moonpiedumplings
Firstly, this blog is mostly SEO spam and is probably one of the worst written articles I've ever seen. The article itself is more keywords than content. Even the headline is garbage, persisting after reboots is a normal feature of almost all most malware types, including rootkits. In fact, I'd say a lot of cybersecurity blogs are like this, hyping up mundane malware that presents no special threat for the clicks.
But I'll break this down anyways.
The first bit about the dynamic linker, means doing things like restricting the files an app has access to, in order to prevent manipulation of how code libraries and modules are loaded, in order to prevent the injection of a malicious library. This can be done within the system, and often is by default, like how sudo refuses to load libraries it doesn't like.
The second bit is literally just recommending you require a password to do admin things. Of course, there's a lot more nuance to it. Access controls, controlling what user on a system has access to what can become a lot more fine grained, but for the kinds of malware that these articles report on, an admin password will stop them.
me too :(
But I got lucky and managed to avoid looking at all except the first.
Decentralized in theory, but not in practice is just centralized.
Also:
So how challenging is it to run those? In July 2024, running a Relay on ATProto already required 1 terabyte of storage. But more alarmingly, just a four months later in November 2024, running a relay now requires approximately 5 terabytes of storage
Reminds me of https://github.com/cgsdev0/bash-stack
Made by this twitch streamer: https://m.twitch.tv/badcop_/home
Firstly, you may also be interested in: https://containerssh.io/v0.5/
This is a similar software, but maintained. However, it doesn't look like you limit networking with the Docker backend, beyond a simple on/off.
An even simpler solution, is to have the the ssh entry command not be the usual shell command (/bin/bash), but rather a command that starts a shell within a container. So something like:
podman run -it --rm -v "-v /HOST-DIR:/CONTAINER-DIR" docker.io/library/debian:bookworm bash would create a shell inside a short lived debian container (that is deleted upon disconnect) where a host directory is mounted inside the container.
As for mysecureshell, I would assume that since it is in the Ubuntu repos, it is still being maintained. But it's possible, since it is unmaintained that there are unknown security vulnerabilities or other issues, but:
It’ll just be for half a dozen friends for when I want to give them larger files, or if I want them to send me full-resolution photos.
If it's just for your friends, it may be okay to use a less secure solution if you trust them.
As an alternate solution: since you are looking for some sort of file searching, perhaps you could host an app explicitly designed for that, like Seafile or Nextcloud.
Yaml is a data storage format
I have literally never seen yaml used as a data storage format, only as a configuration language. Ansible, Kubernetes, Home manager, netplan, and many, many other examples of yaml as a configuration language, but I cannot think of an example of yaml as a data storage format off the top of my head.
Given the:
package {
name my-pkg
version "1.2.3"
dependencies {
// Nodes can have standalone values as well as
// key/value pairs.
lodash "^3.2.1" optional=#true alias=underscore
}
On the README of the KDL Github, it looks like KDL has a similar goal to be a configuration langauge, rather than a data storage format.
I don't see anything about turing completeness or programmatic capabilities in their github. Any language that doesn't have the programmatic abilities will inevitably get them hacked on when someone needs them, like what happened to yaml a bunch of times for a bunch of different software. This is one of people's many frustrations with yaml, the fact that doing a loop, an if statement, or templating, is different for every single software that uses yaml. Even within Kubernetes, there exists different ways to do templates.
I would much rather see the language consider those things first, then see it repeat one of the biggest mistakes of yaml. This is why I am more eager for things like nickel, or even Nix as a configuration language, and am skeptical of any new standard that doesn't have those features.
See also: noyaml.com
I personally like yaml though. Although I won't deny it can be hellish to write without a linter, it's just like any other language with tab autocomplete and warning for sus things if you have the right software set up.
I used the ansible and kubernetes VSCode extensions, and I really like them both. With the kubernetes one, you can just start typing the name of the resources you want to create, and then press tab, and boom, a template is created.
I would much rather see something like Nix be the norm, but I find Nix very frustrating to edit because the language servers for it are nowhere near as developed.
The whole point of open source was that you can see the code and the commits. We don’t need to trust anybody. I feel like banning contributors is just contradicting one of the key benefits of open source.
You are misunderstanding why the sanctions happened. It has nothing to do with whether or not the individuals working at those entities are trustworthy or not.
The Linux Foundation is an institute of the United States. The United States has demanded that entities within their jurisdiction, like the Linux Foundation, follow sanctions, and cut contact and interaction with sanctioned entities.
Because the Linux Foundation doesn't want to be punished or pay fines, they follow those sanctions. Nothing to do with trusting the individual contributors or corporations.
What would you do about people who… lie online about where they work?
This is probably what happened. The contributors went home, to their personal emails, and the world kept spinning and no one looked twice.
Well, I can't read I guess.
At least I linked to the code, since the article doesn't seem to do that. The twitter thread it linked to probably does, but I can't view the replies without logging in.
Here's a fun fact not noted in the article: Temporary files in sqlite are named etilqs_something in order to prevent people from contacting the sqlite developers for support when other applications (specifically, McAfee) have decided dump and not prune temp files.
Source: https://github.com/sqlite/sqlite/blob/95f6df5b8d55e67d1e34d2bff217305a2f21b1fb/src/os.h#L57
Source: https://0x2121.com/7/Lost_in_Translation/
Alt Text: (For searchability): 3 part comic, drawn in a simple style. The first, leftmost panel has one character yelling at another: "@+_$^P&%!. The second comic has them continue yelling, with their hands in an exasperated position: "$#*@F% $$#!". In the third comic, the character who was previously yelling has their hands on their head in frustration, to which the previously silent character responds: "Sorry, I don't speak Perl".
Also relevant: 93% of paint splatters are valid perl programs
