halz
Joined 88 karma
- halzDitto on having services expressed in more portable/cross distro containers. With NixOS in particular, I've found the best of both worlds by using podman quadlets via this flake in particular https://github.com/SEIAROTg/quadlet-nix
- This "NixOS & Flakes Book" https://nixos-and-flakes.thiscute.world was posted to HN some years ago and is still a good/relevant read.
- On a whim, there is a nuanced situation with some Realtek (RTL8671B) bluetooth firmware on Linux that is 'solved' by downgrading firmware version. This random gist has a nice thread https://gist.github.com/peteristhegreat/b48da772167f86f43dec... ..and this fellow Nix wizard has the downgrade expressed in a nix config: https://github.com/Arroquw/nixos-config/commit/9d90d7d659e74...
I too was experiencing odd/erratic pairing issues with DualSense controllers and this RTL8671B based dongle, and using the older firmware entirely fixed it. Now four controllers can be connected simultaneously without issue.
- I've wondered if that's to make dealing with full disk backup/forensic collections/retention legal hold/etc easier: keep the official amount of end-user device storage to a minimum. And/or it forces the endpoint to depend on network/cloud storage, giving better business intelligence on what data is "hot".
- Somewhat reminds me of a project out of IBM some years back: "Billy Goat" https://dominoweb.draco.res.ibm.com/reports/rz3609_revised.p... (bummer looks the site certificate expired a few days ago.. sign of the times for IBM, eh).
- Another rough take with some orchestra music from Stellaris, of all things. Start the SpaceX video and 'Towards Utopia' at around the 2:21 mark https://youtu.be/887f76RXvdE?t=141
- I replaced the Slack client with wee-slack [https://github.com/wee-slack/wee-slack]. It brings a much more "zen" experience to using Slack and better compliments my keyboard-centric desktop/workflow (e.g. clear all unread channel notifications? keybind! Jump between all the high priority/@mentioned notifications? keybind!) It also helps if you're expected to be available via Slack, since it can keep you showing "green" while you've actually been ignoring it.
- It appears the short 'magic link' was along the lines of https://www[.]klm[.]nl/s/AbCdEf
- Looks like support for S3 Express was merged in with version 1.30 just a few hours ago https://github.com/awslabs/mountpoint-s3/pull/642
- If you're on a distro which has migrated to pipewire+wireplumber, the available and active bluetooth profiles can be discovered with something like:
And by default, wireplumber will enable all of the codecs it has been built with [https://pipewire.pages.freedesktop.org/wireplumber/configura...].pw-dump | jq -r '.[] | select(.type == "PipeWire:Interface:Device" and .info.props."device.bus" == "bluetooth") | .info.params.Props, .info.params.PropInfo' - I experienced a similar sounding issue, but was able to decipher the blocked emerge output from portage to find that app-crypt/tpm2-tss-engine was blocking the whole system from getting onto openssl-3. Once I dropped tpm2-tss-engine, things went forward swimmingly. No other unmasking/masking of anything was needed.
- Ooooh yes.. Fond memories of attending a few events that were hosted by Hurricane Electric on folding tables in some conference room annex of their data center. And the marvel of finally having an Ethernet connection to the Internet instead of dialup! I'm not sure I balanced "game time" with "download-all-the-things time" well enough.
- Definitely lower battery consumption than Alacritty, at least while this is still an unresolved issue https://github.com/alacritty/alacritty/issues/3108
- Perhaps tpm2-pkcs11 and its ptool are approachable enough? https://github.com/tpm2-software/tpm2-pkcs11/blob/master/doc...
- I am reminded of an article some years ago about a group that claimed to detect/track the F-35 via this sort of passive radar technique. https://archive.is/1t5eT and/or https://www.c4isrnet.com/intel-geoint/sensors/2019/09/30/ste...
- It may be worth checking the fzf plugin you're using with Fish. There is a more recent+maintained effort[0] that brings an even more delightful feature set, particularly with Ctrl+R/_fzf_search_history
- There is a pretty well updated cli for Slack built on top of WeeChat (hailing from IRC heritage) https://github.com/wee-slack/wee-slack
- When browser managed credentials are synchronized across devices, an attacker may be able to move laterally into an enterprise by compromising the personally managed device or personally managed account (since it may be without 2FA, or may use a shared/guessable/weak password thats shared across dozens of compromised websites, or be far behind on app/OS patches, etc..)
- Really depends on the role of the system. Will it be multi-user/single-user? Hosting containers? Hosting virtual machines? Running as a virtual machine? Doing network magic? Each of these classifications will take hardening in different directions.
You can get a rough feel for the enthusiasm of your distro's desire to do 'hardened things' by checking its kernel config. Heres one such script that has consolidated some hardening guides; https://github.com/a13xp0p0v/kconfig-hardened-check and also spot check with http://kernsec.org/wiki/index.php/Kernel_Self_Protection_Pro...
Then can also see if the distro is doing things to harden the binaries (relro, nx, canaries, aslr, pie, etc) ; https://www.trapkit.de/tools/checksec/ Also! you may be surprised to find which distros are comfortable with allowing unprivileged user namespaces (kernel.unprivileged_userns_clone=1)