• 2 Posts
  • 102 Comments
Joined 10 months ago
cake
Cake day: December 27th, 2023

help-circle
  • you’re welcome.

    what i’ld suggest… a general rule that i like to always follow is to use a test system for everything new. but that does not need to be a full separate system every time.

    lets say you have your mailbox and want to try getting new mails from it using fetchmail. first you can use uidl mechanisms to only fefch every mail once and besides that leave them all on the server, but i like it a bit more secure: create a second email adress/account at your mail providers service only for testing. thus you can do whatever you like to to test the mechanisms only without even touching your real inbox (maybe even fill it up with large emails and look how the system reacts, i once had an email account with a cheap provider that deadlocked the inboxes when full…). then when everything is as you want it, switch the account and password (or create another config file for fetchmail) and your’re done. every change (not only fetchmail things) could go tested this way before going live with the changes. filtering could be done with procmail for example, but when the mda that is called by procmail somehow exits with success when the email really isn’t delivered, then the email might get lost forever depending on the settings of course. so fiddling with new stuff always carries the risk of not fiddling correctly ;-)

    have fun !


  • Its possible to tell your mta (like postfix) to use another mta for all mails, or only some domains etc, so using a third party to play the internet facing service then getting the mails by fetchmail, storing them in a dovecot server is easy. on the sending part you could use your standard email client (i.e. thunderbird on pc or k9-mail on smartphone) to send it to your postfix instance that also sits on the server hosting your dovecot service. the mta there takes the mail and delivers it by rules which could just be using the mta of your freemailer using username/password of your account for all outgoing emails. i am doing this but the “external” mail system are my servers as well, i just don’t want emails to stay too long on VMs in the datacenter where i have no access to the physical disks in case something goes wrong.

    a raspberry pi is sufficient for such a aetup (i am using a pi4 currently but for emails only i’ld say a 3 or older would do too), adding a disk via usb makes storage huge and cheap then, i use two usb ssd’s in a raid1 for storage… that server could be only accessible through vpn if you whish, depending on your skills and needs (i mainly use ssl client certificates that are supported by k9mail and thunderbird so it fits seamless to be connected through a haproxy that authenticates these before proxying the plain connection to the pi) clients like thunderbird can offline-store all emails (configure download-or-not per imap folder) making searches easy and quick while my k9 client can search locally or on the server if needed.

    maybe adjust maximum mail size of your own mta to exactly match (or slightly less) that of the freemailer you use to prevent surprises of big but later then unsent emails.

    its possible to have a nextcloud instance on that same pi that acts as an email web mailer just in case of (i really dont need it, but i’ve set this up anyway). nextcloud is also great for syncing/backup files pictures, contacts notes todo lists and calendar of your phone (where i use davx5 opentasks and foldersync for). there are other webmailers available but installing /using nextcloud is not a too bad idea either ;-)

    i suggest also setting up some automatic offsite backup with snapshots of that pi then to cover emails and the setup and its configs ;-)


  • smb@lemmy.mltoLinux@lemmy.mlA word about systemd
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 month ago

    one example of a program that did multiple things is sfdisk, it used to make the kernel reload the new partition table but that was not its main job, only changing them. the extra functionality moved to blockdev which is nearer to doing such as it also triggers flushing buffers and i think setting read/write status. i am fully ok with that change as it removes code from a program that doesn’t need it to another that already does similar things so that other partitioning programs like gdisk fdisk or parted could go the same way so that maintainers of the reread-partition-table things can concentrate on one solution at one place (in userspace) instead of opening issues at an unknown number of projects that also alter partitioning. the “do one thing” paradigma is good for developers who maintain the code and i pretty much appreciate their work. if you are up to only want one-day-flies that either die or take huge amounts of resources only for keeping them alive (image of a mayfly in an emergency room and a heart-lung machine attached while chirurgs rushing around trying to enlenghten its life a few seconds more) then you are good with monolithic tools that could hardly be maintained and suck allday as no one wants to fix any bugs or cannot without creating new ones due to the tightened dependency hell it has internally.

    the point is not a lack of examples doing wrong but where one wants to be heading towards.


  • smb@lemmy.mltoLinux@lemmy.mlA word about systemd
    link
    fedilink
    English
    arrow-up
    4
    ·
    1 month ago

    Lol what???

    wouldn’t that be the definition of stable?

    the computer on voyager 2 is running for 47 years now, they might have rebooted some parts meanwhile but overall its a long time now, and if the program is free of bugs the time that program can run only depends on the durability of the hardware, protection from cosmic rays (which were afaik the problems the voyager probes faced mostly, not bugs) which could be quite long if protected from hazardous environments and maybe using optoelectronics but the point is that a bug free software can run forever only depending on hardware durability and energy supply, in any other way no humans are needed for a veery long time ;-)


  • smb@lemmy.mltoLinux@lemmy.mlA word about systemd
    link
    fedilink
    English
    arrow-up
    7
    arrow-down
    2
    ·
    1 month ago

    However, systemd makes the system much more secure and reliable as it is

    less secure and less reliable day-by-day you meant? systemd introduces needless dependencies ever since as if that was it sole intention ever from its very beginning, which already were used for wide attacks, and exactly those attacks that the people working hard to remove unneeded dependencies for security reasons meant to prevent by things like “do one thing only” (but security was not the number 1 reason for this one i think), systemd instead: ‘lets add another level of that exponential dependency tree from the insecurity hell’ felt like they did this stupid thing intentionally every month for a decade or more.

    and stability… if you don’t monitor what systemd does, you’ll never know how bad it actually is. i’ve made custom scripts to monitor systemd’s failures (failing in doing a very primitive of its job) and there are hundreds (actually varying around 200 to 300 sometimes more) of such per day on all our systems for one particular(!) measurement only that was breaking service stability and i wrote a measure-and-fix+monitor workaround. other fixes were not monitored however, only silently fixed by workarounds, thus just unnumbered systemd bugs/instabilities in the dark that stole a lot of work capacity…

    if you run distros with systemd, unreliability is your daily experience unless you don’t really care or have never experienced stability before - like running a service (a single process) for 8 years without any interruption then it suddenly stops and you go like “was it maybe an attack? the process died, how could that be? were there any connects from outside at that moment?” not talking about not updating something that long, but “stability” itself CAN be like if you dont stop it, it’ll still run in 10000+ years maybe millions, more likely that humans extincted themselves way earlier than of a process “just dying” by a bug… while systemd even randomly stops things that were running well for no reason (varying) once a month more or less (also varying in what it actually randomly stops, sometimes (2 times) it even stopped ssh on my servers, me asking myself if i should create yet another workaround for systemds buggyness to not locking me out again from network or ratjer go for the real solution for most* of all systemd problems - *see below) on the few standard installs i personally have as i didn’t have the way to automatically replace provider installed distro on VMs in the DC. i want this replacing automatically for the same reason why i don’t like systemd, it causes manual work for a thing that should go automated. however due to systemd’s perpetuated instability i now managed to have this way, and every second working on getting rid of systemd is worth it 100k times. this however does not solve all systemd-introduced problems as the xz attack showed (a systemd-dependency on xz made the infected xz library beeing useful-for-the-atracker during compiletime of sshd binary with which then the attacker could infect the newly built sshd binary),one could still be attacked through systemd’s dependency hell even if one does not use systemd by oneself, but the build machines used for your distro could be affected/infected by systemd’s needless dependencies when “also” compiling for systemd-affected distributions thus there is the risk of becoming a victim of needless-systemd-dependencies while not using systemd at all. however the attack through systemd dependency (and that the public solution was not the removal of needless dependencies only included as source for superflous third party “needs”) made clear that systemd is an overall problem for security that will not be solved quickly but stay just like all windows insecurities will stay as long as they whish to push them to their “users”.

    systemd reducing overall security and its unreliability combined with some builtin impediments (i.e. when debugging its defects) is what drove me away from systemd. there are solutions way more stable and way more secure (and way better documented btw) that do not call in for needless dependencies, reducing risks, attack vectors and increases overall debuggability i.e. by deterministic behaviour as an easy example. and none of its important (to me) promises have been fulfilled yet by systemd, drop-in-replacement? have heared that lie thousands of times, but in the last decade i have not experienced it a single time in a distro and it does not seem to be included/finished any more.

    for windows users or windows admins a linux with systemd on it IS an improvement in stability, security and of course for updating, yes. but all of that does not come from systemd, rather the opposite is the case, systemd reduces it month by month, thats my experience and thats the most important experience for me, idc what lies whitdepapers tell or what broken promises are believed by anyone or the masses, i want secure and stable servers and services and systemd does not fit in for any of these goals and the time it was still “young” and early problems could be accepted in the hope they get fixed soon are gone, but without those fixes having ever appeared.


  • maybe try to find a linux user group near where you live. if there is one, usually you get help there, but its usually kinda different sort of help, you don’t get “the solution” to get your personal whishes come true ready prepared in bite-sized piezes for easy consumption but just the help by advices or suggestions that those there can give you or directly would try out.

    open source is about sharing knowledge and todays mainstream OS distributions are way more complicated than long ago so the learning curve to adjust things in ways the distribution didn’t prepare (which is often a lot) might be high but always worth a try at least for the learning.

    for a lightweight desktop environment that is somehow similar to the old windows98, i’ld say give XFCE a try. i think on debian/ubuntu trying out could be as easy as installing the xfce (or xfce4?) package (or maybe an xfce4-desktop-environment paclage) i don’t remember the exact package name but there is one meta package that depends on all needed stuff, i did it like 4 years ago… when installed you could try it by logging in and (your distro should have a login manager that allows this, or you’ld have to change that too) choosing xfce as desktop environment at login time, thus if you don’t like it, logout again and login with the other again.

    i am using xfce because it is clean, lightweight, it does its job, does not invent new unneeded features every few month (like it felt when i used kde long ago) and is adjustable enough for me. i removed the lower task bar and put the open windows components into the bar above adjustedbthat a bit, thats basically what i changed and i think it is quite similar to what win98 was (but thats not the reason for me to have it that way)

    also, it is possible to change the window manager (that handles how windows are placed), the desktop manager (like task bar, application menu, maybe widges, logout buttons) and of course also one could change x.org to wayland and back without changing the other components. the login window could come from gnome project but after login one could use a complete different projects toolset.

    “can” does not mean that every distro makes that an easy task. also mixing things will likely end in a fuller disk for lots of “needed” components that are maybe mostly unused. (i think i once used gnome but installed kde only for their printing dialog *lol)

    when using the big distributions it is likely that no 3rd party downloads are needed to try other window managers or desktop environments, maybe search for such keywords in aptitude , apt search, or such. but new fancy stuff also often first comes from unknown 3rd party websites (or git*.com which is the same security risk as 3rd party websites) before it gets into main repositories after years (or maybe even never)

    Closest thing I found was TwisterOS. […] and the fan in my case stops working. Aye-yi-yi!

    maybe “TwisterOS” tries to invent air movement by software? it might be a random unrelated incident and the fan is simply broken, it might also be that it enabled some fan control and the fan would start if you only heat up the system enough which might not happen with a lightweight distro and the maybe not cpu consuming programs you use (?). “stress” is a program that could artificially create such cpu consumption for testing (but with a broken fan it might be not a good idea to actively and unnecesarily heat up the cpu, but also cpus usually have failsafe shutdown mechanisms so they dont overheat but that might be like a sudden power down so maybe expect unsaved work to just vanish) another test could be to just give the fan another power source and see what happens, and put abother fan that works in place to see if that changes something




  • smb@lemmy.mltoMemes@lemmy.mlDear iPhone users:
    link
    fedilink
    English
    arrow-up
    1
    arrow-down
    1
    ·
    2 months ago

    the OS was not the comparison, but the hardware it runs on (just as @Freefall said) but also you seem to be wrong with your other assumption:

    And both those devices are tied to a specific OS.

    Which seems not to be the case as install instructions for another OS can be found here (i didn’t try it though) for the mentioned device:

    https://wiki.lineageos.org/devices/pdx215/

    lineage os still is an “android”, but another vendor with clearly different approach than the original firmware and what hinders you from writing bsd drivers and compiling a bsd kernel for it instead? So i count the Xperia 1 III as NOT bound to any OS or OS vendor.

    But despite the way longer possible support/security, freedom of choice and endless other possibilities that often come along with free OS choice, this pure and great advantages weren’t even mentioned there, thus it wasnt an OS comparison as it also wasn’t a bound-to-an-OS vs. absentness of vendor-lock-in-limitation-jungle comparison.



  • First contact was on the here-named eta-carinae system, we did a holiday tour there long ago and heared about earth from a scientist that rescued a human instead of just studying and thus could not leave him there with his memories about him. the human was talking about star trek, its similarities and real differences all the time. he already spoke fluently in standard Sjesh/sound w/o any interfaces so we listened directly to his true mind. he even had a very worn out tng tshirt in his personal memory items box. i mean he really had used his memory items before! that made us curious and the rest is history. However he is now back here, as we managed to arrange his behavioral training to hide his experiences well, he passed all the tests and got his transport back, but with his biologic cells clock reset to his 20th to compensate the decades he lost out there a little bit. it is possible he could become an ambassador for earth one day, but it looks unlikely that he would want that given the circumstances here, a task he always compares with the mytholigical boulder of Sisyphus (that really never existed physically) whenever he is asked about his opportunity.

    just kidding, first contact with TNG was in school, other kids talked about the first episode. i could not watch it at home and also had other problems to fix at that time so i missed a lot of the start of it :-/

    however i am trying to train myself for writing in general as i have ideas for a longer story (but not within the trek universe) and as the above text came to my mind i just wrote it and hope you don’t find it too misplaced here or badly written… however any feedback is welcome.


  • Wait… So LOTR is just a long winded remake of Smokey and the Bandit and Pippin is the Bandit.j

    honestly i have no idea who a smoky should be, however i liked the movie “Bandits” back then, but i guess its likely not what you meant.

    no pippin is rather just a fool who is directly driven by his curiosity and foolish but never foul ideas but that had an impact by the same luck that seems to follow pippin wherever he goes, thus he is rather the old character of the fool from tarot cards people have long forgotten (which is the only card of todays -poker,skat,etc- cardgames that somehow kept its original meaning from tarot cards: the joker who could be placed to replace every other card like the fool -high arkana- who could do anything and would just walk forwards without fearing consequences or looking back which is much of what pippin is like)



  • What’s the alternative to ads, though? Not everyone wants to (or can afford to) pay for every site they use.

    its not about paying for the site a user uses, its about paying those who run the site (and less to pay for someone only “managing” the site by doing actually nothing)

    maybe these could be alternatives:

    • patreon
    • flattr
    • micropayment in general
    • donations (somafm runs on donations)
    • link to shopping platforms (musicians on somafm mostly have links to the songs on amazon that you see while playing the song for free)
    • communities, like FSF, local groups
    • some small payed supporter part (like lwn.net) while the important stuff that makes the win-win of the site is free to use
    • maybe the list from this page can help too: https://kinsta.com/de/blog/patreon-alternativen/ Kickstarter Indiegogo Podia Sellfy Buy Me a Coffee Memberful Hypage Ko-fi Substack Kajabi Gumroad WooCommerce Mighty Networks MemberPress Uscreen

    maybe even a combination of multiple of those *whoa!!! mindblow!!! could be a good choice to allow usersvto choose how to contribute.

    so really only choosing to offer exactly one option that also puts all users at a real risk of real attacks where they can get ripped off of all or lots of their real money and data for the sake if earning 0.003 ¢ per each putting them at high risk is not really what should be done, or do you personally profit from their users high risk and are thus completely okay with it? hope not.

    if you have to earn money with your project or whatever, why not offer several options to choose from? why only one? and while we’re at it, offering an ad-free “membership” for 400 times the price of what they would earn by the same visitor with ads like they try here sometimes, does not make any platform look good, but the opposite.

    there are many platforms that i would pay for monthly and i would spend much more money alltogether than now on that if their price would not be artificially pushed into astronomically heights per service…

    there is one project where i do donate each month a little bit via recurring bank transfer since years. my transfer says the name of the project and “donation” thats pretty easy to setup for both sides, but too complicated for those who pay designers money so they can place the ad layers on top of the 400 other layers of spypixels and navigation controls… really ? lol*

    if those you are talking about cannot afford to have a bank account for some reason, i guess they also cannot receive the revenue of ads on their webpages ;+)

    saying there are no alternatives to ads is rather a candidate for the lamest excuse award ;-)



  • its not just ads and malware, and its not only about beeing sorry for them. ads are also manipulating how people think. not only the obvious things like “that product is good”, but also that products in general would help (with problems you didn’t have). and the format itself of ads (even without considering its contents) already has a changing effects on the minds of those who watch it. i am thinking of some parts of neil postmans thoughts about television back then and i guess there is plenty of possibilities to make a realistic conspiracy theory out of it why exactly the most poisonous parts of television are replicated to the internet with massive force even though everyone ignores ads in the net. i like theories

    unfortunately, feeling sorry for them does not help society to stability. 😥



  • smb@lemmy.mltolinuxmemes@lemmy.worldCorrect usage of a hand-me-down MacBoo
    link
    fedilink
    arrow-up
    3
    arrow-down
    3
    ·
    edit-2
    3 months ago

    well there is plenty of what is possible to try. but unless one had looked at the real cause i’ld suspect one of apples hardware backdoors to cause the crashes like if the backdoor doesn’t work, crash the kernel, so we never loose control over the sheeapple thing. or more realistic if you want:

    First maybe just crappy hardware:

    There is a reason why i suspect apple’s hardware, cause my shitty macbook at work should(!) go to something like hibernate, sleep, or its spyveillance-only mode when closing the lid, and it should also lock the screen when doing so, the actual results seem pure randomly choosen, sometimes the sleep mode survives the weekend with lots of accu left, sometimes its completely depleted and i even have to charge it for a while before it has enough power to show the charging logo. for security reasons i have to manually lock my screen, verify it and then close the lid, which is pure annoy. this could just be buggy hardware, a sensor so broken that reading its inputs directly could crash any OS that assumes i.e. no division by zero, pointers to nonexisting ram or whatever, and maybe apple just knows what faulty measurements mean what (but cannot make that stable too, only no crash occurs)

    secondly with a hardware backdoor:

    https://www.kaspersky.com/about/press-releases/2023_kaspersky-discloses-iphone-hardware-feature-vital-in-operation-triangulation-case

    “The discovered vulnerability is a hardware feature, possibly based on the principle of “security through obscurity,” and may have been intended for testing or debugging. Following the initial 0-click iMessage attack and subsequent privilege escalation, the attackers leveraged this hardware feature to bypass hardware-based security protections and manipulate the contents of protected memory regions.”

    which is that (some/all?) iphones have at least one memory page where one only has to accidently or intentionally write something into it, that could trigger the backdoor feature to let you choose which memory address to overwrite with what bytes, bypassing every(!) security mechanism in hardware AND of course those made of software too. that is how i understood documentation and presentations about it. now apple said they “fixed” it in software, from what i remember that fix was just a “os preventing apps from writing to that memory backdoor page” thus not a fix but only a mitigation, while “fix” is more a lie than only misleading words to just pretend it wasn’t permanent and unfixable. let us assume that linux does not include hardware backdoor mitigations for apple devices AND that apple placed the very same backdoor memory page into macbooks as well but maybe at (an)other physical address(es). now the code that runs on closing the lid “might” just reside at or write to the very same memory page on every boot for a given exact same kernel, which might be a memory page that acts the same or similar like that iphone hardware backdoor, overwriting some other memory page depending on what is actually written to the backdoor page which immediately crashes the kernel. if that’s whats happening there, t2linux is not broken, but macbooks are just insecure costly (loss of money, time, security, trust, work performance, patents, stability, a.s.o. …) waste.

    how to find out? (maybe)

    • get the kernel code.
    • deactivate every driver not needed to boot and run the lidclose stuff like i.e. the sensor, compile the kernel anew and try booting from it.

    changin the kernel a lot by removing everything(!) not needed should in theory/hopefully also change the pages that would be affected when closing the lid. same effect: likely no backdoor. no effect: maybe something you deactivated, maybe yet another backdoor discovery.

    it might also be solveable by sth like acpi settings or such, probably switchable from kernel boot cmdline , maybe change settings for hibernate / suspend to ram (does apple hardware even support such? i mean without the buggy behaviour i experience?)l


  • but you did notice that compilers can be manipulated to include backdoors into resulting binaries AND put the same manipulation into newly compiled compilers as well, right? then where did you get that compiler from? did you have a look at the binary output? then if so, did you look at it using the hexeditor of that same compiler? 😎 plz have a look … 💥 bzzzt … really you are lucky to be alive after a blast like that, especially you, have yourself checked out with ems before you leave!


  • you should definitely know what type of authentication you use (my opinion) !! the agent can hold the key forever, so if you are just not asked again when connecting once more, thats what the agent is for. however its only in ram, so stopping the process or rebooting ends that of course. if you didn’t reboot meanwhile maybe try unload all keys from it (ssh-add -D, ssh-add -L) and see what the next login is like.

    btw: i use ControlMaster /ControlPath (with timeouts) to even reduce the number of passwordless logins and speed things up when running scripts or things like ansible, monitoring via ssh etc. then everything goes through the already open channel and no authentication is needed for the second thing any more, it gets really fast then.