More

DominoTree · 2026-01-21T20:14:59 1769026499

JPEG 15 Pro Max

DominoTree · 2026-01-21T20:08:22 1769026102

## Recommendation

Do not run a telnetd server at all.

DominoTree · 2026-01-15T00:30:37 1768437037

For a window of a few minutes until the key gets automatically revoked

Assuming that they took any of your files to begin with and you didn't discover the hidden prompt

DominoTree · 2026-01-03T19:31:57 1767468717

I still don't have IPv6 at home in the middle of San Francisco with Google Fiber / Webpass and have to egress through an HE.net tunnel like it's 2002 again

DominoTree · 2025-11-23T15:27:04 1763911624

Trusting an AI to write an RBAC system feels like asking for trouble

DominoTree · 2025-11-10T01:18:53 1762737533

Traditionally I've seen these adapters primarily used to pass binaries for other architectures to QEMU and similar.

Years ago on FreeBSD I created a "Volkswagen mode" by using the similar `imgact_binmisc` kernel module to register a handler for binaries with the system's native ELF headers. It took a bit of hacking to make it all work with the native architecture, but when it was done, the handler would simply execute the binary, drop its return code, and return 0 instead - effectively making the system think that every command was "successful"

The system failed to boot when I finally got it all working (which was expected) but it was a fun adventure to do something so pointless and silly.

It would be a similarly clever place to maintain persistence and transparently inject bytecode or do other rude things on FreeBSD as well

Twirrim · 2025-11-10T06:42:21 1762756941

Yup, using this approach it's possible to build/use aarch64 containers on an x86 machine. This technique means that a much smaller set of operations are being emulated (doesn't have to emulate the entire kernel etc)

For something I was building, it enabled me to get a full aarch64 compilation done, with a native toolkit, without having to run a full emulation layer. The time savings of doing it this way vs full emulation were huge. Off the top of my head, emulated it was taking over an hour to do the full build, whereas within a container it was only about 10-15 minutes.

jeroenhd · 2025-11-10T09:01:26 1762765286

> effectively making the system think that every command was "successful"

I can only imagine the havoc this would wreak on shell scripts that call out to the test/[/[[ binaries on a system.

porridgeraisin · 2025-11-10T10:19:46 1762769986

nit: while test and [ are binaries, [[ is a bash keyword.

__david__ · 2025-11-10T17:33:37 1762796017

Another nit, while test and [ are indeed binaries, they are also bash built-ins (for performance, presumably) so bash won’t exec them normally.

porridgeraisin · 2025-11-10T18:15:34 1762798534

True! And for those curious, you can enable disable this shadowing per command, like so:

  enable test
  enable -n test # disable
  enable -n [

You can also use

  command test -f file.txt

To override builtins once.

jeroenhd · 2025-11-10T14:12:35 1762783955

Ah, you're right of course. Thank goodness for shellcheck keeping my .sh scripts compatible.

DominoTree · 2025-10-29T21:46:59 1761774419

I have a GitHub action that uses an OAuth token to provision a new key and store it in our secrets manager as part of the workflow that provisions systems - the new systems then pull the ephemeral key to onboard themselves as they come up

It can get especially interesting when you do things like have your GitHub runners onboard themselves to Tailscale - at that point you can pretty much fully-provision isolated systems directly from GitHub Actions if you want

DominoTree · 2025-06-17T17:06:14 1750179974

I've been using KiCad on Wayland for years and didn't even know I was missing out

DominoTree · 2025-03-26T17:17:48 1743009468

"Linux Torvalds"

genpfault · 2025-03-26T18:27:44 1743013664

"...a Soviet computer hacker named Linyos Torovoltos, ..."[1]

[1]: https://gwern.net/doc/cs/security/2001-12-02-treginaldgibbon...

dietr1ch · 2025-03-26T18:22:48 1743013368

The genious and madman behind the Linus Operating System.

wyldfire · 2025-03-26T19:18:14 1743016694

Gell-Mann amnesia [1] is an interesting thing to think about here. But IMO the real problem is that editing for most journalism websites is done very very poorly, if at all.

[1] https://en.wikipedia.org/wiki/Gell-Mann_amnesia_effect

DominoTree · 2025-03-26T02:11:33 1742955093

Skimming through the code (particularly from past issues and PRs) highlights a number of things that look sketchy to me at first glance (in a coding practices way, not in a malicious way) - my gut feeling is that someone smarter than me going through much of this with a fine-toothed-comb would likely find something exploitable.

Rewrite it in Rust. /s

benterix · 2025-03-26T08:22:50 1742977370

> my gut feeling is that someone smarter than me going through much of this with a fine-toothed-comb

Seems that's already started: https://github.com/Atoptool/atop/issues/330