Max_P

Max_P , 1 month ago

Still report as well, it sends emails to the mods and the admins. Just make sure it's identifiable at a glance, like just type "CSAM" or whatever 1-2 words makes sense. You can add details after to explain but it needs to be obvious at a glance, and also mods/admins can send those to a special priority inbox to address it as fast as possible. Having those reports show up directly in Lemmy makes it quicker to action or do bulk actions when there's a lot of spam.

It's also good to report it directly into the Lemmy admin chat on Matrix as well afterwards, because in case of CSAM, everyone wants to delete it from their instance ASAP in case it takes time for the originating instance to delete it.

Max_P , 1 month ago

That's fine to do once you've reported it: you've done your part, there's no value still seeing the post it's gonna get removed anyway.

Max_P , 1 month ago

Genuine political dissent would become logistically impossible, and virtual mob rule a certainty.

There's a major difference between political dissent and hate speech.

You can say: "I don't think transgender people should be allowed to choose which bathroom they go to", that just makes you a shitty person with no compassion. But if you say "If I see a trans women in the mens bathroom I'll beat them up out of there", that is very clearly hate speech and threats of violence.

It's not like it's hard to treat people with basic respect. You can disagree without resorting to hateful comments and threats and name calling. If you don't see the hate speech problem you're probably part of the problem because surprise, it's only conservatives you see online constantly spewing FUD and hate speech.

Max_P , 1 month ago

There are better "gaming" distros, but unless someone uses their PC exclusively for gaming, when it comes time to install other kinds of software for school or work or whatever, they're going to get thrown in the deep ends of Linux.

But guess what does have two decades of software and tutorials to set up just about everything in existence? Ubuntu, and by extension Mint.

Sure you can squeeze more out of your games with something like Bazzite, but the general platform that anything Linux-native targets is usually Ubuntu. Sure there's distrobox and stuff that's like telling the average gamer to go set up WSL. It's not hard per-se but the amount of things to learn increases very quickly.

Thus, even though Ubuntu is very average these days, it's still a safe bet for new users.

Max_P , 1 month ago

Probably not the best example in retrospect, since its only gotcha is that it's Fedora Atomic.

Mainly my point is if you Google "how do I install X" you'll get plenty of Ubuntu results out of the box, which when you're an overwhelmed newbie is very helpful. Like, if you start with nothing, you just kissed goodbye to your Windows 11 install, you dive head first into Bazzite and you've got Firefox, Discord and Steam going, everything feels good. Then you start looking up "how to install X on Linux", first you get a bunch of Ubuntu results, then you swap Linux for "bazzite", nothing because it's fairly new, but it's Fedora so you look into Fedora but you realize Bazzite is actually Fedora Atomic and it's a whole other way of installing things, maybe you just try running a .run or .sh file, or you give up and try to just make install from source but t̶h̴e̸ ̵f̸i̸l̸e̷s̸y̶s̷t̸e̶m̴ ̴i̶s̸ ̷r̷e̴a̴d̴o̷n̶l̷y̷ a̴n̵d̸w̷̪͊h̵̟̏y̴̻͛ ̸͉̒i̶͖͆s̸̪̎ ̸̗̏Ḷ̴͌i̶̞͑n̶̫͂u̵̯͋x̴͓͋ ̵͈̀ŝ̴̗o̴̱̒ ̴̭̎d̸̨͊a̷͙̽m̵̘̈ṇ̸̐ c̷͓͝ò̵̙m̵̲͛p̷̖̓ĺ̴̰ĭ̵̥c̵̰̽ă̸̩t̷͗ͅe̵͈̍d̵̻̃.

I would argue Ubuntu kinda sucks, but it sucks in a familiar windows-y kind of way where pretty much everyone knows how to fix it or make it work usually by blindly executing stuff. Not great, but it works, and it doesn't require much thinking. Ubuntu is pretty much the only distro you can find your way without caring what a distro is just by the pile of tutorials for Ubuntu or assuming Ubuntu. Case in point: Linus from LTT when he tried to apt install steam on Manjaro, after nuking his entire DE on Pop_OS using the same command. It's entirely his fault, but that's still a common and frustrating experience and they add up.

Same reason sometimes I just tell people honestly, just stick with Windows. Linux would be a good fit, it would be way better, but they're not willing or accepting of the learning curve. Sometimes you're just better sticking with what most people use, so everyone knows how to fix your problems.

Max_P , 1 month ago

The quality of what the community is doing vs what they shipped with NSO especially on launch is laughable.

Native OoT and MM on the switch would have been really sick. Instead they went with 90s level of emulator quality.

Max_P , 1 month ago

Have they tried building average, affordable condos instead of luxury condos?

All the new condo developments I've been seeing everywhere are more expensive than a townhouse nearby, and half the size of nearby apartments that are also half what the mortgage would be on a 1-2M fucking condo.

Pretty sure they can do away without the penthouse pool and hot tub and bring the price down, but it wouldn't be nearly as profitable for them so they won't.

Nobody is actually trying to help lower home prices because everyone's retirement plan depends on houses being unaffordable.

Max_P , 1 month ago

That, and they also either renovate in pseudo-luxery or build fairly luxurious condos in a world of HOAs going absolutely out of control and making sure you can't actually live in there even if you could afford it because your next door karen will file a noise complaint every time you flush the toilet.

Number of constructions I've seen actually designed to be affordable in the last couple years: zero. None. They all target rich people that could afford a normal house anyway.

Even new apartment buildings, the thing that people that can't get a mortgage get, is now also all designed for 3000+ monthly rents.

Property developers are greedy pigs.

Max_P , 1 month ago

Wordpress or some of its alternatives would probably work well for this. Another alternative would be static site generators, where you pretty much just write the content in Markdown.

It's also a pretty simple project, it would be a great project to learn basic web development as well.

Max_P , 1 month ago

That's the eternal cycle of social media. It starts nice and then it get flooded by MAGA extremists until it becomes a cesspool of hate and disinformation.

See: Facebook, Reddit, Twitter, TikTok is well on that path as well.

Max_P , 1 month ago

Fairly new to ham, what's nice to listen to during an aurora? Just funny noise bursts? Any antenna precautions so I don't fry my SDR?

Max_P , 1 month ago

Nothing hotter than a giant electric fleshlight whirring away as you get off.

I saw one in a sex shop, it looks like such a chore to get going and clean up afterwards. It's fucking huge too. Hands are so much easier to clean, and readily available anywhere anytime.

Max_P , 1 month ago

I route through my server or my home router when using public WiFi and stuff. I don't care too much about the privacy aspect, my real identity is attached to my server and domain anyway. I even have rDNS configured, there's no hiding who the IP belongs to.

That said, server providers are much less likely to analyze your traffic because that'd be a big no-no for a lot of companies using those servers. And of course any given request may actually be from any of Lemmy, Mastodon, IRC bots or Matrix, so pings to weird sites can result entirely from someone posting that link somewhere.

And it does have the advantage that if you try to DDoS that IP you'll be very unsuccessful.

Max_P , 1 month ago

I can definitely see the improvement, even just between my desktop monitor (27in 1440p) and the same resolution at 16 inch on my laptop. Text is very nice and sharp. I'm definitely looking at 4K or even 5K next monitor upgrade cycke.

But the improvement is far from how much of an upgrade 480p to 1080p and moving away from CRTs to flat screens. 1080p was a huge thing when I was in highschool as CRT TVs were being phased out in favor of those new TVs.

For media I think 1080p is good enough. I've never gone "shit, I only downloaded the 1080p version". I like 4K when I can have it like on YouTube and Netflix, but 1080p is still a quite respectable resolution otherwise. The main reason to go higher resolutions for me is text. I'm happy with FSR to upscale the games from 1080p to 1440p for slightly better FPS.

HDR is interesting and might be what convinces people to upgrade from 1080p. On a good TV it feels like more of an upgrade than 4K does.

Max_P , 1 month ago

I've actually ran into some of those problems. If you run sudo su --login someuser, it's still part of your user's process group and session. With run0 that would actually give you a shell equivalent to as if you logged in locally, and manage user units, all the PAM modules.

systemd-run can do a lot of stuff, basically anything you can possibly do in a systemd unit, which is basically every property you can set on a process. Processor affinity, memory limits, cgroups, capabilities, NUMA node binding, namespaces, everything.

I'm not sure I would adopt run0 as my goto since if D-Bus is hosed you're really locked out and stuck. But it's got its uses, and it's just a symlink, it's basically free so its existence is kBs of bloat at most. There's always good ol su when you're really stuck.

Max_P , 1 month ago

Basically, the SUID bit makes a program get the permissions of the owner when executed. If you set /bin/bash as SUID, suddenly every bash shell would be a root shell, kind of. Processes on Linux have a real user ID, an effective user ID, and also a saved user ID that can be used to temporarily drop privileges and gain them back again later.

So tools like sudo and doas use this mechanism to temporarily become root, then run checks to make sure you're allowed to use sudo, then run your command. But that process is still in your user's session and process group, and you're still its real user ID. If anything goes wrong between sudo being root and checking permissions, that can lead to a root shell when you weren't supposed to, and you have a root exploit. Sudo is entirely responsible for cleaning the environment before launching the child process so that it's safe.

Run0/systemd-run acts more like an API client. The client, running as your user, asks systemd to create a process and give you its inputs and outputs, which then creates it on your behalf on a clean process tree completely separate from your user session's process tree and group. The client never ever gets permissions, never has to check for the permissions, it's systemd that does over D-Bus through PolKit which are both isolated and unprivileged services. So there's no dangerous code running anywhere to exploit to gain privileges. And it makes run0 very non-special and boring in the process, it really does practically nothing. Want to make your own in Python? You can, safely and quite easily. Any app can easily integrate sudo functionnality fairly safely, and it'll even trigger the DE's elevated permission prompt, which is a separate process so you can grant sudo access to an app without it being able to know about your password.

Run0 takes care of interpreting what you want to do, D-Bus passes the message around, PolKit adds its stamp of approval to it, systemd takes care of spawning of the process and only the spawning of the process. Every bit does its job in isolation from the others so it's hard to exploit.

Max_P , 1 month ago

I haven't had D-Bus problems in quite a while but actually run0 should help with some of those issues. Like, systemctl --user will actually work when used with run0, or at least systemd-run can.

Haven't used it yet so it's all theoretical, but it makes sense to me especially at work. I've used systemd-run to run processes in very precise contexts, it's worth using even if just to smush together schedtool, numactl, nice, taskset and sudo in one command and one syntax. Anything a systemd unit can do, systemd-run and run0 can do as well.

I'm definitely going to keep su around just in case because I will break it the same I've broken sudo a few times, but I might give it a shot and see if it's any good just for funsies.

Just trying to explain what it does and what it can do as accurately as possible, because out of context "systemd adds sudo clone" people immediately jump to conclusions. It might not be the best idea in the end but it's also worth exploring.

Max_P , 1 month ago

If you dig deeper into systemd, it's not all that far off the Unix philosophy either. Some people seem to think the entirety of systemd runs as PID1, but it really only spawns and tracks processes. Most systemd components are separate processes that focus on their own thing, like journald and log management. It's kinda nice that they all work very similarly, it makes for a nice clean integrated experience.

Because it all lives in one repo doesn't mean it makes one big fat binary that runs as PID1 and does everything.

Max_P , 1 month ago

The same is on the way in the US with how hard conservatives are fighting to keep graduates dumb and educated. Educated people don't lean towards wars.

Max_P , 1 month ago

Yeah, even Asahi has better OpenGL support than real macOS. They make damn sure you have to use Metal to get the most out of it, just like eventually you get caught up in DirectX on Windows whether you want it or not. You can use Vulkan and OpenGL, but the OS really wants to work with Metal/DirectX buffers in the end.

I appreciate that the devs care enough to make it really good from the start, because that sets the benchmark. Now the Linux version has to have a similar enough polish to it.

In comparison, Atom and VSCode both worked fine on Linux just about day one thanks to Electron, but it was also widely disliked for the poor performance. It's a part of what Zed competes on, performance compared to VSCode.

Max_P , 1 month ago

Pixel phones are basically the gold standard of Android phones for flashing custom ROMs. Google doesn't lock anything down and provide everything necessary to not only build your own, but it even fully supports relocking the bootloader with your own keys and all the secure boot security features.

In most cases I think Google has an online tool you can run right from the browser to fully reflash the stock OS on it.

The only thing that won't work is apps using Play Integrity which some bank apps and streaming apps use for DRM, including Google Pay/Wallet. There's not much you can do about it especially in the longer term, as this is hardware-backed so unless some major exploit gets dropped, you can't really fake the phone being stock to apps. Reverting to stock should bring back full functionality.

You really have to go out of your way to brick a Pixel and mess with overclocking to do permanent hardware damage.

Have fun!

Max_P , 1 month ago

As for the iPhone 3G, I think it was just software and an aging device. My iPod definitely got pretty laggy with multiple apps open on a device with 128MB of RAM in an OS that doesn't even support running apps in the background. The more mods and plugins loaded the laggier naturally.

But even with a jailbreak, they didn't mod drivers or anything that would make it different from a hardware perspective. They just sideload a store that can then install any apps. You can install bad apps but nothing that would survive a restore in iTunes.

What could have happened is she got an iOS update after the restore that also was a bit laggier and energy intensive. Or maybe the faster discharge and higher energy consumption is what finished an already aging battery. It's very unlikely the jailbreak caused it, more likely triggered it or expedited an existing problem. Like formatting your mom's PC whose hard drive is on death's bed and the IO of reinstalling an OS makes it kick the bucket. Is it the OS's fault? No. But did installing the OS cause the fault? Yes. People will still blame the OS, especially if it's a different OS in case of a jailbreak or putting Linux on your mom's laptop that's still on XP or 7. The new thing, it broke the thing!

Max_P , 1 month ago

I just replied to that in a dedicated comment. But for your Pixel it's even better because it's something that Google even officially endorses, it doesn't even void your warranty.

I've been modding phones since the Android 2.2 days, and I've never had any major issues or anything that would make me want to go back to stock, and never had issues going back to stock. Even my S7 with a modded bootloader splash screen, it was gone when I flashed stock back on it.

Max_P , 1 month ago

Yeah if it was brand new, it might also have been defective, I've seen that happen. It's just between jailbreak and manufacturing defect, which do we default to? Depends on the whole timeline really.

It's not impossible it broke it, but anyway the Pixel is made for that so it's a lot less sketchy to begin with. It's the same risk as installing an OS on a PC really.

Google releases betas and developer previews for the Pixel, it's made to survive buggy code.

Max_P , 1 month ago

You can try unsubscribing and resubscribing. The switch to "subscribed" from "subscription pending" depends on the remote server sending you an activity acknowledging the subscription. New instances sometimes struggle initially, because the remote instance has to discover you first and I think there's a race condition where it won't send the activity because it doesn't know if your instance is up yet. (There's an instance sync job that runs periodically to ping all linked instances, and it pauses sending activity to instances that are not considered active. If your subscription is the first interaction, you're not "active" yet as it just learned about your instance)

Max_P , 1 month ago

That's why half decent VPN apps also add firewall rules to prevent leakage. Although nothing can beat Linux and shoving the real interface in a namespace so it's plainly not available to anything except the VPN process.

Max_P , 1 month ago

Some providers have managed to make split tunnelling work fine so those I suspect are not affected because they override the routing at the driver level. It's really only the kinda lame OpenVPN wrappers that would be affected. When you have the custom driver, you can affect the routing. It's been a while since I've tested this stuff on Windows since obviously I haven't been paid to do that for 6 years, but yeah I don't even buy that all providers are affected and that it's unfixable. We had workarounds for that when I joined PIA already so it's probably been a known thing for at least a decade.

The issues we had is sometimes you could get the client to forget to remove the firewall rules or to add back the routes and it would break people's internet entirely. Not great but a good problem to have in context.

Max_P , 1 month ago

Most VPN providers don't use DHCP. OpenVPN emulates and hooks DHCP requests client-side to hand the OS the IP it got over the OpenVPN protocol in a more standard way (unless you use Layer 2 tunnels which VPN providers don't because it's useless for that use case). WireGuard doesn't support DHCP at all and it always comes from configuration.

Max_P , 1 month ago

The attack vector here seems to be public WiFi like coffee shops, airports, hotels and whatnot. The places you kinda do want to use a VPN.

On those, if they're not configured well such as coffee shops using consumer grade WiFi routers, an attacker on the same WiFi can respond to the DHCP request faster than the router or do an ARP spoof attack. The attacker can proxy the DHCP request to make sure you get a valid IP but add extra routes on top.

Max_P , 1 month ago

Adding routes for other thing on the network the clients can reach directly and remove some load from the router. For example, reaching another office location through a tunnel, you can add a route to 10.2.0.0/16 via 10.1.0.4 and the clients will direct the traffic directly at the appropriate gateway.

Arguably one should design the network such that this is not necessary but it's useful.

Max_P , 1 month ago

The guy that manages Kbin has been having personal issues and stepped away from the fediverse so yeah Kbin is kind of in limbo at the moment and indeed not well moderated. There's mods but there's just so much they can do. The software doesn't federate the deletions so even if they're gone on Kbin, they remain everywhere else.

Max_P , 1 month ago

Tagging @ijeff

Your server's all outta space

Max_P , 1 month ago

And it's NVIDIA so it's still gonna be a flickery mess until explicit sync is all done and rolled out.

Max_P , 1 month ago (edited 1 month ago)

On my computer that'd unmount my home directory, my external storage, my scratch space and my backup storage, and my NAS.

It would also unmount /sys and /proc and /tmp and /run. Things can get weird fast without those, for example that's where the Xorg/Wayland socket is located.

If all you have is home and root on the same partition I guess it's not too bad because it's guaranteed to be in use so it won't let you, but still, I wouldn't do that to save like 5 keystrokes in a terminal.

Max_P , 1 month ago

Fair enough, TIL. I've used mount -a a fair bit, but unmounting the world is not something that crossed my mind to even attempt. It would still unmount a good dozen ZFS datasets for me.

Good example with the Snaps! Corrected my post.

Max_P , 1 month ago

And using loads of sensitive permissions to pull it off, like accessibility to read the screen. It's not stealing the auth cookies from the app nor throwing exploits at Android to escape the sandbox.

Headline definitely makes it sound like it's a drive-by exploit, but no it's just the usual social engineering everyone is familiar with.

Max_P , 1 month ago

It's kernel level anticheat, it can do whatever it wants. It's on the same level as the operating system.

Realistically? Nobody's gonna bundle Linux filesystem drivers in malware just in case. If someone is to exploit Vanguard for malware I'd expect a credentials stealer to take your Steam and Discord accounts. Ransomware would likely spread to the NAS but that can be mitigated with readonly permissions where appropriate, and backups/shadow copies.

Max_P , 1 month ago

Docker would still go through the kernel for the mount, that's one of the few things Docker can't do because it's the same kernel as the host.

That said I doubt it's been removed from the kernel, only the Samba server. OP is a client.

Max_P , 1 month ago

Definitely very subjective. People keep saying macOS has amazing font rendering but for me it just looks like a blurry mess, especially on non-retina displays. My fonts are set to be as sharp as possible on Linux because when coding and in the terminal I want very sharp fonts so they're easier to read for me.

Seconding the dependence on the particular font as well. Cantarell, Ubuntu and OpenSans are all fairly blurry regardless, unless seen on HiDPI screens in which case they do look more like macOS. DejaVu Sans can be very sharp in contrast at very low resolutions because it's been made in the 800x600 and 1024x768 days and optimized to look sharp when small.

Max_P , 1 month ago

There's some problem with a federated previews: tricking one instance into generating the wrong preview would spread to every instance. It's been exploited for malware and scam campaigns in message apps.

Max_P , 1 month ago

Even without Cloudflare, simple NGINX microcaching would help a ton there.

It's a blog, it doesn't need to regenerate a new page every single time for anonymous users. There's no reason it shouldn't be able to sustain 20k requests per second on a single server. Even a one second cache on the backend for anonymous users would help a ton there.

They have Cloudflare in front, the site should be up with the server being turned off entirely.

Max_P , 1 month ago

Masquerading a normal looking link for another one, usually phishing, malware, clones loaded with ads.

Like, lets say I post something like

https://www.google.com

And also have my instance intercept it to provide Google's embed preview image, and it federates that with other instances.

Now, for everyone it would look like a Google link, but you get Microsoft Google instead.

I could also actually post a genuine Google link but make the preview go somewhere else completely, so people may see the link goes where they expect even when putting the mouse over it, but then they end up clicking the preview for whatever reason. Bam, wrong site. Could also be a YouTube link and embed but the embed shows a completely different preview image, you click on it and get some gore or porn instead. Fake headlines, whatever way you can think of to abuse this, using the cyrillic alphabet, whatever.

People trust those previews in a way, so if you post a shortened link but it previews like a news article you want to go to, you might click the image or headline but end up on a phony clone of the site loaded with malware. Currently, if you trust your instance you can actually trust the embed because it's generated by your instance.

On iMessage, it used that the sender would send the embed metadata, so it was used for a zero click exploit by sending an embed of a real site but with an attachment that exploited the codec it would be rendered with.

Max_P , 1 month ago

What a dystopian world we live on where my 32 thread CPU with 8 channels of 64GB RAM is "obsolete" for Windows 11, because it lacks a fucking TPM of all things.

Max_P , 1 month ago

That's a good feature, politics on social media is just a cesspool these days. There's nothing worth seeing because there's no political discussion, just name calling, climate change denialism, racism and transphobia.

Meta's well aware that everyone's tired of that uncle that just won't shut up.

Max_P , 1 month ago

And lately some of those "jokes" are basically indistinguishable from serious people that are truely piece of shit humans. The "it's a joke" to save face after the backlash has been abused far too much.

Or, get this, one could just make good jokes.

Max_P , 1 month ago

I'll never understand the people that fake these kinds of things. Fake watches, fake followers, fake views, fake likes, fake jobs. Why?

What's attractive about likes and views anyway? Why would I care that my date has 0 followers or a million followers? If anything it means they'll constantly be busy streaming.

Max_P , 2 months ago

There's not much to improve on PNG. It's essentially a zipped up BMP with optional filters to rearrange pixels in a way that will hopefully lead to better compression at the zip stage.

Last time I tested this, if you used xz or zstd to compress a BMP with max settings, it made smaller files than PNG.

WebP and JXL is where it's at.

Max_P , 2 months ago

WebP solves use cases for both PNG and JPEG as the same format can be lossless or lossy, while getting the benefits of a much more powerful codec.

PNG is good for certain types of graphics. Take a full size 48MP picture and encode it in PNG and it's going to be massive compared to JPEG.

PNG is a pretty simple and effective format but it's not especially good nowadays, there's a reason WebP is popular. Much smaller files for the same quality. Same for JPEG XL.