redd1ch@reddit
That's the neat part: Provide a schema, and you got proper autocompletion, syntax and validity checks from editors (e.g. Notepad++) or IDEs.
redd1ch
YAML? That's Norway problem
Posted by fagnerbrack@reddit | programming | View on Reddit | 176 comments
YAML? That's Norway problem
Posted by fagnerbrack@reddit | programming | View on Reddit | 176 comments
redd1ch@reddit
>Security wise they have the same problems.
YAML has code execution by default. In XML you need to exploit the parser.
YAML? That's Norway problem
Posted by fagnerbrack@reddit | programming | View on Reddit | 176 comments
redd1ch@reddit
YAML: Hold my beer. You want remote code execution in your config files, by default? Let's do this!
Will the sudden flood of AI-discovered security fixes overwhelm distros like Debian that backport security fixes to old software versions?
Posted by we_are_mammals@reddit | linux | View on Reddit | 163 comments
redd1ch@reddit
If you want secure software, don't use backports. There were instances where the backport reintroduced the vulnerability.
With the release of 26.04, a reminder of what Ubuntu used to stand for.
Posted by blankman2g@reddit | linux | View on Reddit | 161 comments
redd1ch@reddit
Same.
I do ike the irony of posting it on a proprietary back end (reddit) though.
Anyone read this 49 day SSL expiration thing and think they would rather just retire?
Posted by HJForsythe@reddit | sysadmin | View on Reddit | 1069 comments
redd1ch@reddit
This. To get certs for some legacy IMAP or xmpp servers not passed through our reverse proxy and the containerized stack (Traefik), I have set up "fake" containers to trigger Traefik to fetch certificates, and some cronjobs to extract the certs from the Traefik container and deploy them into the legacy systems. Not pretty, but works until they are outdated.
Why still 80 columns?
Posted by agbell@reddit | programming | View on Reddit | 17 comments
redd1ch@reddit
Which in turn leads to the question: Why does Github restrict the width to a ridiculously small collumn, even on widescreen monitors?
GNOME 50 removes the X11 backend ... are we finally at the end of the Xorg era?
Posted by the_nazar@reddit | linux | View on Reddit | 848 comments
redd1ch@reddit
Thank you for further explaining my point.
Let's introduced that for the Kernel as well. Oops, you wanted drivers for AMD graphics cards for Arch? The Kernel now only defines a portal for it, Arch could adapt the implementation from Fedora if they need it. Or the rivaling of Debian, they even support dual screens! They can't run on batteries, however. Its up to you to choose. If you dislike it, just complain at your distro, they are responsible to implement all the Kernel portals on their own. Its not the Kernels fault they don't reimplement everything.
GNOME 50 removes the X11 backend ... are we finally at the end of the Xorg era?
Posted by the_nazar@reddit | linux | View on Reddit | 848 comments
redd1ch@reddit
More like "Wayland forces every DE to implement each and every thing on their own, while X had a (bad) workaround that work for every DE".
I never really liked any img/iso writer utilities on Linux, so I finally made my own...
Posted by L0stG33k@reddit | linux | View on Reddit | 166 comments
redd1ch@reddit
Wait, you guys don't use `cat` to write your iso to usb sticks?
What distro do you use and why?
Posted by ReferenceNatural87@reddit | linux | View on Reddit | 379 comments
redd1ch@reddit
My last setup running Debian Stable was about 8 years ago, so, you will have to live with older examples:
A few years ago, Xfce released a new version that introduced monitor profiles. I was connecting a laptop frequently to a set of about 10 different setups (office, beamers, beamers with presenter console, dual beamers, ...). Until this feature arrived in Debian Stable, I did not need it anymore because I had a different job.
Another example was docker itself, when the packages provided by docker require a newer version of libc than stable provides.
Both examples can't be provided with any kind of containers.
What distro do you use and why?
Posted by ReferenceNatural87@reddit | linux | View on Reddit | 379 comments
redd1ch@reddit
Debian unstable is - despite its name - pretty rock solid. Debian Stable has qay too antiquated software for daily use on a desktop. Unless all you do is office stuff. If you want to use any recent features or need to support new hardware, unstable (or testing) it is.
What distro do you use and why?
Posted by ReferenceNatural87@reddit | linux | View on Reddit | 379 comments
redd1ch@reddit
That is why you run unstable on the desktop, and deploy specific workflows in containers with their own set of dependencies.
Why /dev/null Is an ACID Compliant Database
Posted by alexeyr@reddit | programming | View on Reddit | 81 comments
redd1ch@reddit
Take a look at GPDR Art. 32 1(b): [https://gdpr-info.eu/art-32-gdpr/](https://gdpr-info.eu/art-32-gdpr/)
>the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
So, yes, availability is a GDPR issue.
Why /dev/null Is an ACID Compliant Database
Posted by alexeyr@reddit | programming | View on Reddit | 81 comments
redd1ch@reddit
GDPR requires the data to be available. So, yes, somehow not being able to access sensitive data ended up to be a GDPR breach as well.
Don't Refactor Like Uncle Bob (Second Edition)
Posted by The_Axolot@reddit | programming | View on Reddit | 154 comments
redd1ch@reddit
>Enjoy!
I can't, I'm tired from scrolling horizontally in the code boxes. Makes it hard to focus on the content.
Either make the collumn width wider (e.g. 120 chars) or add word wrap.
Do you use disk encryption? Why? Why not?
Posted by sir__hennihau@reddit | linux | View on Reddit | 376 comments
redd1ch@reddit
TPM does not matter in cold boot.
You start the system, wait for the login screen to come up. Then you power it off, and extract the RAM. Then all you have to do is search for the disk key. Congratulations, now you can decrypt the disks. No need for any TPM of the target system.
This will work as long as the decryption is handled on the CPU. You always will need the decryption key in the RAM.
What packages should intermediate Devs know like the back of their hand?
Posted by MilanTheNoob@reddit | Python | View on Reddit | 188 comments
redd1ch@reddit
lol, messed up my sample
What packages should intermediate Devs know like the back of their hand?
Posted by MilanTheNoob@reddit | Python | View on Reddit | 188 comments
redd1ch@reddit
Well, I saw some code that was like
x = Path(location)
file = do(str(x) + "/subdir")
z = Path(file)
with open(str(z)) as f:
json.load(f)
def do(some_path):
y = Path(some_path).resolve()
return str(y) + "/a_file.txt"
Thanks Dell! Wanna buy an Ubuntu laptop? You better spend 900 more and get top spec!
Posted by GameOfShadows@reddit | linux | View on Reddit | 128 comments
redd1ch@reddit
4 instances of each device already take 32 gigs ram. There ain't much space left for any developing if the dev pc only has 32 gig ram. Sure, I could reserve a slot in the hardware lab, commute into the office, and test my changes, but that's quite a hassle. With a proper dev pc, you can work on a train, during internet outage, anywhere, anytime. Why would you restict that for some elitist mindset? If you make unoptimized garbage with 8 gigs of ram, the amount of ram is not the problem. A very strict set of tests prevents any kind of garbage to to leave the development stage, again, no matter how much ram you give your devs.
And I guess you won't believe me, but I had to order the 128 gig RAM upgrade, to enable small devices to handle a task.
Maybe you need to get more RAM, and ditch vs code for some proper IDE, to avoid making unoptimized garbage. During my phd time at university, there was a strong correlation between bad code and users of vs code. Nowadays, there are rarely users of vs code, and guess which code is always full of code smells?
Thanks Dell! Wanna buy an Ubuntu laptop? You better spend 900 more and get top spec!
Posted by GameOfShadows@reddit | linux | View on Reddit | 128 comments
redd1ch@reddit
This works great for "toy" development in university. I need to write software working on a network of embedded devices. Dealing with VM instances is way faster than messing around with the physical ones. Final testing is always done on the real thing, including very strict perfomance tests.
Thanks Dell! Wanna buy an Ubuntu laptop? You better spend 900 more and get top spec!
Posted by GameOfShadows@reddit | linux | View on Reddit | 128 comments
redd1ch@reddit
I made a virtual test bench once. Start up a bunch of KVMs with 4 or 8 gig RAM each, and you'll end up running out of 32 gig pretty fast. With 64 gig you can at least keep PyCharm or GoLand open.
Why so many people hate snaps but like flatpaks ?
Posted by FewVoice1280@reddit | linux | View on Reddit | 316 comments
redd1ch@reddit
The irony of posting this on a proprietary Website.
Does the GPL license force Microsoft to contribute?
Posted by dexternepo@reddit | linux | View on Reddit | 34 comments
redd1ch@reddit
Because they make money by selling a VM platform. If the guest systems don't work properly, customers will switch to another provider. Therefore MS contributes to Linux to improve both their platform and the guest OS. The platform patches are not required to be upstreamed and GPL'ed, though. However, mainlining reduces effort to keep changes in sync.
Current state of Linux bootloaders
Posted by walterblackkk@reddit | linux | View on Reddit | 178 comments
redd1ch@reddit
You can edit grub config without update-grub. update-gub is a debian layer wrapped around grub to do debian things to grub config. Expect something similar when debian adopts systemd-boot.
Current state of Linux bootloaders
Posted by walterblackkk@reddit | linux | View on Reddit | 178 comments
redd1ch@reddit
My docker and VM hosts are running Alpine. Except one Ubuntu VM for AI stuff on CUDA. Docker configs are deployed via git, VMs with Terraform. No need for Debian here.
Is there an appimage / flatpak / docker (user) alternative but meant for developers (dev containers?)
Posted by TechnicallySerizon@reddit | linux | View on Reddit | 35 comments
redd1ch@reddit
Does your VPS not just run your own instance of Linux? Of course I run Docker on a VPS. If your provider does not support that, get a different one.
Valve announces Frog Protocols to bypass slow Wayland development and endless “discussion”
Posted by conan--aquilonian@reddit | linux | View on Reddit | 347 comments
redd1ch@reddit
I'm running Debian with OpenRC and X. I don't feel like I'm missing out on something. I can copy and paste at will, I even can take screenshots, or, in a time when Teams wasn't broken, I could even share my screen on Teams! Even if the release is called "unstable", this is the single most stable setup I've ever had, it does everything I want it to do, and I don't have a single reason to switch anything soon. Doesn't mean I'm not playing around with new trends, though.
Long term Linux users, what's your goto for new installs?
Posted by Kazumi7884@reddit | linux | View on Reddit | 204 comments
redd1ch@reddit
None. Either physically move the harddisk/ssd into the new computer, or copy the contents on the new storage. If the image does not fit for the device, the distro best suited for the needs of this device is chosen. My daily drive was installed somewhere around 2018.
flatpaks should NOT be promoted as the main way to install software (specifically because of new comers)
Posted by Prestigious-Text9674@reddit | linux | View on Reddit | 513 comments
redd1ch@reddit
Modern architecture comes in all shades of white, black, grey and plain concrete. The Gnome experience of living: "The architect likes it this way, so I don't need any means to change it."
Forced to the other side.
Posted by Harishnkr@reddit | linux | View on Reddit | 29 comments
redd1ch@reddit
There is no "other side". Leave the elitism and use whatever tool is appropriate. Sometimes it is Arch and whatnot, sometimes it is Windows and Excel.
In corporate environments you get to use what the admins set you up with. Usually without local admin rights.
Systemd 256.1 Fixes "systemd-tmpfiles" Unexpectedly Deleting Your /home Directory
Posted by qualia-assurance@reddit | linux | View on Reddit | 96 comments
redd1ch@reddit
It's not that systemd invented services. Before, you would run \`service nginx restart\`, now you do \`systemctl restart nginx\`, maybe something different before if you are on OpenRC.
Systemd is not only an init system, the self proclaimed goal of systemd is to eradicate the useless differences between linux distros. That is what startled many folks.
>even though it may be less fancy looking and has less features that i definately don't know how to use so... who cares.
That is my personal issue with systemd: It is dumbing down. With script based init systems, I can go wild on init scripts, \*if my use case needs it\*. With systemd I can do what Systemd offers, and anything else needs a balcony extension around systemd.
Should all Python projects have type hinting?
Posted by Ok-Frosting7364@reddit | Python | View on Reddit | 310 comments
redd1ch@reddit
Back in university, we took natural language toolkit (NLTK) for a test ride during a class. Docs said a method would take a "vocabulary" as parameter. I downloaded the source repo, and well, the only occurence of the word "vocabulary" was in this very method documentation.
What does this story tell? Documentation is hard to write. You can either write it for noobs, rendering it useless for experts, or write it for experts, and users without domain knowledge have a really hard time grasping the docu.
Do you think that the new ARM chips will make the smartphones more PC-like or the reverse?
Posted by DeltaAleph@reddit | linux | View on Reddit | 44 comments
redd1ch@reddit
BLOBs, locked bootloaders, locked secure boot UEFIs. Expect to use ARM devices as you buy them, without much room for modifications.
That's what many raspberry pi alternatives suffer: You're stuck on old, outdated kernels, because that's the only one available.
Researching Why We Use Semicolons as Statement Terminators
Posted by fagnerbrack@reddit | programming | View on Reddit | 244 comments
redd1ch@reddit
You just reinvented N3 (https://en.wikipedia.org/wiki/Notation3).
How is Nvidia working for you?
Posted by SlincSilver@reddit | linux | View on Reddit | 133 comments
redd1ch@reddit
I set up a few boxes for ML on GPUs and "AI" cards from Nvidia, with Alpine and OpenRC. No problems here.
Lennart Poettering reveals run0, alternative to sudo, in systemd v256
Posted by gabriel_3@reddit | linux | View on Reddit | 362 comments
redd1ch@reddit
Yes, X.
Lennart Poettering reveals run0, alternative to sudo, in systemd v256
Posted by gabriel_3@reddit | linux | View on Reddit | 362 comments
redd1ch@reddit
I maintain init scripts for a living, so I guess I know a bit or two about maintainability of different variants. However go on, tell me things about OpenRC that you've never used.
Systemd wants to expand to include a sudo replacement
Posted by 10MinsForUsername@reddit | linux | View on Reddit | 687 comments
redd1ch@reddit
Okay, that is a bit less worse. Still a stupid flaw, and poorly handled by the maintainers, which was my point in bringing up this story.
Lennart Poettering reveals run0, alternative to sudo, in systemd v256
Posted by gabriel_3@reddit | linux | View on Reddit | 362 comments
redd1ch@reddit
>**EDIT**: Ah, OpenRC services are also written using shell script... Thanks, but I'm way past 2010.
Yes. Let's use 1990's INI to declare our services.
Having done both, I prefer OpenRC scripts to Systemd unit files. Your experience in SysV init scripts is not OpenRC.
Lennart Poettering reveals run0, alternative to sudo, in systemd v256
Posted by gabriel_3@reddit | linux | View on Reddit | 362 comments
redd1ch@reddit
I use \`sudo wireshark\` and other things all the time, what am I missing?
Systemd wants to expand to include a sudo replacement
Posted by 10MinsForUsername@reddit | linux | View on Reddit | 687 comments
redd1ch@reddit
>Well that article is a about a bug where the privileges are not reduced from root to an other user.
>With a SETUID executable the risk is privilege escalation from non-root to root, that's way more serious if you ask me
What is this bug, if not a perfect privilege escalation? A non-privileged user creates a user unit, puts a valid user name into it, and systemd decides to start the binaries as root. What more do you need for privilege escalation?
The article shows how the developers of systemd work with false assumptions and, once proven wrong, try to push the rest of the world to comply to these false assumptions.
That is no good base of trust to design a protocol handled by a daemon running as root.
Systemd wants to expand to include a sudo replacement
Posted by 10MinsForUsername@reddit | linux | View on Reddit | 687 comments
redd1ch@reddit
Okay, your point is that you can attack the SUID sudo binary to abuse some of its flags?
Then how is adding a few daemons, clients and encryption reducing the attack surface? Now you have a full protocol accessible via socket to corrupt a daemon running as root. And its from the guys who brought ping of death back to Linux and added a few RCE's and privilege escalations.
Systemd wants to expand to include a sudo replacement
Posted by 10MinsForUsername@reddit | linux | View on Reddit | 687 comments
redd1ch@reddit
Well, then let's replace it with a software with a better track record on security: [https://security-tracker.debian.org/tracker/source-package/systemd](https://security-tracker.debian.org/tracker/source-package/systemd)
My favorite: [https://lwn.net/Articles/727490/](https://lwn.net/Articles/727490/)
Linux should be taught to us all in school it is the liberal way. Why was corporate monster Windows pushed on everyone?
Posted by momoajay@reddit | linux | View on Reddit | 449 comments
redd1ch@reddit
I don't think so. Software is moving to the cloud, always online or running in the browser. There's no tinkering there. No matter if open source (gitlab, nextcloud, ....) or closed (github, dropbox, ...). There are a few handful of operators, and lots of users on locked down thin clients. Some of these in corporate environment, some in private use (apple, android).
Which emerging or not yet widely deployed hardening techniques would have helped interfere with xz backdoor?
Posted by timrichardson@reddit | linux | View on Reddit | 132 comments
redd1ch@reddit
>For example, imagine creating a website where it keeps track of all the package versions and releases to all the popular and major GitHub repositories and then there's a slew of volunteers constantly going in snd reviewing code
>Then when a package or resource is validated as being generally safe, having had multiple professionals look at it, it gets a rubber stamp and a verified status. Then it can be trusted to be marginally safe.
Thing is, things like compression and especially encryption is a special area. There are only limited people available doing competent reviews of packages. In this case, 1. Just like OpenSSL a few years back. Maybe we learn about a new basic library maintained by a single person tomorrow.
Given this, such a repository does not migitate this attack vector, as you can build trust for a few reviewers, giving thumbs ups for a (their) backdoored version, now trusted by many.
A noob take on why DEs that have "windows like" workflows are not the best for new linux desktop users.
Posted by bvgross@reddit | linux | View on Reddit | 140 comments
redd1ch@reddit
I did the same when Gnome 3 came. I had a messed up install of Ubuntu with Mate. Switched over to Debian (testing/unstable) with Xfce. Best choice ever. In eight years of this installation (moved through multiple hardware), I only had to do minor adjustments to keep the UI stable. I use Mate tools for file browser and the likes, though. The only time it did not work out that well was on a tablet with touch input.
Friend: Did you manage to install your new wireless headphones on Linux? Me: No, they worked out of the box.. with LDAC. Friend: LDA.. what? What is that? I don't see it on my Windows. LOL
Posted by BestRetroGames@reddit | linux | View on Reddit | 129 comments
redd1ch@reddit
Honestly, most people's idea of Windows are like 10 to 20 years old, too.
Java 22 New Features With Examples
Posted by erdsingh24@reddit | programming | View on Reddit | 6 comments
redd1ch@reddit
I find it hillarious that the examples have horizontal scrolling, while surrounded by tons of whitespace. Because you can really focus on the code and new concepts while scrolling horizontally, right?
Are You Affected by the Backdoor in XZ Utils?
Posted by Shoddy_Hurry_7945@reddit | linux | View on Reddit | 200 comments
redd1ch@reddit
The times of the often touted slogan that open source software is inherently secure due to its open source nature are gone. This fact is hard to accept for some folks, but all you do it to put your trust into all the maintainers in the software chain.
I don't see any way to add any safeguards. Certainly no effective ones. An attacker with enough resources can jump through any hoops, while it deters new legit contributors. You might see how this increases the chances for a hostile takeover.