicians that need to be changed and not optional JSON fields.

Popular is supposed to be the highest activity subreddits. If you keep scrolling you’ll only see older posts from the same set of subreddits. r/all is all the subreddits sorted by popularity, if you keep scrolling you see lower and lower upvote counts.

Your home feed is your subscribed subreddits.

I live in a tiny old, tumbled down house with great holes in’ err roof.

I guess I should have said ‘and not on any device required for the mission’. The PCDs are personal devices for the individual’s business and convenience.

They are for things like e-mailing, looking at mission manuals and accessing the Internet. They’re not involved in the operation of the Integrity. All of the mission-critical systems that operate the ship are purpose-built.

But NASA doesn’t need to re-invent the wheel when it comes to e-mail and PDF reading, so they buy commercial hardware because it’s way cheaper, it works well enough and if it fails it doesn’t compromise the mission.

The tablets are a convenience, not a requirement and so being commercial off the shelf means it’s cheaper and it works well enough than what purpose-built hardware and software.

If every tablet died, the mission would proceed without pause. Except the astronauts would be checking gauges instead of looking at a system monitor on their tablet and not sending as many e-mails.

What you really want to do is to use a custom mechanical keyboard with QMK firmware so you can spend $500 to remove the capslock key from your key layout.

It will also save you room in your .bashrc file (SSDs are not cheap, ya know).