tal

You’d still need to turn it on if it’s in hibernate. Well, you might not need to push the power button, might have a laptop that can, while off, key off the lid switch. But the laptop’s still off when it’s hibernated.

It doesn’t work with private DNS servers or forward DNS over VPN.

Like, you want to have it query some particular DNS server?

From man 5 resolved.conf:

   DNS=
       A space-separated list of IPv4 and IPv6 addresses to
       use as system DNS servers. 

       For compatibility reasons, if
       this setting is not specified, the DNS servers listed
       in /etc/resolv.conf are used instead, if that file
       exists and any servers are configured in it.

If you specify your private server there, it should work. For VPN, I mean, whatever VPN software you’re using will need to plonk it in there. Maybe yours is not aware of systemd-resolved, is modifying /etc/resolv.conf after systemd-resolved has already started, and it doesn’t watch it for updates?

In my /etc/nsswitch.conf, I have:

hosts:          files myhostname mdns4_minimal [NOTFOUND=return] resolve [!UNAVAIL=return] dns

I’m assuming that the “resolve” entry is for systemd-resolved.

kagis

https://www.procustodibus.com/blog/2022/03/wireguard-dns-config-for-systemd/

With systemd-resolved, however, instead of using that DNS setting, add the following PostUp command to the [Interface] section of your WireGuard config file:

PostUp = resolvectl dns %i 9.9.9.9#dns.quad9.net 149.112.112.112#dns.quad9.net; resolvectl domain %i ~.

When you start your WireGuard interface up, this command will direct systemd-resolved to use the DNS server at 9.9.9.9 (or at 149.112.112.112, if 9.9.9.9 is not available) to resolve queries for any domain name.

It’s been a long time, but IIRC Windows’s file dialog also remembers your recently-used files for quick access in the file dialog, and I assume that Explorer has a thumbnail cache.

It looks like GTK 3 has a toggle for recently-used files:

https://linux.debian.user.narkive.com/m7SeBwTP/recently-used-xbel

While the guy sounds kinda unhinged, I do think that he has a point — he doesn’t want activity dumping breadcrumbs everywhere, unbeknownst to him. That’s a legit ask. Firefox and Chrome added Incognito and Private Browsing mode because they recorded a bunch of state about what you were doing for History, and that’s awkward if it suddenly gets exposed. There should really be a straightforward way to globally disable this sort of thing, even if logged history can provide for convenient functionality.

Emacs has a lot of functionality, but I don’t think anything I use actually retains state. If emacs can manage that so can oyher stuff. Hmm. Oh, etags will store a cached TAGS file for a source tree.

thinks

Historically, bash defaulted to saving ~/.bash_history on disk. Don’t recall if that changed at any point.

There’s ccache, which caches binary objects from gcc compilations persistently.

Firefox can persistently cache data in the disk cache or for LocalStorage or cookies.

System logfiles might record some data baout the system though they generally get rotated out.

Most of the time though, I don’t have a lot of recorded persistent state floating around.

DNS

There’s systemd-resolved. I don’t know if you mean that it has some kind of limitation.

You can use VoIP if you have a cell data connection.

twitter doesn’t work for me rn)

https://nitter.space/moschino_bunny/status/1457773412957376530

Frankly, this should be implemented with something like a combination of:

https://github.com/QazCetelic/lemmy-know

Lemmy Know (let me know) is a lightweight CLI application / Docker service that monitors Lemmy for reports on posts and comments and sends notification. These can be sent to a Discord channel with a webhook or as MQTT messages (schema), which is useful for more complex setups with e.g., Node-RED.

https://www.home-assistant.io/

Open source home automation that puts local control and privacy first. Powered by a worldwide community of tinkerers and DIY enthusiasts.

https://www.home-assistant.io/integrations/mqtt/

MQTT (aka MQ Telemetry Transport) is a machine-to-machine or “Internet of Things” connectivity protocol on top of TCP/IP. It allows extremely lightweight publish/subscribe messaging transport.

https://github.com/DevelopmentalOctopus/ha-buttplug

Buttplug.io Integration for Home Assistant

https://intiface.com/central/

Intiface® Central is an open-source, cross-platform application that acts as a hub for intimate haptics/sensor hardware access

Some collection of hardware devices from:

https://iostindex.com/?filter0Availability=Available%2CDIY&filter1Connection=Digital&filter2ButtplugSupport=4

That’d permit for, say, having message events drive a state machine to control devices or something like that.

I’m not familiar with Arch’s updating scheme, but I’d bet that it’s pretty similar to Red Hat’s and Debian’s. If you don’t complete an update, boot it up — even if it’s in a semi-broken state — and just start the update again. Even if the thing dies right in the middle of updating something boot-critical, so that it can’t boot, you can probably just use liveboot media, mount the drives in question, start a chrooted-to-your-regular-root-partition root shell, and restart the update.

Doing that and installing or reinstalling packages is a pretty potent tool to fix a system. It’s not absolutely impossible that you can manage to hork a system up badly enough to render it still unusable in that situation — I once wiped ld.so from a system, for example, and had to grab another copy and manually put it in place to get stuff dynamically-linked stuff like the package manager working again. But that’ll deal with the great majority of problems you could create.

Sacks, the Trump administration’s AI czar and co-host of the conference, stopped Musk mid-answer. “Well, Elon, by the way, could you just publish that?” he asked. “Wikipedia is so biased, it’s a constant war.” He suggested that Musk create what he called “Grokipedia.”

This past week, as the Wikipedia controversy reignited, Musk announced xAI would, in fact, offer up Grokipedia. Soon after, the Wikipedia page for Musk’s Grok was updated. The entry included a brief comparison to an effort almost 20 years earlier to create another Wikipedia alternative called Conservapedia.

Yeah, my initial take is “Conservapedia was pretty much a disaster, and there’s a reason that people don’t use it”.

Like, go to Conservapedia’s “evolution” article.

https://www.conservapedia.com/Evolution

Like, you’re going to have to create an entire alternate reality for people who have weird views on X, Y, or Z. And making it worse, there isn’t overlap among all those groups. Like, maybe you’re a young earth creationist, and you like that evolution article. But then maybe you don’t buy into chemtrails. It looks like Conservapedia doesn’t like chemtrails. So that’s gonna piss off the chemtrail people.

There are lots of people on the right who are going to disagree with scientific consensus on something, but they don’t all have the same set of views. They might all complain that Wikipedia doesn’t fit with their views on particular point X, but that doesn’t mean that they’re going to go all happily accept the fringe views of some other group. And some views are just going to outright contradict each other. You could have a conservative Mormon, Amish, and a Catholic, but they’re going to have some seriously clashing views on religion, even if they’re all conservative. In broader society, the way we normally deal with that is to just let people make up their own mind on particular issues. But if you’re trying to create a single “alternate reality” that all of them subscribe to, then you have to get them all on one page, which is going to be a real problem.

Maybe Musk could make Grok try to assess which fringe group that someone is in and automatically provide a version of truth in Grok’s responses tailored to their preferences. But…that’s not a Grokipedia, because the latter requires a unified view.

looks

For Linux, my off-the-cuff take is that I’m not that excited about it. It means that if you can launch a Unity game and pass it command-line arguments, then you can cause it to take actions that you want. Okay, but usually the security context of someone who can do that and the game that’s running should probably be the same. If you can launch a game with specified parameters to do something bad, you can probably also just do something bad and cut the game out of the picture.

This is why you have few suid binaries on a Limux system (and should never make something large and complex, like a Unity game, suid) — because then the binary does have a different security context than the launching process.

Now, it’s possible that there are scenarios where you could make this badly exploitable. Say games have chosen to trust command-line arguments from a remote system, and that game has community servers. Like, maybe they have a lobby app that launches a Unity binary with remotely-specified command line arguments. But in that case, I think that the developer is already asking for trouble.

Most games are just not going to be sufficiently hardened to avoid problems if an attacker can pass arbitrary command lines anyway. And as the bug points out, on Linux, you can achieve something similar to this for many binaries via using LD_PRELOAD anyway — you can use that route to make fixes for closed-source Linux games. Windows has similar routes, stuff like DLL injection.

It’s possible that this is more serious on Android. I don’t know if there’s a way to pass command line parameters there, and doubt it, but part of the Android security model is that apps run in isolation, and so if that’s exploitable by any local app, that could cause that model to break down.

But on Linux — GNU/Linux — I’d think that if someone malicious can already launch games with arbitrary command line parameters on your system, you’re probably not really in much worse trouble due to this bug than you already are.

What’s the big deal with POSIX? Why are ppl constantly discussing what is and isn’t posix compliant?

The short version: it’s a least-common-denominator standard that spans multiple Unix and Unix-like systems, so if you write to it, your software can fairly-trivially run on various systems.

https://en.wikipedia.org/wiki/POSIX

Windows has some level of Microsoft-provided Posix support, which is what the post is alluding to. I am fairly confident that it doesn’t have full Posix compliance. Cygwin, a separate, non-Microsoft, open-source effort, might qualify.

kagis

Okay, apparently it does confirm to a portion of the Posix standard:

https://en.wikipedia.org/wiki/Microsoft_POSIX_subsystem

The subsystem only implements the POSIX.1 standard – also known as IEEE Std 1003.1-1990 or ISO/IEC 9945-1:1990 – primarily covering the kernel and C library programming interfaces which allowed a program written for other POSIX.1-compliant operating systems to be compiled and run under Windows NT. The Windows NT POSIX subsystem did not provide the interactive user environment parts of POSIX, originally standardized as POSIX.2. That is, Windows NT did not provide a POSIX shell nor any Unix commands out of the box, except for pax. The NT POSIX subsystem also did not provide any of the POSIX extensions that postdated the creation of Windows NT 3.1, such as those for POSIX Threads or POSIX IPC.

I would note that, to pick two examples:

ExpressVPN appears to have California-based exit nodes:

https://www.expressvpn.com/vpn-server/us-vpn/san-francisco-vpn

NordVPN appears to have California-based exit nodes:

https://nordvpn.com/servers/usa/sanfrancisco/

You can effectively choose the state law under which you want to access the Internet.

looks at Ohio meaningfully

Setting aside Trump, I have no idea why people who can apparently be mostly reasonable about, say, cars subscribe to utterly batshit insane views about diet and health and buy into all kinds of snake oil.

I’m not saying that there’s no magical thinking with cars — “my magical fuel additive” or whatever — but I have seen more utterly insane stuff regarding what someone should eat or how to treat medical conditions than in most other areas.

It’s also not new. You can go back, and find people promoting all kinds of snake oil when it comes to health. Some of my favorites are the utterly crazy stuff that came out when public awareness of radiation was new, and it was being billed as a magic cure for everything.

I get that not everyone is a doctor or a dietician. But you’d think that any time you see someone promoting something as a fix for a wide, unrelated range of conditions, that it should be enough to raise red flags for someone, layman or no.

I think that if I were Google, Meta, and Vodafone, I’d go build an app to measure a phone’s lifetime playing video and then promote that as a benchmark. Things that are the path of least resistance to measure tend to get measured more than those that are a pain to measure.

After all, enterprise clients soon realized that the output of most AI systems was too unreliable and too frequently incorrect to be counted on for jobs that demand accuracy. But creative work was another story.

I think that the current crop of systems is often good enough for a header illustration in a journal or something, but there are also a lot of things that it just can’t reasonably do well. Maintaining character cohesion across multiple images, for example, and different perspectives — try doing a graphic novel with diffusion models trained on 2D images, and it just doesn’t work. The whole system would need to have a 3D model of the world, be able to do computer vision to get from 2D images to 3D, and have a knowledge of 3D stuff rather than 2D stuff. That’s something that humans, with a much deeper understanding of the world, find far easier.

Diffusion models have their own strong points where they’re a lot better than humans, like easily mimicking a artist’s style. I expect that as people bang away on things, it’ll become increasingly-visible what the low-hanging fruit is, and what is far harder.

At least some of this is due to the fact that we have really appallingly-bad authentication methods in a lot of places.

• The guy was called via phone. Phones display Caller ID information. This cannot be trusted; there are ways to spoof it, like via VoIP systems. I suspect that the typical person out there — understandably — does not expect this to be the case.

• The fallback, at least for people who you personally know, has been to see whether you recognize someone’s voice. But we’ve got substantially-improving voice cloning these days, and now that’s getting used. And now we’ve got video cloning to worry about too.

• The guy got a spoofed email. Email was not designed to be trusted. I’m not sure how many people random people out there are aware of that. He probably was — he was complaining that Google didn’t avoid spoofing of internal email addresses, which might be a good idea, but certainly is not something that I would simply expect and rest everything else on. You can use X.509-based authentication (but that’s not normally deployed outside organizations) or PGP (which is not used much). I don’t believe that any of the institutions that communicate with me do so.

• Using something like Google’s SSO stuff to authenticate to everything might be one way to help avoid having people use the same password all over, but has its own problems, as this illustrates.

• Ditto for browser-based keychains. Kind of a target when someone does break into a computer.

• Credentials stored on personal computers — GPG keys, SSH keys, email account passwords used by email clients, etc — are also kind of obvious targets.

• Phone numbers are often used as a fallback way to validate someone’s identity. But there are attacks against that.

• Email accounts are often used as an “ultimate back door” to everything, for password resets. But often, these aren’t all that well-secured.

The fact that there isn’t a single “do this and everything is fine” simple best practice that can be handed out to Average Joe today is kind of disappointing.

There isn’t even any kind of broad agreement on how to do 2FA. Service 1 maybe uses email. Service 2 only uses SMSes. Service 3 can use SMSes or voice. Service 4 requires their Android app to be run on a phone. Service 5 uses RFC 6238 time-based one-time-passwords. Service 6 — e.g. Steam — has their own roll-their-own one-time-password system. Service 7 supports YubiKeys.

We should be better than this.

should have been a red flag for someone who literally works in an authentication role.

Maybe. But the point he was making is that the typical person out there is probably at least as vulnerable to falling prey to a scam like that, and that that’s an issue, and that sounds plausible to me. I mean, we can’t have everyone in society (a) be a security expert or (b) get scammed.

The first comment in response is probably the most important bit:

In addition: trust no inbound communications. If something is in fact urgent, it can be confirmed by reaching out, rather than accepting an inbound call, to a number publicly listed and well known as representative of the company.

LLMs have non-deterministic outputs, meaning you can’t exactly predict what they’ll say.

I mean…they can have non-deterministic outputs. There’s no requirement for that to be the case.

It might be desirable in some situations; randomness can be a tactic to help provide variety in a conversation. But it might be very undesirable in others: no matter how many times I ask “What is 1+1?”, I usually want the same answer.