DarthYoshiBoy

My kids have child phones on Google Fi which allows me to shut down their Internet with a couple of button presses. Are they simple devices if I geofence their internet access off while they’re in school? I somehow doubt it, but it does meet the definition as you’ve stated it, which in turn means it is as @originalucifer said, not exactly cut and dry.

Attributes only apply to the directory’s own allocation table and child directories have their own tables.

Thanks. It has been a while, but I was fairly certain that this was the case, glad to have the confirmation. 👍

If you’d like to look into it further. the +i flag in chattr is setting an attribute making the file (everything in Linux is a file, so yes this even means directories) immutable. When a file is immutable, it isn’t possible to change the ownership, group, name, or permissions of the file, nor will you be able to write, append, or truncate the file.

It’s been a while since I’ve used it, but I don’t believe it’s possible to have an immutable directory where you can still modify the contents therein, but I may be misremembering that. It would seem unlikely since adding content to the directory should require that you modify the links for the directory, which shouldn’t be allowable with an immutable object?

It’s possible that the +a chattr attribute may achieve what you’d prefer. I believe that flag will make it so that files (and again, everything in Linux is a file) can be created and modified, but never deleted. I’ve actually never used this one, but I can foresee how this still may not be ideal for your wishes since updates to games may expect to be able to delete old content which would be thwarted here. 🤷

You or I might, but companies have a constant flow of new middle management who want to make their KPIs this quarter and will shove their own mother in front of an oncoming train to get there. Corporations don’t learn, doubly true for corporations like Apple who have basically captured an audience within their walled garden, the motivation is always all the money now, not some money consistently forever.

Even when you have a company like Samsung with their exploding battery fiasco. Sure they have protections now in place against designing a new product with bad batteries, but give it some time and they’ll do it again when a middle manager (who wasn’t there the first time) ignores the recommendations of their engineers and the company guidelines so they can save $0.001/phone by using a slightly inferior battery design and net that neat bonus for keeping costs down. It will always happen.

I mean, it’s worked for exceptionally well for C. Montgomery Burns, so why not this other cartoon miscreant?

Not for all the money in the world could you convince me to touch him, let alone what you propose.

I’m now deeply curious if it works for your use case. Hit me back if you give it a go and let me know if it works out or not.

If gaming with Nvidia hardware is your primary concern, then maybe Bazzite would suit you. It’s based on Immutable Fedora, with tweaks to give it a SteamOS like experience. It offers Gnome or KDE for the desktop, and supposedly has everything dialed in for gaming. I’ve heard a bunch about it doing great with Nvidia cards and gaming in general, I suspect that you’d be able to do everything else you might need via the desktop it provides, but I have no knowledge of how it handles multiple monitors so maybe therein lies the fatal flaw.

If you use a fancy official VPN client from Mullvad, PIA, etc, you won’t need this since most clients already have a kill switch built in (also called Lockdown Mode in Mullvad).

According to the researchers…

The result of this is the user transmits packets that are never encrypted by a VPN, and an attacker can snoop their traffic. We are using the term decloaking to refer to this effect. Importantly, the VPN control channel is maintained so features such as kill switches are never tripped, and users continue to show as connected to a VPN in all the cases we’ve observed.

Killswitches are insufficient protection since the TunnelVision attack never disables the VPN tunnel. The TunnelVision attackers are instructing your physical layer connection to route everything through a node of their choosing rather than killing your VPN connection, and since the VPN connection never drops, a killswitch will never engage. The VPN stays up, thinking it is doing a good job, but in the meantime your network interface has been instructed to route no traffic through the VPN and instead route everything to the location of the attacker’s choosing. I have heard that a couple of VPNs think their clients are not vulnerable here, but I haven’t seen independent conclusive proof one way or the other yet.

I suspect that your “Solution” also fails to mitigate the issues in TunnelVision because it allows LAN access to the physical interface. In a TunnelVision attack the hostile has to be on your LAN (or rather the same LAN you are on since I suspect that “The coffee shop wi-fi” is the more likely network for an attack like this) already, so if they’re going to tell your interface to route traffic somewhere else, in all likelihood that somewhere else will already be in the same LAN you are and their exfiltration will be allowed under your configuration.

Bluetooth headphones are not modernity, they should of course be an option, but increasingly they are the only game in town. Wired is still king for loads of things, not the least of which is reliability.

You wanna know how many times my wired Sennheiser’s have been unable to put music in my ear holes? Never. They always work. Care to guess how many wireless headphones have been able to provide sound every time I’ve wanted it without delay or failure? None. I’ve owned more than 2 dozen wireless this, that, and the other, headphones & earbuds, and none of them have been even a shadow of the reliability offered by my old wired headphones. Which is to say nothing of the fact that the wired experience usually sounds better (Still don’t think you can get any comfortable phat 600ohm monster cans that don’t have a wire) and has no issues with making sound when you’re in a space that is saturating the 2.4Ghz band (my Costco is usually so full of idiots on Bluetooth that you can’t get a reliable experience for anything from any wireless audio device.)

You seem to think it’s “backwards rhetoric” to want a feature that will never be offered in a wireless setup, and that’s just fucked man. There are a wealth of reasons why wireless does not fully replace wired. It’s why anything that doesn’t have to move generally gets a fixed connection, it’s just more reliable and often more efficient. That’s not backwards, it’s just a priority that you don’t value above others. If landlines or floppy disks offered any advantages over anything else they’d still be around today (and arguably they are in some limited niches,) but the replacements for those technologies have had no downsides against their replacements while wireless tech still has some significant downsides (again, maybe you don’t weight the pros and cons the same, so this may not apply to you) against the technology they are meant to replace, and will likely never see 100% capture of their role as a result.

TL;DR: Stop trying to frame this as some sort of crusade against the future, there are legit cases where wired is just better than wireless.

I’ve dabbled with Linux on Mac hardware a couple of times and I’ve got to say that Linux DEs generally hew closer to Windows conventions than Mac ones and I found using the Mac keyboard with Linux to be a dreadful experience without the fact that the chiclet keyboards are the worst shit I’ve ever put my fingers on.

I very quickly snagged a standard mechanical qwerty 104 key with brown switches and cursed every moment that I had to use that abominable keyboard built into the stupid MacBook. Apple seems determined to do things different for the sake of different as much as they possibly can and trying to adapt all their nonsense to the Win/Lin way of doing things made my life worse in numerous ways (most DEs have great remapping for keys and such, but it gets messy fast if you’ve got apps from different paradigms.)

I’d very much recommend against going out of your way to get a Mac keyboard for using Linux unless you enjoy fighting against things. But hey, if that’s your kink, then a Mac keyboard with Linux would be my recommended way to go.

I’m on the other side, why use either?

Microblogging is a great format for following creators. I don’t need your life story to know that you’ve got a new album, a new software release, a new security vulnerability, a new video, a new tour, or a new comic. The shortform communication forced by Mastodon or Bluesky is perfect for that. It gives enough room to share those quick updates, and that’s about it. Replies are also kept succinct which makes parsing those for relevant context or side info similarly simple.

I originally got into Twitter because it was the update channel for when new Cyanogenmod releases dropped and I stuck around because following the right security professionals made it so that I could learn about a new CVE within seconds of its filing rather than having to wait for a news site I visit to catch wind of it and write something up. Which in turn made my job easier because I knew what systems we’d need to be patching well before that info bubbled up to my bosses so I could already have a head start on the work before the ask reached me officially.

These days, microblogging (at least with a straight chronological follow feed) more or less achieves what RSS used to back before everyone suddenly decided about a decade back that it wasn’t worth maintaining an RSS feed without Google running Reader or some crap. By way of example, ~20 years ago I had 13 comics that I followed via my RSS reader, today only 5 of those creators still have RSS feeds and a couple of those seem like they’re on life support for how they seem to infrequently pause updates for a few days at a time. All of the RSS feeds that are gone have moved to microblogging of some sort for updates, and I’d rather they use something open than the likes of Twitter (which I left at the first whiff that Musk was buying the place) or Instagram (which I have never used because it’s Facebook and I don’t do Facebook.)

Let’s not even get started on how stupid people sound when they talk about skeets and toots.

Yeah, I’ll agree there. I call them posts wherever they reside. It’s what they’ve always been, it’s what they’ll always be.

For everyone wondering why anyone would use Bluesky when Mastodon and/or the Fediverse is around.

I have to ask why not use both? All the tech people I followed on Twitter went to Mastodon almost immediately when Musk bought the site, while most of my personal friends on Twitter were not willing to leave because they thought Mastodon was too techy and Bluesky couldn’t replicate the network of people they valued from Twitter. That said, slowly over time as the invites came rolling in for Bluesky, my personal friend circle has been willing to move to Bluesky while they still wont touch Mastodon and honestly it hasn’t harmed me in the least to use both. It’s actually sorta nice to have the tech stuff in a separate bucket from my personal connections.

I’m not super hopeful that the AT protocol ever expands beyond the single site it is now, but I will be fully happy to launch my own instance and keep my personal contacts if that day ever comes, and if it doesn’t, I’ve still got Mastodon to fall back to where I’m pretty happily established but for the lack of the people I know IRL.

I genuinely hope that you’re kidding. If you’re not. No. Just no.

A process running as root does not need a prompt or any user interaction to do whatever the hell it wants on most (nearing ALL, but I’d be wary of absolutes with Linux) systems. I’m unaware of any means that a Desktop Environment could restrict a process running with root permissions by requiring an interactive prompt of some sort for anything. If your DE is running as root, all of its children are also running as root (unless you’ve rigged things up to run explicitly as other users) which means just about anything you are doing could be running rampant malicious actors on your system and nothing would seem amiss until it made itself evident.

Now, it does seem unlikely that anyone has written any malicious code that would run in a browser expecting to be root on a Linux system, so that’s likely the saving grace here, but that’s only security through obscurity and that’s not much to hang your hopes on for any system you care about.

Funny story time, intentionally vague to shield identities:

I have a friend who was hired to teach a course at a local University for their new CS degree that had a focus on video games some while ago. He was a bit of an expert in a particular portion of the material that they needed, and when they started putting out feelers to find someone to teach the subject matter, everyone locally in the industry gave him the highest praise and said he was the man for the job. The University met with him and eventually selected him to teach, which he did for 3 semesters. After 3 semesters, they dropped him because he didn’t himself have a college degree in what he was teaching (which was something he made very clear in the hiring process.)

He went into making games straight out of high school, he was basically there at the ground floor, self taught, acknowledged by everyone in the industry locally as a foremost expert in the field where they had him teaching, and they couldn’t keep him because they couldn’t have him teach when he didn’t have a degree in the field. Without his having a degree their program couldn’t be accredited. So… They wanted him to have a degree in a subject he was an originator of and without that degree they had to drop him.

He makes financial software now because the games industry was/is brutal and he wanted to see his family now and then. I’ve always found it hilarious that a University had to let him go because otherwise the snake wasn’t eating its own tail and the ouroboros apparently can’t have that.

As always, there is an XKCD for this.

https://xkcd.com/538/

Aside the whole issue that a single component in a system exfiltrating data without cooperation from many of the other components in the system is just patently absurd, the honest truth is that anyone who wants to break your security isn’t going to go to the extreme length of making certain your screen is replaced with a covert unit that can somehow inform them of anything you’re doing when for most cases a pair of binoculars will get the same job done for much cheaper and is at least half as convoluted, a hit to the head with a $5 wrench gets your fingerprint much more easily than a replacement fingerprint scanner does, and most compromises of a user would be far more effectively done in software rather than hardware. Software which constantly has new bugs to exploit while getting a crooked piece of hardware navigated into place is just an absurdly unlikely occurrence that would require a massive coverup the size of which is out of the reach of most entities in existence.

I’m in the middle of a fairly populated US suburb, and Apple maps still sends anyone trying to find my house 3 blocks away, so I’m going to say that it’s not “finally good.”

As soon as I get those people to use Google Maps, they’re on their way without issues. I can see why Apple Maps might make the mistake that they do, but the fact is that Google Maps doesn’t and hasn’t ever in the last 15 years. I recently had a bunch of contractors around for quotes on some renovations and the iOS users ended up lost every time while the Android users never had a problem.