HackerTrans
TopNewTrendsCommentsPastAskShowJobs

lotharcable

no profile record

comments

lotharcable
·13 дней назад·discuss
XWayland is actively developed.

XFree86, which is the "standalone DDX" you see on X11 desktops, is being actively maintained.
lotharcable
·13 дней назад·discuss
Nowhere (and everywhere).

It is my understanding that XACE doesn't actually provide any security features itself. It just provides the "hooks" to implement security extensions. Like LSM feature in Linux kernel. You have to install a additional X11 extension to do something useful with it.

So the most common X11 security extension is going to be xcsecurity which enables the SECURITY extension. It allows a course permission model were applications can be designated as "Trusted" or "Untrusted". That is going to show up in many Linux distributions.

However all applications default to "trusted" because if they are untrusted they tend to cause lots of other annoying problems and crashes a lot of apps, apparently.

In practice the only place it shows up is if you are using "ssh -X". That uses the security extension by default. Which is why there is also a "ssh -Y" that disables it for applications that it breaks.

This sort of thing is why to fix X11 security you have to give up backwards compatibility and create a new X version.

Oh, wait, that is what the X developers did with Wayland.
lotharcable
·28 дней назад·discuss
probably because there is a ton of open source projects out there with disabled tests in their training data.
lotharcable
·3 месяца назад·discuss
Lobbyists turning into government regulator is a lot more common then people realize. It is normal regardless of what party occupies the Whitehouse.

This is one of those things were most people don't realize this goes on because it is rarely reported on. Also who is involved in running administrative agencies is largely irrelevant and very boring subject. It isn't like you get to vote for any of them.

Loabyist-as-head-regulator situation is a reflection of how the administrative state actually works and the role that large public corporations play in that administration.

The 'ELI5' explanation is...

Modern politicians are career politicians. Meaning most of them they start off by getting their law degrees and then immediately pursue a political career using whatever connections they have. This means that they have no real experience of the world outside of law and internal bureaucracy of their parties and governments.

This means they are extremely unqualified at regulating any sort of industry. They just don't know anything about 'the real world'. They know nothing about how to make cars, smelt steel, drill for oil or designing light switches.

It is a similar situation for career administrators in the 400+ administrative agencies in the Federal Government. They get degrees in public administrator or in fields related to their regulatory function. Many of the top administrators will have masters and PHDs. But as anybody with experience in the "private sector" there is a very significant gap between what you can learn in a University setting versus what gets applied in actual practice.

So to fill the gap they require the participation of the major corporations in these industries. They help draft legislation, they have representatives in regulatory committees, the provide the information necessary for economic analysis, and so on and so forth.

This, after 80 years of USA history of the modern administrative state, even involves having corporate representatives participate in party politics, sometimes even becoming politicians, and having positions in the agencies that regulate them.

The term for this is "regulatory capture".

There is a trade off for having highly regulated industries. The main one is that by accepting control of the government the government takes on the responsibility of making sure these corporations remain profitable.

The cost of regulatory overhead is very significant and forms a massive barrier of entry for new businesses. So the established corporations are likely the only corporations that are going to exist for some major industries. Once you lose them they are gone forever.

So the more regulation you have the more protective the government needs to be of these businesses and their profits.
lotharcable
·8 месяцев назад·discuss
Fixing X11's security would of broken window positioning as well. Since that is a security issue.

The deal here is that the only way to fix X11's security issues is by breaking all those types of workflows and forcing application rewrites to implement them in authenticated ways.

So if you are going have to go and break all that stuff, why not fix a crapload of other problems while you are at it?

Calling Wayland "X13" may have avoided a lot of misunderstandings, but it probably would of caused others.
lotharcable
·8 месяцев назад·discuss
Yes it was bit uncharitable, but I couldn't resist based on the way he phrased it. It was just a joke.

"Preventing" the vulnerability would indeed require going back to 1994. Since it is a vulnerability that has existed in every display server released since then.
lotharcable
·8 месяцев назад·discuss
[flagged]
lotharcable
·8 месяцев назад·discuss
The way X11 developers ended up fixing this is by creating Wayland. This way privileged operations (like keylogging, screen capture, etc) require the cooperation and authentication through the display server.
lotharcable
·10 месяцев назад·discuss
Microsoft is guilty of giving incompetent administrators enough rope to hang themselves.
lotharcable
·11 месяцев назад·discuss
I think that using the term 'application containers' to reference docker and 'system containers' to reference LXC is a bit of a meaningless distinction.

You can 100% host "systems containers" on Docker and you can host "applications" on LXC.

Like if I want a entire OS with it's own init system and users and so on and so forth I can do it it OCI images.

In fact I use it every single day with distrobox on top of Podman using OCI container images.

And it works a hell of a lot better then if I tried to do it on LXC.
lotharcable
·11 месяцев назад·discuss
"Systems containers" are almost certainly isn't more secure since 'root' means things, even in a container.

Containers just leverage existing Linux namespace isolation techniques to isolate applications.

A good way to think about it is that they act like blinders on a horse. If applications can't "see stuff" or reference items outside of the container then they don't know it exists and don't know how to interact with it.

"application containers" can take advantage of more then just namespaces to isolate applications, such as running them as unprivileged users inside the container's context and thus limiting them from the sort of kernel features that get exposed inside the containers. Or cgroups to limit resource usage and other smaller things like that.

Regardless "Security" and "Containers" really shouldn't be written about in the same paragraph without MAC framework like SELinux in place or additional isolation techniques like VMs.

Although VMs are a lot more like containers then people realize.
lotharcable
·11 месяцев назад·discuss
Copyright exists to protect publishers, not the people actually doing the work.

Copyright was created for the specific purpose of censorship.
lotharcable
·11 месяцев назад·discuss
Rabies anti-virus require very carefully handling and refrigeration and thus can be extremely expensive for hospitals to keep in stock.

And, yes, it needs to be applied before symptoms start to appear. Otherwise death is almost for certain.

I doubt this research will lead directly to a better vaccine, but having a better vaccine could save a lot of lives.
lotharcable
·11 месяцев назад·discuss
One of the effects of ISG15 deficiency is a disease called "Type I interferonopathy".

Among the symptoms of this disease includes things like necrotic lesions and severe multi-systemic damages.

From what I gather the fact that these people are not more susceptible to viral infections was a surprise. Which probably relates to why the doctors in the parent article were investigating its possible anti-viral properties.
lotharcable
·11 месяцев назад·discuss
AMDgpu is the driver for newer GPUs, radeon is for the older GPUs. This is like circa 7 or 10 years ago.

So it is both driver changes and architectural changes.

There is also AMDGPU-PRO, which is the proprietary version based on AMDGPU. Used to be you'd need it for ROCm, but that hasn't been true for a while not. There really isn't any reason to use the "pro" version anymore, unless you have a some special proprietary app that requires it.

Open source GPU drivers are based on Mesa stack. So they share a common code base and support for things like Vulkan.

So it is sorta similar to how DirectX works. With old-school OpenGL drivers each stack was proprietary to the GPU manufacturer so there was lots of quirks and extensions that applied to only one or another GPU. That is one of the reasons DirectX displaced OpenGL in gaming... Microsoft 'owned' DirectX/Direct3d stack.

Well the open source equivalent to that is Mesa. Mesa provides APi support in software and it is then ported to each GPU with "dri drivers".

For gaming things have improved tremendously with "Proton", which is essentially Wine with vastly improved Direct3D support.

This is accomplished with "DXVK", which is a Direct3D to Vulkan translator.

This way Linux essentially gets close to "native windows speed" for most games that support proton in one way or another.

Which means that most games run on Linux now. Probably over 75% that are available on Steam, although "running" doesn't mean it is perfect.

One of the biggest problems faced with Linux gaming nowadays is anti-cheat features for competitive online games. Most of the software anti-piracy and anti-cheating features games use can technically work on Linux, but it is really up to the game manufacturer to make it work and support it. Linux gamers can sometimes make it work, but also they get flagged and booted and even accounts locked for being suspected of cheating.
lotharcable
·11 месяцев назад·discuss
Things have changed a lot since Steam deck. Especially in the last 3 or 4 years.

Mobile users suffer more problems then people with dedicated desktop GPUs, but it still gotten a lot better.

The one thing to be careful about AMD GPUs is that for most GPU OEMs AMD is just a after thought. So they get sub-par QA and heatsinks compared to their more popular Nvidia models.

It is best to go with card makers that only sell AMD GPUs, like Sapphire, PowerColor, and XFX. I am partial to Sapphire.
lotharcable
·11 месяцев назад·discuss
With the advent of Steam deck and Valve putting time and effort into AMD GPU drivers the AMD GPU is really the best option for Linux when it comes to general desktop stuff and gaming.

The days of Nvidia proprietary drivers being a safe bet is long gone. Especially for any sort of Wayland desktop, but it still applies to X11.

Intel drivers should be good as well, since they use the same Mesa code base.

With the ROCm stuff no longer depending on AMD Pro then there is not going to be any reason to step away from the default GPU drivers provided by your distro, provided they are relatively new.

While I am sure that there are still going to be professional-grade proprietary apps that recommend Nvidia... for most of us the only reason to actually go and choose Nvidia on Linux is because of CUDA. And, personally, I would rather lease time on the cloud or have a second GPU work horse PC separate from my desktop for that.

Unfortunately Nvidia is, by far, the most popular option for Windows users. Over 4:1 ratio according to Steam statistics.

So most new Linux users are still going to have to suffer through dealing with their GPU drivers.
lotharcable
·в прошлом году·discuss
If Redis is superior then sticking with Valkey would just be throwing good money after bad. Hopefully those companies are competent enough to understand the concept of sunk costs.

Maybe Valkey has served its purpose in pressuring Redis into playing ball.

Just answering "why would". Whether or not Redis is better then Valkey or if it would be worth it to switch back is not something I know.
lotharcable
·4 года назад·discuss
> There are many reasons to not like systemd and the creator, who incidently after leaving the GNU/Linux is now working for the same company that sought to destroy it, Microsoft.

Yeah, well... Microsoft is probably soon to be one of the bigger Linux developers out there. As the profit slowly drains out of the desktop their core business model is going to be increasingly dependent on open source and Linux.

Just in case anybody reading this is a big fanboy of Linux... This is what winning feels like.
lotharcable
·4 года назад·discuss
> It feels like the time is ripe for something simpler and more modern to replace* systemd.

Well then do what Poettering did and write it.

It's threads like this why I am eternally grateful that Linux kernel uses a merit driven approach and not concessus driven one.