emails

Not a noun, my dude.

I use seamonkey, but only for convenience. It grabs all my email and caches it locally for me.

Your comment isn’t popular, but we all know the rule: “the best thing needs to be the easy thing”, since people will often choose what’s easy and fast vs what’s ultimately better. We see this in security all the time (hello-oo NPM).

Check if you’re using cloud-init

Nice. I’m struggling hard to keep cloud-init out of my pve setup.

Absolutely this.

33 years in Linux, 30+ professionally, Unix+Linux security background in a past life at a fucking distro.

When I first install a new distro version, I do something very simple; maybe I configure a simple web page, for instance.

Usually the web server refuses to start, or something equally “so dumb it should have been seen in early testing and doesn’t even get to the challenge I set before it” stupid. If the distro can’t test something so basic, then I know they’re not prepared to consider selinux implications while maintaining or debugging the distro. I don’t need to blaze a trail the distro can’t be arsed to.

Then I mod away the config in my template and hope the distro can pull out their proverbial head in 5 years.

The easiest path needs to be the safest path

seems unfinished

Anything container-free? We like iso27002, here.

setup

set up. “Setup” is a noun that lost its hyphen.

everytime

every time. Otherwise it’s not a word at all.

Ooh, good deal.

Not if I can help it.

Linux’s license not count as about Linux?

Philosophically, no.

In set theory, also no.

Legally, still no.

Does it contain similar letters? Like Laughter and Slaughter do, yes.

Still hosting gitlab.

The CI on forgejo is, unfortunately, nowhere near as good.

Given how long gitlab has been struggling to fix basic bugs and instead creeping into features - hello-oo bloated and slow vscode-like web editor and non-ephemeral runner management - I’m not sure they have any staff left to let go. But it’s nice they found an excuse to shed their remaining talent and avoid complete stock devaluation.

The planning is happening openly, including a voluntary separation window.

“We don’t understand how the Dead Sea Effect works, and we want to super-size the damage.”. Okay, Bill.

Supply chain attacks are what scare me.

As a former OS security pro, this is the right answer. Not because of the exploit itself, but because young (unmentored) coders readily trust some really bad patterns of pulling in random junk from the web and running it. THIS is how the LPE becomes essentially an RCE-level problem.

I’m totally okay with them receiving money from bad companies. It’s like vandals ordered to pick up highway trash - yo momma - as punishment.

Receiving Merge Requests from sloppers, though? That’s not cool.

I shudder to imagine what they’d think of a car with a clutch and a left-toe switch for the high-beams.

• node.js
• mariadb server
• redis

You’ve got suppy-chain attacks and boutique complexity in three easy steps. Squeeze it into a flatpak or crutch on containers to frustrate validation and it’s the perfect footgun from a security standpoint.

…but only to mod the repo config to install emacs-nox. After that having seen the resource usage is the same as vi just use what’s most versatile.

Heh. Container mafia going “hush, don’t worry about iso27002, just one more pull, bro.”

Do the sysctl fix and you’re fine to wait for a patch.

Disable the sandbox bit and it’s bobbitted, right ?

The Compress attribute has been in even ext3 since day 1. I’ve never tried it, though.