HackerLangs
TopNewTrendsCommentsPastAskShowJobs

Repulsion9513

no profile record

comments

Repulsion9513
·há 2 anos·discuss
> The other difference is PID 1 can't exit because Linux panics if it does. That's actually an argument for moving functionality out of PID 1.

I actually kinda think that can be an advantage for a service manager. If your service manager crashes an automatic reboot is nice, in a way. I doubt that's why they did it though.
Repulsion9513
·há 2 anos·discuss
Yep.

    depend(){
        need net localmount
        after bootmisc
    }
Repulsion9513
·há 2 anos·discuss
If a government wants to cast a wide nest and catch what they can, they'll just throw a tap in some IXP.

If a government went to this much effort to plant this vulnerability, they absolutely have targets in mind - just like they did when they went to the effort of researching (or acquiring) four separate Windows zero-days, combining them, and delivering them...
Repulsion9513
·há 2 anos·discuss
Oh for sure. I'm not suggesting that this wasn't a government actor, although I'd only give you 50/50 odds on it myself. It coulda just been someone with a bunch of time, like phreakers of old.
Repulsion9513
·há 2 anos·discuss
> How many of those are you actually required to use systemd for?

That depends on what other software you want to run, because systemd's design heavily encourages other things (distros, libraries, applications) to take dependencies on various bits. See also: every mainstream distro.

> Namespaces were implemented before systemd, have been used before systemd in widely used systems (for example LXC and many others). Namespaces and similar kernel features are not tied to systemd.

Didn't say they were. But I don't have to use LXC or many others in order to use the most popular distros and applications.

I do have to use systemd for that, though.

Which means I have to have namespaces enabled.
Repulsion9513
·há 2 anos·discuss
I have no idea, lol. Maybe the signal handling behavior? You can't signal PID1 (unless the process has installed its own signal handler for that signal). Even SIGKILL won't usually work.

That's my entire problem with systemd though: despite the averred modularity, it combines far too many concerns for anyone to understand how or why it works the way it does.
Repulsion9513
·há 2 anos·discuss
No, you can't. Systemd might be somewhat modular; the things distros ship which depend on it are not.
Repulsion9513
·há 2 anos·discuss
A shell script with a few defined arguments is not a complexly interconnected set of components. It's literally the simplest, most core, least-strongly-dependent interconnection that exists in a nix system.

Tell us you never bothered to understand how init worked before drawing a conclusion on it without telling us.
Repulsion9513
·há 2 anos·discuss
> By the way, all the stuff you mentioned is not really part of the actual init system, namely PID 1

Except it literally is. I once had a systemd system suddenly refuse to boot (kernel panic because PID1 crashed or so) after a Debian upgrade, which I was able to resolve by... wait for it... making /etc/localtime not be a symlink.

Why does a failure doing something with the timezone make you unable to boot your system? What is it even doing with the timezone? What is failing about it? Who knows, good luck strace'ing PID1!
Repulsion9513
·há 2 anos·discuss
There were plenty of those that existed even before systemd. Systemd's adoption was not a result of providing the functionality that people want but rather was a result of providing functionality that a few important people wanted and promptly took hard dependencies on.
Repulsion9513
·há 2 anos·discuss
The init-scripts that predated systemd were actually pretty damn simple. So was init itself.
Repulsion9513
·há 2 anos·discuss
> that nobody is actually required to use at any given time

But that's the very problem with systemd! As time goes on you're required, whether by systemd itself or by the ecosystem around it, to use more and more of it, until it's doing not only service management but also timezones, RTC, DNS resolution, providing getpwent/getgrent, inetd, VMs and containers, bootloader, udev (without adding literally any benefit over the existing implementations), ... oh and you also have to add significant complexity in other things (like the kernel!) to use it, like namespaces (which have been a frequent source of vulnerabilities)...
Repulsion9513
·há 2 anos·discuss
Whoops, you forgot `vsock:`, `@`, `SO_PASSCRED` (I think)... oh and where is that example provided? But yep that's all the protocol is for sure (and forever)!
Repulsion9513
·há 2 anos·discuss
Uhh, read it again, definitely was.
Repulsion9513
·há 2 anos·discuss
> Generally in the blackhat world, attackers have very precise targets

Lol, what

> wants to cast a wide net to attack as many as possible. So that fits the profile of a government intelligence agency

That's quite backwards. Governments are far more likely to deploy a complex attack against a single target (see also: Stuxnet); other attackers (motivated primarily by money) are far more likely to cast a wide net.
Repulsion9513
·há 2 anos·discuss
Because it wasn't personal or individualized. You'd probably also be more vengeful if it was someone who had stolen your credit cards (or identity).

The same reason why the bigger the company, the more the public lets them get away with.
Repulsion9513
·há 2 anos·discuss
Here's a free life lesson: sometimes there are things that victims could have done, or could do in the future, to avoid harm.

Talking about those things is not bad.

Would you complain about victim blaming when a kid burns themselves on a hot pan and their parents tell them "well then don't do it again"?
Repulsion9513
·há 2 anos·discuss
[flagged]
Repulsion9513
·há 2 anos·discuss
There's no difference in intent described there. Sam's plan was to pocket investor money for himself (and maybe return some of it, eventually, if his gamble paid off)

I'm pretty sure Madoff returned some money before being found out, too.
Repulsion9513
·há 2 anos·discuss
Tether, Terra, Circle, crypto lending

Heck it's almost like this describes crypto itself