I know several large companies looking to Microsoft, Xen, and Proxmox. Though the smart ones are more interested in the open source solutions to avoid future rug-pulls.
So perplexity can kind of weakly analyze the first few pages of small file size pdfs one at a time, but I'd love to have something that would allow me to upload several hundred research papers and textbooks that could then be analyzed for consensus and contradictions and give me more meaningful search results and summaries than...
2009 era was also when Intel leveraged their position in the compiler market to cripple all non-Intel processors. Nearly every benchmarking tool used that complier and put an enormous handicap on AMD processors by locking them to either no SSE or, later, back to SSE2.
My friends all thought I was crazy for buying AMD, but accusations had started circulating about the complier heavily favoring Intel at least as early as 2005, and they were finally ordered to stop in 2010 by the FTC... Though of course they have been caught cheating in several other ways since.
Everyone has this picture in their heads of AMD being the scrappy underdog and Intel being the professional choice, but Intel hasn't really worn the crown since the release of Athlon. Except during Bulldozer/Piledriver, but who can blame AMD for trying something crazy after 10 years of frustration?
On a server, it allows you to track who initiates which root season session. It also greatly minimizes the attack surface from a security perspective to have admin privileged accounts unable to be remotely connected to.
Separate ssh keys for the user and the admin? Yeah, see point 2, admins should not be remotely accessible.
Really? How, exactly? Break the ssh key authentication? And wouldn’t that apply to all accounts equally?
Keys aren't perfect security. They can easily be mishandled, sometimes getting published to GitHub, copied to USB drives which can easily be lost, etc.
Further, there have been attacks against SSH that let malicious actors connect remotely to any session, or take over existing sessions. By not allowing remote access on privileged accounts, you minimize risk.
Forcing a non privileged remote session to authenticate with a password establishes a second factor of security that is different from the first. This means a cracked password or a lost key is still not enough for a malicious actor to accomplish administrative privileges.
A key is something you have
A password is something you know
So, by not allowing remote privileged sessions, we're forcing a malicious actor to take one more non-trivial step before arriving at their goals. A step that will likely be fairly obvious in logs on a monitored machine.
I strongly disagree with your premise. Separating authentication and privilege escalation adds layers of security that are non-trivial and greatly enhance resilience. Many attacks are detected and stopped at privilege escalation, because it happens locally before a user can stop or delete the flow of logs.
If I get into your non-privileged account I can set up a program that acts like sudo
No you cannot. A non privileged user doesn't have the access necessary to run a program that can accomplish this.
And even if they do it’s too late anyway because I’ve just compromised root and locked everybody out and I’m in there shitting on the filesystems or whatever. Because root can do anything.
Once again, you didn't privilege escalate, because once you have a foothold (authentication) you don't have the necessary privileges, so you must perform reconnaissance to identify an exploitable vector to privilage escalate with. This can be any number of things, but it's always noisy and slow, usually easy to detect in logs. There is a reason the most sophisticated attacks against well protected targets are "low and slow".
And if I can’t break into your non-privileged account then I can’t break into a privileged account either.
You're ignoring my points given regarding the risks of compromised keys. If there are no admin keys, there are no remote admin sessions.
These artificial distinctions between “non-privileged” and “superuser” accounts need to stop. This is not good security, this is not zero trust. Either you don’t trust anybody and enforce explicit privilege escalation for specific things, or just accept that you’re using a “super” paradigm and once you’ve got access to that user all bets are off.
Spoken like someone who has never red teamed or purple teamed. Even admin accounts are untrusted, given only privileges specific to their role, and closely monitored. That doesn't mean they should have valid security measures thrown away.
That's called 'privilege escalation', and replacing system level calls with user level calls is closely watched for and guarded against with many different security measures including SELinux.
You've already outed yourself multiple times in this thread as someone who doesn't understand how security in the real world works. Take the L and try to learn from this. It's okay not to understand something. But it's very important to recognize when that happens and not claim to understand better than someone else.
They even literally have a section of the article that says they "see Fair Software as an alternative model to the free and open source software model", and they think it's superior because the "developers can profit".
Newsflash: the developers usually see fractions of those cents while most of the money goes to the management and shareholders of the company that employs them. Hmm, doesn't seem fair to me.
Also, developers can and do profit from FOSS in many ways, but the most popular models are with commercial support, SaaS offerings, and additional functionality (like providing a web interface, clustering manager or other external piece of the puzzle to solve the problem at scale in enterprise).
Like you said so succinctly: propaganda website to make rug pullers like Elastic and Hashicorp look better.
The Verge published this spam article about the "best printers of 2024" to demonstrate how terrible Google's search results are. It now appears as the top non-sponsored post if you search "best printer" on Google....
The recommendation to shareholders from the independent advisor who proxies Boeing is to vote out several board members who are responsible for safety and QA. Crazy to see at a Fortune 100.
MRSA infection following hospital admittance for Pneumonia. That shit is serious and way more prevalent than people think, it's just that it usually kills people who are already terminally ill.
Unlikely to be an assassination. But not impossible. Either way, looks very bad.
I cannot stand google news any more, too much spam, clickbait and advertisement. So I decided to try to selfhost an RSS aggregator to make myself a news feed that I would be comfortable with. Being RSS such an "ancient" thing I thought there will be many mature systems, but I'm not sure that's the case.....
I use FreshRSS. Can't say I love the interface, but with the open and standardized API, there are dozens of beautiful front ends to choose on any device.
On android, I've had trouble with adguard.dns constantly kicking my phone off my wifi. It did great with blocking ads everywhere, but I'm done with reconnecting so often, and I have less data available on my phone plan these days to fill in....
No no you don't understand. The evil corporate overlords abused their power to force a choice on a developer, even though that choice was objectively the right choice and the developer was throwing a tantrum.
This is truly awful. We must not let evil corporations, no matter their credentials, expertise, and decades of beneficial partnership with open source, tell immature and short sighted developers how to develop.
Accurate, but not bad, yes. It turns out standardized base systems and ABIs are important to an ecosystem.
Linux tried the disorganized free-for-all for two decades, and what we got was fragmented "Ubuntu admins", "debian admins", "redhat admins", "suse admins", and a whole shitload of duplicated effort in the packaging ecosystem, only for half the packages out there to be locked to Ubuntu or RHEL. So the corporate interests, and a fair number of the community efforts, centralized their problems and solutions into a small standardized suite in Mesa+Wayland+systemd+Pipewire+flatpak, etc
The result is a ton more interoperability, a truly open ecosystem where switching your distro doesn't mean hiring different people and using different software, and a lot more stability and maturity.
And hey, if a user or distro wants to do their own thing, they can make and own their niche, same as before. Nothing lost.
It's been kind of wild to watch over the past 15 years or so, makes me very hopeful for the next 15.
Have you heard about this wild theory? Apparently George Lucas ripped a Spanish movie for the original Star Wars and later buried it, like, he bought every existing copy of the film and destroyed it....
Quora is trash, but this thread has a breakdown of many of Lucas' "inspirations", which show he was always happy to directly copy other's art. Most of it is hilariously blatant.
It looks a lot like VMware just lost a 24,000-VM customer • The Register ( www.theregister.com )
LLM queries for personal pdf libraries?
So perplexity can kind of weakly analyze the first few pages of small file size pdfs one at a time, but I'd love to have something that would allow me to upload several hundred research papers and textbooks that could then be analyzed for consensus and contradictions and give me more meaningful search results and summaries than...
The decline of Intel.. ( www.arktrek.shop )
Homeworld 3 Reviews [opencritic - 80% average, 79% recommended] ( opencritic.com )
Systemd Looks to Replace sudo with run0 ( news.itsfoss.com )
TIL: FairCode is the software model Redis, ElasticSearch, etc. use ( faircode.io )
Fair-code is not a software license. It describes a software model where software:...
The Verge shows how Google search is useless ( www.theverge.com )
The Verge published this spam article about the "best printers of 2024" to demonstrate how terrible Google's search results are. It now appears as the top non-sponsored post if you search "best printer" on Google....
Is Boeing in big trouble? World's largest aerospace firm faces 10 more whistleblowers after sudden death of two ( www.hindustantimes.com )
Which RSS aggregator do you use? I cannot seem to find one that works for me.
I cannot stand google news any more, too much spam, clickbait and advertisement. So I decided to try to selfhost an RSS aggregator to make myself a news feed that I would be comfortable with. Being RSS such an "ancient" thing I thought there will be many mature systems, but I'm not sure that's the case.....
What DNS address do you recommend to replace adguard.dns?
On android, I've had trouble with adguard.dns constantly kicking my phone off my wifi. It did great with blocking ads everywhere, but I'm done with reconnecting so often, and I have less data available on my phone plan these days to fill in....
Freenginx: A Fork of NGINX ( thenewstack.io )
systemd Rolling Out "run0" As sudo Alternative ( www.phoronix.com )
18+ George Lucas did whaaaat??? ( youtu.be )
Have you heard about this wild theory? Apparently George Lucas ripped a Spanish movie for the original Star Wars and later buried it, like, he bought every existing copy of the film and destroyed it....
Western allies receive increasingly 'sobering' updates on Ukraine's counteroffensive: 'This is the most difficult time of the war' | CNN Politics ( edition.cnn.com )