1 line of code?

Amateur, I changed 1 byte of code in the Linux kernel!

It was random driver with something along the lines of “if (hardware_version > 3) fail()”.

One day we got a new shipment of hardware that wasn’t working for some reason until I upped that 3 to a 4.

I think what happened here is that something went wrong and messed up the permissions of some of the users files. MS help suggested that he login as an administrator and reatore the intended permissions.

I don’t work with Windows boxes, but see a similar situation come up often enough on Linux boxes. Typically, the cause is that the user elevated to root (e.g. the administrator account) and did something that probably should have been done from their normal account. Now, root owns some user files and things are a big mess until you go back to root and restore the permissions.

It use to be that this type of thing was not an issue on single user machines, because the one user had full privileges. The industry has since settled on a model of a single user nachine where the user typically has limited privileges, but can elevate when needed. This protects against a lot of ways a user can accidentally destroy their system.

Having said that, my understanding of Windows is that in a typical single user setup, you can elevate a single program to admin privileges by right clicking and selecting “run as administrator”, so the advice to login as an administrator may not have been nessasary.

Have you ever worked in a place where every function/field needed a comment? Most of those comments end up being “This is the <variable name>, or this does <method name>”. Beyond, being useless, those comments are counter productive. The amount of screen space they take up (even if greyed out by the IDE) significantly hurts legability.

Fetlife is not a dating app. They have actively not implemented features such as filter by age/gender in order to avoid becoming a dating app. If you are looking to get involved in your local kink community, Fetlife is the answer [0]. For anything else, it is garbage. If you try using it to get laid, you will just be pissing a bunch of people off.

[0] At least for my local kink community. Other areas might vary.

Because “mate” is an Australian thing. They were probably trying to localize it for a non Australian audience. While still valid, the meme hits differently if the rich person is also a foreigner.

If that were the case then they would have written that into their constitution 70 years ago. And they wouldn’t have assasinated their own prime minister 30 years ago.

Heck, the current minister of national security Ben-Gvir was rejecting from mandatory constriction by the IDF, and convicted in an Israeli court of supporting (Jewish) terrorism after being indicted by an Israeli prosecutor.

These are not things that happen in a country that is unified in its goals.

The Israeli government has no idea what it is doing. Literally. The current government was a barely held together coalition prior to October 7. In the direct aftermath, they formed a unity government and war cabinet that collapsed last week.

Their prime minister has been indicated on corruption and bribertmy charges, which are currently on hold for obvious reasons. By most indications his primary motivation in this matter is to stay in power himself, with Israel’s national interests being secondary.

Individual members of IDF leadership have called Israel’s stated objectives “unachievable”.

Israel simultaneously wants to live in peace as a liberal Jewish state without commiting any form of ethnic clensing; and achieve its manifest destiny of establishing a Jewish theocracy across Judea and Samaria.

These are deep questions that get to the core of what Israel is and stands for. Questions that are to be answered by the Israeli constitution in the 50s. That never happened because Israel was never able to agree on a constitution [0].

Right now, Israel is just reacting, without any long term strategic vision. Various factions are trying to use that chaos to advance their own long term vision.

[0] Which led to the big judicial reform constitutional crisis that was a giant political crisis before October.

Because the thing people refer to when they say “linux” is not actually an operating system. It is a family of operating systems built by different groups that are built mostly the same way from mostly the same components (which, themselves are built by separate groups).

Sudo is a setuid binary, which means it executes with root permissions as a child of of the calling process. This technically works, but gives the untrusted process a lot of ways to mess with sudo and potentially exploit it for unauthorized access.

Run0 works by having a system service always running in the background as root. Running a command just sends a message to the already running seevice. This leaves a lot less room for exploits.

No. It is the equivalent of a PC maker going “yeah. I don’t think we are going to put in a CD drive anymore because the DVD drive we have been including for years can do CDs as well”

I’m one of those security specialists (although not on mastodon). To be clear, if a vulnerable version of libxz were included in a distribution that we actually use; this would be an all hands on deck, drop everything until it is fixed emergency.

Having said that, for an average user, it probably doesn’t matter. First, many users just don’t have the vulnerable version installed. All things considered, it was found very quickly; so only rolling release distros would have it. Additionally, it appears that only .deb or .rpm based distributions would have it. Not because they are particularly vulnerable, the attack explicitly tests for it.

However, lets set all of this asside and assume a typical use is running a vulnerable system. In my assessment, the risk to them is still quite low. With most vulnerabilities, the hard part is discovering it. Once that happens, the barrier to exploiting it is relatively low, so you get a bunch of unrelated hackers trying to exploit any system they can find. This case is different; exploiting it requires the attackers private key. Even though the attack is now widely known, there is still only 1 organization capable of using it.

Further, this attack was sophisticated. I’m not going to go as far as others in saying that only a state actor could do it. However, it is hard to think of anyone other than a state actor who would do it. Maybe a group of college kids doing it for the lolz research? But, if the motivation us lolz, I don’t see them pivoting to do anything damaging with it. And even if they wanted to, there would still only be a handful of them. In short, this is one of those cases where obscurity works. Whoever did this attack does not know or care about Joe the Linux user; and they were probably never going to risk burning it by exploiting it on a large scale.

However, setting all of that asside, suppose you were using vulnerable software, and someone with the private key is interested in your home system. First, you would need to be running OpenSSH on a remotely accessible interface. [0]. Second, you would need your firewall to allow remote SSH traffic. Third, you would need your router to have port forwarding enabled; and explicitly configured to forward traffic to your OpenSSH server [1].

If all of that happens; then yes, you would be at risk.

[0] Even though the attack itself is in the libxz library, it appears to specifically target OpenSSH.

[1] Or, the attacker would need some other mechanism to get on the same network as you.

“Treat others the way you want to be treated”.

Around 2 years ago, I got an email from a products team asking me for urgent help extending a program in time to make a sale.

I looked over the program and wrote back sonething along the lines of “this program was written almost a decade ago by an unsupervisered highschool intern. Why TF are we still using it?”.

Of course, I ended up helping them, because that highschool intern was me, and I ended up helping because no one else could figure out what highschool me was thinking.

Java did have a Security Manager that can be used to prevent this sort of thing. The original thinking was that the Java runtime would essentially be an OS, and you could have different applets running within the runtime. This required a permission system where you could confine the permissions of parts of a Java program without confining the entire thing; which led to the Java security manager.

Having said that, the Java Security Manager, while an interesting idea, has never been good. The only place it has ever seen significant use was in webapps, where it earned Java the reputation for being insecure. Nowadays, Java webapps are ancient history due to the success of Javascript.

The security manager was depreciated in Java 17, and I believe removed entirely in Java 21.

I’d just like to interject for a moment. What you’re referring to as Linux, is in fact, GNU/Linux, or as I’ve recently taken to calling it, GNU plus Linux. Linux is not an operating system unto itself, but rather another free component of a fully functioning GNU system made useful by the GNU corelibs, shell utilities and vital system components comprising a full OS as defined by POSIX.

Many computer users run a modified version of the GNU system every day, without realizing it. Through a peculiar turn of events, the version of GNU which is widely used today is often called “Linux”, and many of its users are not aware that it is basically the GNU system, developed by the GNU Project.

There really is a Linux, and these people are using it, but it is just a part of the system they use. Linux is the kernel: the program in the system that allocates the machine’s resources to the other programs that you run. The kernel is an essential part of an operating system, but useless by itself; it can only function in the context of a complete operating system. Linux is normally used in combination with the GNU operating system: the whole system is basically GNU with Linux added, or GNU/Linux. All the so-called “Linux” distributions are really distributions of GNU/Linux.

You joke, but after cosmonaut Alexi Leonov complained about the possibility of a bear attack, the TP-82 shotgun was standard issue on Russian spacecraft for decades.

There are still a lot of rather arbitrary decisions to make.

Is 4/pi inside or outside of the summation?

Is it (-1)^n+1 or (-1)^n with an additional negative sign in any of the other natural locations for it.

Is the e term outside of the fraction with a negative exponent, or part of the denominator.

Do you start with n=0 or n=1 (and adjust the terms inside the summation accordingly)

Did they expand (2n+1)^2?

As a kid I attended a Jewish day school, and we had a year long class on European-Jewish history through the Holocaust.

The post screenshotted (allegedly from the AGA) reads almost like it came right out of that era as a piece of anti-semetic propoganda.

Seriously. Weather the post was actually from the AGA, or an anti-semetic propogandist, it is 100% blood libel, and should treated as such.

Tanya is nothing like that. Just look at how she steadfastly upholds the law of war: https://m.youtube.com/watch?si=r8FAMFrOt_mpE_19&v=TqZz_WFPDa8&feature=youtu.be

Also her main goals are killing god, and getting promoted to a safe desk job. She’s just so damn competent that they keep sending her to the front. Also, she’s a man trapped in that body.

Agree on going with safty razors, but once you are there, you don’t want to cheep out. The one option my local grocery store carries is a $20 that is complete junk. I invested $70 in a Henson safty razor and never looked back. They also have a $250 offering for people who want the benefits of a safty razor without the cost savings.

For blades, I actually splurge and buy the $0.20/piece offering from Feather instead of the $0.10/piece ones that Henson sells. Still cheeper than the $0.80 safty blades the grocery store sells, or the checks app $4.50/piece cartridge blades the store sells?!?

Moral of the story: go cheap, but don’t be afraid of spending a little money to do so.