rotopenguin

rotopenguin , 11 hours ago

The database is running on an IBM made in 1954. Commas literally weren't invented yet.

rotopenguin , 10 hours ago

Frosty Diarry Dessert®️

rotopenguin , 9 hours ago

I just tried installing Bazzite on a desktop, and its installer is a hot mess. The most I could get out of it was an error screen at the end, and an unbootable OS. Grub's config file was just an error message. I couldn't make heads or tails of how its ostree mess was ever supposed to boot, so I moved on to Debian.

rotopenguin , 1 day ago

Do the sysreq sometime when your system isn't hung. If it isn't enabled, welp you have to enable it harder.

Having ssh set up would be a way in when the whole graphics stack falls over (but the kernel is still alive in there). On intel there are /sys entries to dump GPU state, ATI probably has something similar. You have a reproducible bug, if you can get in and grab data while the gpu is in la-la-land, you might be able to submit a valuable bug report.

rotopenguin , 8 days ago (edited 8 days ago)

If you're RDPing from a malicious client, how do you know what you're seeing is real? How do you know that your viewer didn't show the same screen for just a little too long while the host popped up a cmd, curl, run, close, continue in the background? How do you know that closing your session isn't "forwarding it to someone else for a bit, but they'll close it when they're done"? One time you start a session, verify it with your phone, waiting waiting waiting, an error occurred try again. Did it fail, or did it go to someone else?

https://infosec.pub/pictrs/image/afc72808-7f6a-4590-9007-399a7cc651af.jpeg

rotopenguin , 9 days ago (edited 8 days ago)

There's another patient who didn't get the toe amputation, and gangrene spread to where he lost the entire leg and 80% of his kidney function. This one did not thank acupuncture for his outcome.

This one very famous case of a guy who got very lucky, and ended up alive and uncrippled and didn't have to take time off from perpetual dialysis treatments to smile for magazine covers maybe doesn't represent what generally happens to people in his situation.

rotopenguin , 10 days ago

Tim Cook reads every single LOC submitted to his OS.

rotopenguin , 13 days ago (edited 13 days ago)

I believe h.265 has particular handling for "film grain". And it has hardware decoding on just about every chip out there. And you probably already have a hardware encoder, so you can do something like QSV in a reasonable time frame.

300MB for a half-hour is a pretty reasonable bitrate, for one and a half hours it is quite dire.

rotopenguin , 11 days ago

pv. It's just cat, with a progress meter.

rotopenguin , 13 days ago

sl is the single best utility, hands down

rotopenguin , 11 days ago

Use Trixie instead of Sid. With Sid you're getting new packages right as they come out of the oven. If Sid users don't get burned too badly, the packages go into Trixie two weeks later.

rotopenguin , 14 days ago

The fix is to make it a Ctrl key.

rotopenguin , 14 days ago

Kinda wish that Valve would just make hall-effect the stock part. My left stick only lasted about a year, while the Gulikit shows no signs of stopping.

rotopenguin , 17 days ago

First, it never hurts to reboot. There could be some dumb state going on in your display server. Or kernel DRM. Or in some little bs microcontroller in the video card.

Next, read the arch wiki on hardware video acceleration. Contemplate the note(2) at the very bottom of the page and boggle at all the PPANAPAPPI acronyms bouncing around in there.

VLC has two major sides to its video settings, the (Video)output method and the (Input/Codecs)hardware-acceleration. You are on the VDPAU acceleration API, so give VAAPI a try for a bit. Remember you have to restart VLC before any change takes. VLC should be smart about choosing a good Automatic option, but it can't do much about "looks like an API's there, but it's broke".

Try mpv. Try VLC, but from Flatpak (which brings its own version of a lot of the acceleration libraries).

rotopenguin , 18 days ago

Btrfs. Just format as one big partition (besides that little EFI partition of course) and don't worry about splitting up your disk into root and home. Put home on its own subvolume so that root can be rolled back separately from it. You can have automatic snapshots, low-overhead compression, deduplication, incremental backups. Any filesystem can fsck its own metadata, but btrfs is one of the few that also cares if your data is also intact.

rotopenguin , 19 days ago

There should be exactly one game allowed to keep its "fuck your accessibility, git gud nüb" difficulty, and its name is Zadette.

rotopenguin , 21 days ago

I'm quite sure that all gigabit+ ethernet auto-negotiates. There is no shared ether, there are no dedicated tx/rx pairs anymore. It's all point-to point and constantly negotiating to make the most of every wire it's got.

rotopenguin , 21 days ago

I think that the Deck is able to connect as a device (MTP or CDC?), but there has been trouble with that so the current OS disables it.

rotopenguin , 21 days ago

And if you want to get really funky, Intel also does their JTAG over USB. They are quite secretive about it, your bios should have turned it off, but it is there.

rotopenguin , 21 days ago

Professional accreditation is such a racket lol. I've seen plenty of tax courses with "the last tax year that so-and-so was relevant was 1988, NEVERTHELESS this will be on the test." Zero effort goes into updating the material, just keep on reselling the same crap to a captive audience forever.

rotopenguin , 20 days ago (edited 20 days ago)

The reason you can't is "because Intel deliberately designed it that way". Back when USB was just a notion, PDAs were a really cool thing. There was apparently concern at Intel that someday these little things might be all that someone might own. You might connect your PDA directly to the printer, rather than syncing it to your Intel Desktop and printing from there. You might connect your PDA to the modem and collect electronic mailographs directly, instead of syncing with a PC. If you could do enough without the PC middleman, you might even skip on buying an Intel computer altogether.

So, Intel baked into the protocol anything they could think of to make peer-to-peer communications impossible in USB, make life easy for the singular PC communications master, and put a timing onus on devices that forced them to be dumbed-down state machines instead of computers in their own right.

rotopenguin , 22 days ago

I would like to install a distro on a USB stick, without it doing something stupid to my internal drive's EFI.

rotopenguin , 21 days ago (edited 12 days ago)

A dumb little stick is fine for the occasional "fix something up" or "take a snapshot of a Windows drive because dd is objectively better than anything that Windows itself could do". A live iso distro precludes me from adding a handful of other useful tools.

Late breaking edit : What I ended up doing was formatting a stick as small EFI / 5GB btrfs / rest exfat. Chattr +c the btrfs, and debootstrap in there. Put rEFInd on the efi and tell its conf file about the stick (or maybe it'll detect). Put non-free-firmware & stable-security into apt's sources.list. In a chroot shell, apt get live-task-non-free-firmware-pc gdm3 systemd-timesyncd linux-image-amd64 locales gnome-terminal. Add other tools to suit taste. Fix up the fstab, make /tmp tmpfs, make the exfat mount nofail. With btrfs compression, I can have a gnome environment inside of 2.5GB. It would be even more smol if I could figure out booting directly into Weston.

rotopenguin , 23 days ago

I can kinda see "shot an old horse or two" as being a positive thing, okay you got over the squeamishness of it and did a sick animal a mercy.

Winging a goat and gosh I gotta go get more ammo to finish this one off, well that's starting to get a little peculiar.

LIKING IT SO MUCH THAT YOU WENT OUT AND GOT A NEW PUPPY SO YOU COULD DO IT AGAIN, well hoooly fuck we are getting into something entirely else now aren't we?

rotopenguin , 24 days ago

The magic missile knows where it is at all times, because it knows where it isn't.

rotopenguin , 27 days ago

Snappy Snake features -

Everything is now a snap. Your kernel and initrd? They're snaps now (requires an updated grub with snap mounter. An /efi partition of less than 20GB is no longer supported). Apt is now a symlink to snap. Procfs and device nodes are all snaps. Instead of "perusing the legacy web2.0 internet with an html browser", the new Canonical Snapium snaps you into modern digital snap-eriences powered by the Snapchain. The Linux CLI has been replaced with Gnome's "Drag-n-snap Editor".

rotopenguin , 1 month ago

You can't "just patch it" to make snap work with another store. Instead what you've done is invented an entirely different store, which you're now going to have to maintain. It is never going to be upstreamed to Canonical. You are going to be in a perpetual tug-of-war with Canonical driving snap development towards their own needs and not your own.

rotopenguin , 1 month ago

It's not like it's terribly uncommon for some Earth species or other to go from sexual reproduction, to giving asexual reproduction another try. What invariably happens is that the daughters only sub-species does well for a few generations, and then gets completely wiped out by some disease. We're not having sex for fun, we're having it because "applying combinatorics to our genetics (particularly the immune system genes)" is the best tool we have to try to stay ahead of microbes.

https://infosec.pub/pictrs/image/60f66ac7-9093-41e7-b981-1855f6aa9e99.jpeg

rotopenguin , 1 month ago (edited 1 month ago)

Tell the drive to do a secure erase. If there are still bad blocks after that, it is absolutely garbage

Frankly you should never see bad blocks, but sometimes minor bad things happen and the drive has to tell you that this data is gone forever. If you write over those bad blocks at some point, the drive is supposed to remap them to spare blocks and carry on as if everything is okay. If it has run out of spare blocks, then the bad blocks stay forever. A secure erase might give the drive more wiggle room to re-allocate around a larger bad spot, IDK.

rotopenguin , 1 month ago

Valve was using Debian way-back-when, but the pace of getting new stuff into debian proper is too glacial for Valve. Valve is putting a lot of work into "making the linux graphics stack rather good for games", and having those improvements integrated upstream quicker means that Valve can get to work on the next set of improvements.

Valve is still using Debian as the basis for their runtime environments for games (pressure vessel). Debian's slowness is great for providing a stable ABI for the parts that come into contact with (seldom maintained) game code. There is some amount of magic that goes into gluing the stable runtimes with rapidly changing stuff like Mesa.

rotopenguin , 1 month ago

When I run virt-manager on Bookworm, all it does is tell me that "xen is not connected". There is nothing to indicate that KVM is anything that virt-manager might support, or why it currently doesn't.

The best I can do is to make a VM in gnome boxes, use "ps" to capture its command line to qemu, re-format that into something that I can put into a bash script, and edit in additional options that Boxes/libvirt absolutely refuse to support.

Most of the host integration features are better in Virtualbox. On the other hand, with qemu I don't have to look at VB filling the journal with ubsan errors (and wonder if its crappy driver is corrupting shit). If VB supported KVM, I would go right back to it.

rotopenguin , 1 month ago

Aha, thank you! That's just a weird enough concept to "attach to" a local QEMU user session (where virt-manager will be the guy spinning it off anyway) that I would never have seen it.

Every newbie article about virt-manager starts with a filled list of connections, so I was down to figuring that it's cleverly detecting a missing dependency or permission and silently eliminating list entries for me.

rotopenguin , 1 month ago

The most addictive game is "getting more games". Follow Wario64's discord, check prices at isthereanydeal, get the Epic freebies, mix and match bundles at Fanatical.

rotopenguin , 1 month ago

Oh god, the design of classic game controllers were all war crimes lol

rotopenguin , 1 month ago (edited 1 month ago)

How do you know there isn't a logic bug that spills server secrets through an uninitialized buffer? How do you know there isn't an enterprise login token signing key that accidentally works for any account in-or-out of that enterprise (hard mode: logging costs more than your org makes all year)? How do you know that your processor doesn't leak information across security contexts? How do you know that your NAS appliance doesn't have a master login?

This was a really, really close one that was averted by two things. A total fucking nerd looked way too hard into a trivial performance problem, and saw something a bit hinky. And, just as importantly, the systemd devs had no idea that anything was going on, but somebody got an itchy feeling about the size of systemd's dependencies and decided to clean it up. This completely blew up the attacker's timetable. Jia Tan had to ship too fast, with code that wasn't quite bulletproof (5.6.0 is what was detected, 5.6.1 would have gotten away with it).

https://infosec.pub/pictrs/image/4f3d0ee2-0e47-4454-9684-3afbd424f46a.png

rotopenguin , 1 month ago

In the coming weeks, you will know if this attacker recycled any techniques in other attacks. People have furiously ripped this attack apart, and are on the hunt for anything else like it out there. If Jia has other naughty projects out here and didn't make them 100% from scratch, everything is going to get burned.

rotopenguin , 1 month ago

This is a sliver of one patch, there is a bug here that disabled a build tool that breaks the attack. Can you find it?

https://infosec.pub/pictrs/image/f55ead66-fbfd-445a-8d88-c10d0d9b5309.png

rotopenguin , 1 month ago

hint

It is one singular character. Everything else is fine.

rotopenguin , 1 month ago (edited 1 month ago)

I think the best assurance is - even spies have to obey certain realities about what they do. Developing this backdoor costs money and manpower (but we don't care about the money, we can just print more lol). If you're a spy, you want to know somebody else's secrets. But what you really want, what makes those secrets really valuable, is if the other guy thinks that their secret is still a secret. You can use this tool too much, and at some point it's going to "break". It's going to get caught in the act, or somebody is going to connect enough dots to realize that their software is acting wrong, or some other spying-operational failure. Unlike any other piece of software, this espionage software wears out. If you keep on using it until it "breaks", you don't just lose the ability to steal future secrets. Anybody that you already stole secrets from gets to find out that "their secrets are no longer secret", too.

Anyways, I think that the "I know, and you don't know that I know" aspect of espionage is one of those things that makes spooks, even when they have a God Exploit, be very cautious about where they use it. So, this isn't the sort of thing that you're likely to see.

What you will see is the "commercial" world of cyberattacks, which is just an endless deluge of cryptolockers until the end of time.

rotopenguin , 1 month ago

compsize will give you an honest overview of what's going on with btrfs.

rotopenguin , 1 month ago

You can do "zfs style raid things" with btrfs, but there are way too many reports of it ending badly for my tastes. Something-something about "write hole".

rotopenguin , 1 month ago (edited 1 month ago)

There's hardlink, and then below that there's the COW/dedupe version called "reflink". Two files can point to the same chunks of data (extents), and altering one does not alter the other. Two files can point to just some of the same chunks of data, too. I don't think there is much indicator for when this is happening, besides the free space vs used space accounting looking crazy. If you "compsize" two reflinked files at once, it'll show you the difference.

rotopenguin , 1 month ago

The more EA breaks their own shitty games, the more powerful Linux becomes

rotopenguin , 1 month ago

Shaking hands with St. Peter, slipping him a crisp $20: I think everything's all set here, don't you Pete? C'mon, open up those big beautiful pearly gates.

rotopenguin , 1 month ago (edited 1 month ago)

My $0.05 reading of it is that they want to hose down the build servers* and start clean, in case if the attacker escaped the sandboxing there.

* (the computers that compile all of the new packages from source, not web servers that are handing out finished deb binaries to the public.)

rotopenguin , 1 month ago

https://infosec.pub/pictrs/image/a5cfce6f-a755-42a8-aaac-1a20f237abd2.png

rotopenguin , 1 month ago

Any app that can be sandboxed, should. Especially apps that are parsing random data from the internet.

rotopenguin , 1 month ago

I stand corrected. All programs should have access to anything, anywhere, and be linked to liblzma just in case if some arbitrary file is compressed. Thank you for setting me straight.