r00ty

Linux secure boot was a little weird last I checked. The kernel and modules don’t need to be secure boot signed. Most distros can use shim to pass secure boot and then take over the secure boot process.

There are dkms kernel modules that are user compiled. These are signed using a machine owner key. So the machine owner could for sure compile their own malicious version and still be in a secure boot context.

Yep. Also, I did clarify that I would usually do an overall upgrade at the same time.

I get the message there’s an upgrade. Say I’ll do it myself, go to console.

yay -S discord (or more likely just do an overall upgrade and reboot, what they hell)

Restart discord.

But this is the crucial thing. It wasn’t in the repository. It was in the tarball. It’s a very careful distinction because, people generally reviewed the repository and made the assumption that what’s there, is all that matters.

The changes to the make process only being present in the tarball was actually quite an ingenius move. Because they knew that the process many distro maintainers use is to pull the tarball and work from that (likely with some automated scripting to make the package for their distro).

This particular path will probably be harder to reproduce in the future. Larger projects I would expect have some verification process in place to ensure they match (and the backup of people independently doing the same).

But it’s not to say there won’t in the future be some other method of attack the happens out of sight of the main repository and is missed by the existing processes.

Yeah, but asking film/tv producers for permission would kill my content collection!

It’s for backup purposes mainly. A lot of cloud backup providers don’t store permissions.

So if I restore the data I can then restore the permissions after. So these are the folders I am backing up (with some exceptions in /var)

OK so it’s fairly simple. You need to install the acl package (or whatever equivalent package contains getfacl/setfacl. Then you can use that to dump the data from an entire structure into a file (I also then bzip that). Then I backup all installed packages to help with a restore too.

So the script looks like:

#!/bin/bash
cd /etc
/usr/bin/getfacl -R . | /usr/bin/bzip2 -9 >PERMISSION_BACKUP.bz2
chmod 600 PERMISSION_BACKUP.bz2
cd /home
/usr/bin/getfacl -R . | /usr/bin/bzip2 -9 >PERMISSION_BACKUP.bz2
chmod 600 PERMISSION_BACKUP.bz2
cd /root
/usr/bin/getfacl -R . | /usr/bin/bzip2 -9 >PERMISSION_BACKUP.bz2
chmod 600 PERMISSION_BACKUP.bz2
cd /var
/usr/bin/getfacl -R . | /usr/bin/bzip2 -9 >PERMISSION_BACKUP.bz2
chmod 600 PERMISSION_BACKUP.bz2
/usr/bin/apt list --installed | /usr/bin/bzip2 -9 >/root/INSTALLED-PACKAGES.bz2
chmod 600 /root/INSTALLED-PACKAGES.bz2

To restore you change to the folder the backup was taken from, unbzip the file (or uncompress live via pipe) and use setfacl --restore=<file>

Yeah. Only on my phone right now but will get it and post here later/tomorrow.

I mean, too late for you now. But I have a script that backs up just the permissions and owners for a given folder hierarchy.

I use it because I backup to a cloud backup platform that doesn’t save them. So these files are backed up with the data so the files and permissions/owners can be restored in an emergency.

But you could of course also use the file to restore permissions after a user generated mistake too.

I did defederate from hexbear for a while a year or so ago. Just because at the time their users were generally just actively trolling for reactions in pretty much every community, and it just got too the point I defederated. I’ve since removed them from the defed list.

Generally I agree. But ML seems to have become a bit more clearly biased in their moderation. To me it’s not a reason to defed, but a reason to view the content they do allow in their hosted communities with that bias in mind.

I know the OP is using wifi calling as a solution. But since we’re talking voip providers.

I use voxbeam. But they’re wholesale, you need a fixed IP for incoming calls, their support are good. But they’re probably not going to want to help you with end-user type questions. They only support SIP. But, pricing is generally good and plenty of reasonably priced DID options.

That’s unusual. In the UK it’s generally only going to work if you’re in the UK. When I connect to my VPN (in my house, so residential IP), it’s hit and miss, the wifi calling icon will appear and disappear as it feels like. But otherwise it’s generally locked down.

Well, mainly you just need to keep the EFI entirely separate. That’s generally all you need. That’s what windows will decide to wipe and reinstall. I just didn’t do it this time. I think because of how disks were already partitioned.

I’m not using VST. There’s a few games I got on Microsoft store some years ago which there’s no way (yet) to make run in Linux (at least to my knowledge). But, I don’t feel that much need to play them. At least not enough to boot into windows, complete the huge updates likely waiting and then fix the grub install afterwards just to play a game.

I have it as a dual boot option. But, it’s not been booted since November. So I am assured I’ll need to rerun grub when I do decide I need to boot it for something I cannot do in either Linux, or a Windows VM in linux (that’s really a small number of things).

These days only the major ones. Like the H1/H2 updates. I agree there’s zero excuse for it in the EFI boot world. But, Microsoft gotta Microsoft.

Often you can just find the boot again in the bios and choose it. And that should be assured if you don’t put grub and windows in the same EFI partition.

Microsoft has always had his arrogant idea that the PC they’re installed on belongs to them and will just delete anything else they find in the way.

Can Linux run programs that rely on frameworks like .NET or other Windows-specific libraries?

So this one I thought I’d answer because I’ve done development in both NET framework and NET core and how it works is different for each (although things will usually work one way or another).

For .NET framework applications, if the program is compiled for windows (the .exe) you can usually run it with mono (you generally don’t need wine, but there’s some caveats that mean sometimes you should use wine). This will include programs with GUIs. If the NET framework app calls other windows programs it is best to run it via wine, you will need to install the net framework within wine, but there’s a winetricks command for that. There are a few things that are generally niche things that do not work in linux net framework’s mono though. By niche the one I can think of, is serial port events. Very annoyingly they all exist, so the program will run but the events will never trigger an action in the programs. Very annoying, but luckily very rare/niche stuff.

For .NET core, you can build directly to linux targets, and if the project you are working on does target NET core, then you can run the binary natively (note: you usually cannot build applications using forms to linux native binaries, for these you should run the windows exe with wine). You can also run the .exe files for this with wine and I’ve rarely had a problem with it.

Note that if you develop .NET applications, you won’t be able to build anything that uses the standard forms GUI under linux. There are other UI frameworks out there you can use that are multi platform. For this reason, for the projects that do use windows forms, I have a VM with windows on that I boot up for this reason.

In short, if you’re just running windows binaries, you will be generally fine with mono for framework and wine for core. For development “it’s complicated”.

I monitor for good deals. Because there’s no contract it’s easy to add one, move stuff over at your leisure and kill the old one off. It’s the better way to do it for semi serious stuff.

I think their auction servers are a hidden gem. I mean the prices used to be better. Now they have some kind of systrem that resets them when they get too low. But the prices are still pretty good I think. But a year or two ago I got a pretty good deal on two decently spec’d servers.

People are scared off by the fact you just get their rescue prompt on auctions boxes… Except their rescue prompt has a guided imaging setup tool to install pretty much every popular distro with configurable raid options etc.

I feel like the only even remotely acceptable way to do this is to show the ad, prompt for the answer for 10 seconds. They can log the right/wrong answer or if the time expires the lack of one and must move on.

I can imagine metrics knowing if your advertising is actually reaching people is valid. But to make people answer and especially make them watch more if they answer wrong is about as dystopian as it gets.

If (and I say if, I really don’t want to believe it is) that is the case, the only correct response is to uninstall Hulu immediately and put on your pirate hat.