mlfh

Of course the secondary opt-in user repo with unvetted package maintainers is infected with malware, it’d be a miracle if it weren’t! They warn as much in the docs. Use at your own risk, or package and maintain it yourself, because you’re likely not finding it packaged more reliably elsewhere.

And I love Debian, but if you think the Debian repos with 30,000+ packages and 1000+ community maintainers aren’t also infected with malware…

The demo video is the most ridiculous thing I’ve ever seen, I love it

Been a rough few weeks to be a linux sysadmin, I tell ya

Looks like both of your vms probably have the same mac address - the 172 ip address is likely a self-assigned fallback when the dhcp server replies to the second vm that it can’t give it an address. Double-check and make sure the mac address in each vm’s proxmox network adapter settings match your pfsense dhcp reservations, and let me know if that resolves it.

Private until apple gets a subpoena from a prosecutor in some medieval christo-fascist red state trying to turn a miscarriage into a murder charge.

The grub command line options at the beginning of this article might help get your system booted without the memory deadlock, and then you can make further adjustments as needed: https://tierhive.com/blog/tierhive-howto/debian-13-minimal-guide-reduce-ram-to-38mb-and-disk-to-275mb

Alpine is great for exactly this kind of thing, though, and I use it often in embedded environments where resources are at a premium. Just do some good reading up on it beforehand, since can be very different if you’re used to debian and systemd.

The ongoing maintenance for this would be a bit of a pain, since you’d need to recompile every update on a separate machine with enough memory to do so, package it up into a .deb, and distribute and install it everywhere.

I do this on a little raspberry pi cluster and it works, but it’s work.

Too true. And good on you.

I mean, it’s basically an optional gecos field. That feels a bit like writing off *nix as a whole because /etc/passwd has a place to put your phone number.

Government thugs interrogating me in a Project 2027 concentration camp cell: “we know you gave someone named ‘homeassistant’, born on 1970-01-01, access to your server, now tell use where they are!”

According to a study published in 2018, not only the Sunland Baobab, but “the majority of the oldest and largest African baobabs [have died] over the past 12 years”.

Trees that have survived for over a thousand years, all dying together within the span of 12.

Unless there’s more information on what kind of files and what kind or sorting needs to be done, this sounds like something that could be done with a simple shell script.

(I wouldn’t trust an ai agent to do it with accuracy, but I’m the kind of luddite that doesn’t trust an ai agent at all.)

Where Should We Begin? is a podcast by the psychotherapist Esther Perel, where each episode is a full couple’s therapy session with an anonymous couple. It’s nice, and sounds like a match for your question.

From the grapheneos faq section on device support, which details the kinds of hardware and firmware security features required and present on pixels (but may be missing on other devices):

Hardware, firmware and software specific to devices like drivers play a huge role in the overall security of a device. The goal of the project is not to slightly improve some aspects of insecure devices and supporting a broad set of devices would be directly counter to the values of the project. A lot of the low-level work also ends up being fairly tied to the hardware.
Non-exhaustive list of requirements for future devices, which are standards met or exceeded by current Pixel devices:

• Support for using alternate operating systems including full hardware security functionality
• Complete monthly Android Security Bulletin patches without any regular delays longer than a week for device support code (firmware, drivers and HALs)
• At least 5 years of updates from launch for device support code with phones (Pixels now have 7) and 7 years with tablets
• Device support code updated to new monthly, quarterly and yearly releases of AOSP within several months to provide new security improvements (Pixels receive these in the month they’re released)
• Linux 6.1, 6.6 or 6.12 Generic Kernel Image (GKI) support
• Hardware accelerated virtualization usable by GrapheneOS (ideally pKVM to match Pixels but another usable implementation may be acceptable)
• Hardware memory tagging (ARM MTE or equivalent)
• Hardware-based coarse grained Control Flow Integrity (CFI) for baseline coverage where type-based CFI isn’t used or can’t be deployed (BTI/PAC, CET IBT or equivalent)
• PXN, SMEP or equivalent
• PAN, SMAP or equivalent
• Isolated radios (cellular, Wi-Fi, Bluetooth, NFC, etc.), GPU, SSD, media encode and decode, image processor and other components
• Support for A/B updates of both the firmware and OS images with automatic rollback if the initial boot fails one or more times
• Verified boot with rollback protection for firmware
• Verified boot with rollback protection for the OS (Android Verified Boot)
• Verified boot key fingerprint for yellow boot state displayed with a secure hash (non-truncated SHA-256 or better)
• StrongBox keystore provided by secure element
• Hardware key attestation support for the StrongBox keystore
• Attest key support for hardware key attestation to provide pinning support
• Weaver disk encryption key derivation throttling provided by secure element
• Insider attack resistance for updates to the secure element (Owner user authentication required before updates are accepted)
• Inline disk encryption acceleration with wrapped key support
• 64-bit-only device support code
• Wi-Fi anonymity support including MAC address randomization, probe sequence number randomization and no other leaked identifiers
• Support for disabling USB data and also USB as a whole at a hardware level in the USB controller
• Reset attack mitigation for firmware-based boot modes such as fastboot mode zeroing memory left over from the OS and delaying opening up attack surface such as USB functionality until that’s completed
• Debugging features such as JTAG or serial debugging must be inaccessible while the device is locked

A fun offshoot down this rabbit hole: https://en.wikipedia.org/wiki/Embarrassingly_parallel

Hahaha no I’m just an idiot and accidentally swapped the url and text, thanks for catching that - fixed now

modprobed-db can create a profile of the kernel modules that get loaded by your system over time. You can feed that directly into make localmodconfig to build a kernel that only includes those modules, or use the data to build a modprobe whitelist.

Sabrina Carpenter 💅

It might yet come back, the page has a banner saying they ran out of storage and the community has donated a bit to add more.

I spun up my own server in the meantime though, and even if sdf does come back, I’ll probably stick to using this one as my primary.