The Quest for Reasonably Secure Operating Systems
The Quest for Reasonably Secure Operating Systems
I never worried on Windows about security as much as I should have, it just so happens I've been lucky to have never been hit with ransomware. By the time...yazomie > tech
like this
iOS 26 doesn't offer privacy settings at all for "Home" app
It appears that even if you don't have the app installed, it is in Settings > Apps. But there's no option at all, to customise its privacy settings.
Downloading the app also doesn't let you customise its privacy settings. In fact, the app then disappears altogether from the privacy settings! It doesn't even appear anymore in the "Hidden Apps". Removing it again however, shows the app popping up again in the settings.
What's more, it's deliberately erroneously labelled as "Start Screen" when you don't have downloaded it.
Ridiculous. One more reason to go to a Fairphone or something like it.
However, you can edit it... but very cumbersomely, only by going to Settings > Siri > App Access ... and then suddenly, you see the app!
This seems like it's straight up illegal.
If by “privacy settings” you mean controlling what system permissions the Home app has, you’re out of luck. It’s a semi-default app and may be more deeply embedded into iOS than is apparent.
If you’re trying to control what other apps have access to HomeKit data, you can find that in Privacy & Security.
Man Charged for Wiping Phone Before CBP Could Search It
adhocfungus likes this.
don't like this
key trick is that it uses edge detection to make a smooth pixel art image
here's an example without edge detection
and here's with it enabled
edit: I spent way too much time on this, but figured out how to make the edge detection method produce sharp images
[2024-10-27] OpenZFS new deduplication mechanism and why you still may not want to use it
OpenZFS deduplication is good now and you shouldn't use it
OpenZFS 2.3.0 will be released any day now, and it includes the new “Fast Dedup” feature. My team at Klara spent many months in 2023 and 2024 working on it, and we reckon it’s pretty good, a huge step up from the old dedup as well as being a solid ba…despair labs
Linux kernel version numbers (Greg Kroah-Hartman's blog)
Linux kernel version numbers
Despite having a stable release model and cadence since December 2003, Linux kernel version numbers seem to baffle and confuse those that run across them, causing numerous groups to mistakenly make versioning statements that are flat out false.Greg K-H (http://www.kroah.com/log/)
The blog post is confusing, but the image is very clear.
5.2.0 was released.
Then 5.2.1, 5.2.2, 5.2.3, 5.2.4, 5.2.5, and 5.2.6 were released as stable updates. Pretty straightforward.
After 5.2.0 came out, normal development continued toward the upcoming 5.3.0 in Linus’s mainline tree. As bugfixes for real problems (crashes, data corruption, build breaks, security issues, etc.) were written and merged into mainline, a subset of those fixes was then backported to the 5.2.y stable branch and released as 5.2.1, 5.2.2, and so on.
In other words, there is a separate 5.2.y branch, but most of its changes are not developed there first. They are developed in mainline (the code that will eventually become 5.3.0 and beyond) and then cherry-picked back into 5.2.y as “stable” bugfixes. There is no “merge 5.2.x back into 5.3.0”; instead, stable only takes fixes that are already in mainline.
This means that any fix you see in a 5.2.y release should already be present in the mainline code that leads to 5.3.0 (or replaced by an equivalent fix there). So when you move from 5.2.6 to 5.3.0, you should not lose any of the bugfixes you were getting from the 5.2.y stable series.
If semantic versioning is:
MAJOR version when you make incompatible API changes
MINOR version when you add functionality in a backward compatible manner
PATCH version when you make backward compatible bug fixes
then I think that would be on like 3.77.0 or something right now. Not terrible, but honestly prefer it to be like the major upped in the new year every year. It is about 43 years old,so 43.x in 2026. Would be easier to know how old a kernel release is without looking it up.
Would be easier to know how old a kernel release is without looking it up.
I concur, but it would be much easier to make the major version the current year (as many projects do, and Linux should imo) rather than the whole project's age at the time of a release.
Linux is only 34 years old, btw.
(Mexico) Continuing Neoliberal Policies Over Farmers’ Demands
cross-posted from: hexbear.net/post/6980341
cross-posted from: news.abolish.capital/post/1231…
This article by Arturo Huerta González originally appeared in the December 2, 2025 edition of La Jornada de Oriente*, the Puebla edition of Mexico’s premier left wing daily newspaper. The views expressed in this article are the author’s own and do not necessarily reflect those of* Mexico Solidarity Media*, or the Mexico Solidarity Project.*On November 26, 2025, the country’s President stated that “there is no money to pay what the farmers are demanding ” and that “you can’t promise what you can’t deliver.” The government has indicated that “the producers’ request to set a price far above the current market value for all national corn exceeds the government ‘s financial capacity ” and that the farmers ‘ demands “must be adjusted to budgetary availability, as public finances have limits.”
This rhetoric is the same as that of the neoliberal presidents who have governed us since the 1980s. By limiting public spending relative to revenue, the government seeks to curry favor with international rating agencies , the International Monetary Fund, and the national and international financial sector. This has led to a reduction in the size and participation of the government in the economy and a neglect of growth objectives for the productive sector, such as job creation, which the population demands. It is a crime to cut public spending in a context where the economy is not growing and the demands of large segments of the population are not being met.
It should be noted that a sovereign government has no financial limits. Financial resources are available. It’s simply a matter of amending the Organic Law of the Bank of Mexico so that it can purchase government debt directly at a low interest rate. This would allow the government to expand its spending and investment to meet the demands of farmers, promote the substitution of agricultural and manufactured imports, and generate employment. This would not be inflationary, as it would increase production, reduce the foreign trade deficit, and generate revenue to cover debt payments. The government could also reduce funding for failed projects such as the Maya Train, the Isthmus of Tehuantepec train , and the Dos Bocas refinery, and allocate those funds to support basic grain producers, a strategic sector essential for ensuring food self-sufficiency in these areas.
Upon learning of the demands from Mexican farmers, US congressmen sent a letter to the US chargé d’affaires stating that he must defend US agricultural exports to Mexico, as it is their primary market. If the Mexican government agrees to continue importing these products, it will continue to favor US producers at the expense of domestic producers, further jeopardizing self-sufficiency and increasing Mexican dependence on foreign imports.
The government says that the requested guaranteed price of 7,200 pesos per ton for corn is far above the market price and that absorbing the difference is very costly for the government. The problem is that the national price should not be set based on the open market, determined by the Chicago Mercantile Exchange, as this has led to cheap imports displacing domestic production and jeopardizing food self-sufficiency in basic grains. This not only affects agricultural producers but also increases the foreign trade deficit and makes the economy more dependent on capital inflows, which requires setting high interest rates to stimulate them. This, in turn, increases the cost of servicing debt for the government, businesses, and households, and restricts investment, spending, and economic activity.
Farmers are not mobilizing to defend any privileges, as the government claims ; they are demanding the implementation of policies to boost Mexican agriculture and advance food self-sufficiency. Therefore, they are demanding an end to importing basic grains, the provision of affordable credit, and the establishment of fair prices for these products.
The government refuses to do so for fear of inflation and devaluation, which would affect the financial sector, which requires low inflation and currency stability to safeguard its capital. Since the economy lacks the conditions to lower inflation, given low productivity and production lags, it has resorted to stimulating capital inflows to lower the dollar’s value and thus imports in order to reduce inflation. All of this benefits the financial sector and producers from the US and other countries who flood the domestic market with their products at the expense of displacing national producers and without implementing policies that promote economic growth.
The government must work for the benefit of the country, not against it. Domestic production and employment must be incentivized , even if this seems more expensive in the short term, because it would boost economic growth and employment, reduce the foreign trade deficit, and provide workers with income to cope with higher prices. This would prevent the current practice of lowering inflation to benefit the financial sector and US producers of imported goods, which has led to a decline in our industry and production of basic grains. This, in turn, has stifled economic growth, increased unemployment and underemployment, and lowered the population’s standard of living.
The government opposes the farmers’ request to remove staple grains from the USMCA trade agreement because it fears the US will impose further restrictions on Mexican exports to that country. Upon learning of the demands from Mexican farmers, US congressmen sent a letter to the US chargé d’affaires stating that he must defend US agricultural exports to Mexico, as it is their primary market. If the Mexican government agrees to continue importing these products, it will continue to favor US producers at the expense of domestic producers, further jeopardizing self-sufficiency and increasing Mexican dependence on foreign imports.
The President said that “we must be very responsible about what can and cannot be done,” and in this regard, it must be said that economic policy must be responsible in order to satisfy the demands not only of agricultural producers, but also of those who clamor for well-paying jobs, just enough to address the growing poverty and crime plaguing the country. To achieve this, the government must abandon budget cuts and ensure that the central bank serves the growth of the productive sector and employment. Furthermore, trade liberalization must be reviewed, and protectionist policies implemented to favor domestic production. If the government does not increase investment and spending to boost private investment, production, and employment, and if the central bank does not lower interest rates, the economy is headed for a crisis.
Without growth in production and employment, there is no growth. Neoliberal policies must be abandoned . If the government fails to meet the needs of the population and continues to act in favor of the interests of the US and the financial sector, economic and social problems and discontent among affected sectors will worsen, leading to increased protests.
The post Continuing Neoliberal Policies Over Farmers’ Demands appeared first on Mexico Solidarity Media.From Mexico Solidarity Media via This RSS Feed.
El gobierno privilegia mantener las políticas neoliberales, en vez satisfacer las demandas - Alternativa Económica
El gobierno ha señalado que “la petición de los productores de fijar un precio muy superior al valor actual de mercado para todo el maíz nacional rebasa la capacidad financiera del gobiernoArturo Huerta González (La Jornada de Oriente)
@Salamence@lemmy.zip please add the required [Opinion] prefix in the title.
The views expressed in this article are the author’s own and do not necessarily reflect those of Mexico Solidarity Media, or the Mexico Solidarity Project.
Is Europe ready to pull the trigger? Officials whisper about dumping US treasuries if Trump cuts Ukraine deal
Is Europe ready to pull the trigger? Officials whisper about dumping US treasuries if Trump cuts Ukraine d
European governments US Treasuries: European governments are considering a radical economic strategy by possibly selling off US Treasury bonds to counter a feared Trump-Putin agreement that could jeopardize Ukraine's security.Shreya Biswas (Economic Times)
i was going to say something like this.
it's like eisenhower's threat to eden but in reverse and just as empty; they'll never threaten profits or capital and they've also made themselves even more depended on the us.
Florida governor designates Muslim rights group as terrorist organization
Florida Governor Ron DeSantis signed an executive order designating one of the country’s most prominent Muslim civil rights groups, the Council on American-Islamic Relations, as a “foreign terrorist organization,” becoming the second high-profile Republican governor to do so in recent weeks.
CAIR's Florida chapter announced a lawsuit challenging the order at a Tuesday press conference in Tampa, where Hiba Rahim, the chapter's interim executive director, called the order "defamatory and unconstitutional."
The U.S. government has not designated CAIR or the Muslim Brotherhood as foreign terrorist organizations, but President Donald Trump last month began the process of doing so for certain Muslim Brotherhood chapters, such as those in Lebanon, Egypt and Jordan.
The Florida order instructs agencies to take action to prevent CAIR from receiving any state contracts, employment or funding.
CAIR was founded in 1994 and has chapters in nearly two dozen U.S. states.
Army begins to reshape its acquisition enterprise along portfolio lines
“We will leverage taxpayer dollars in a more accountable, flexible and deliberate manner to maximize their value across capability portfolios,” Defense Secretary Pete Hegseth said during an address at the National War College. “We will shift funding within portfolios’ authorized boundaries swiftly and decisively to maximize mission outcomes. If one program is faltering, funding will be shifted within the portfolio to accelerate or scale a higher priority. If a new or more promising technology emerges, we will seize the opportunity and not be held back by artificial constraints and funding boundaries that take months or even years to overcome.”
In that address, Hegseth credited the military services with laying the groundwork for some of the reforms he wants to make department-wide. And the Army started its implementation work last month, naming six new “portfolio acquisition executives.” Each of those PAEs will oversee different “capability areas” with programs managed by what had, up until now, been called program executive offices (PEOs), and will now be called capability program executives (CPEs).
Army begins to reshape its acquisition enterprise along portfolio lines
Former program executive offices are starting to realign their organizations under the new "capability portfolio executive" construct.Jared Serbu (Federal News Network)
Uncovered: Instacart is using AI algorithms to charge customers different prices for the same items. It's not just online. It's in physical grocery stores too.
New Investigation found that some grocery prices differed by as much as 23 percent per item from one Instacart customer to the next. In an inadvertently sent email, the company calls one pricing tactic “smart rounding.”
Instacart’s AI-Enabled Pricing Experiments May Be Inflating Your Grocery Bill, CR and Groundwork Collaborative Investigation Finds
Exclusive: Instacart’s AI pricing may be inflating your grocery bill.Consumer Reports
like this
Uncovered: Instacart is using AI algorithms to charge customers different prices for the same items. It's not just online. It's in physical grocery stores too.
New Investigation found that some grocery prices differed by as much as 23 percent per item from one Instacart customer to the next. In an inadvertently sent email, the company calls one pricing tactic “smart rounding.”
Instacart’s AI-Enabled Pricing Experiments May Be Inflating Your Grocery Bill, CR and Groundwork Collaborative Investigation Finds
Exclusive: Instacart’s AI pricing may be inflating your grocery bill.Consumer Reports
essell likes this.
Brigitte Macron faces criticism after using sexist insult about activists
The scene filmed on Sunday showed France’s first lady in discussion backstage at the Folies Bergère theatre in central Paris with actor Ary Abittan before a performance he was about to give.
The previous night, feminist campaigners had disrupted his show, wearing masks of the actor bearing the word “rapist” and shouting, “Abittan, rapist!”
A woman in 2021 accused the actor of rape, but in 2023, investigators dropped the case, citing a lack of evidence.
Before Sunday’s performance, Macron is seen in the video, published by local media Public on Monday, asking him how he was feeling. When he said he was feeling scared, Macron was heard jokingly responding, using a vulgar expression in French, “If there are any stupid removed, we’ll kick them out”.
Brigitte Macron faces criticism after using sexist insult about activists
The French first lady’s team says she had intended to criticise a feminist group’s ‘radical method’ of protest.Al Jazeera
Best multi player steam setup?
cross-posted from: lemmy.world/post/39957209
Hello lemmings, I've once again come for your advice. I've built a sff system with a dual boot bazzite os. This will be mostly for my kids playing games and media serving from Big picture in the living room. I'm trying to figure out the best way to set up the accounts. Ideally it would be as close to a console experience as possible but I want to make sure each kid can save their own progress. What's my best option here? Does everyone need their own os account that signs them into steam properly? I've never set up a system for multiple users before.Edit: details
Edit: thanks for all the feedback! I'm leaning towards single system account with multiple steam accounts. Now I just need to figure out how to keep myself signed in on steam so I don't have to put my PW in every time. Thanks a ton!
I'd go with different system acounts. That way their savegames are guaranteed to stay separate.
That's because on PC most games just care about the system user when determining the savegame folder, and don't care about steam accounts.
So, what I'd do is to:
- Give each their own system account
- Set up Gamescope as a session: wiki.archlinux.org/title/Steam…
- Configure the Display Manager to use that session for their users (In GDM, for instance, it's enough to manually select it once on login - GDM remembers the last-used session per user)
- Profit
If your kids are only going to be using big picture mode in steam, then one system account will work. The steam deck only has one system user with the ability to have multiple steam accounts and that works great for multiple users, from my experience.
For anyone interested in a great dual use system for regular desktop use and a console-like experience, I recommend checking out nixos and jovian-nix:
jovian-experiments.github.io/J…
I'm using it on my main PC and it works incredibly well to mimic the steam deck experience using a full desktop on nixos 25.11
What’s a graphical piece of software you wish existed or was better?
Hi Linux Lemmites. Recently finished up school and started working full time and kind of miss working on personal projects. I’m looking to try to make something in rust and try out gpui if I can figure it out or maybe egui. I also want to make something maybe even a handful of people would actually use as I find that motivating, so I ask what would actually be useful to you?
Edit: thank you all very much for the input, I think that maybe doing something akin to a “settings+” would be a fair target for me for a n initial project. If I make anything interesting I’ll make another post in this sub.
like this
Officers at Texas immigration detention facility accused of beatings and sexual abuse
Officers at the large immigration detention camp located at the Fort Bliss army base in Texas are allegedly mistreating detainees, with accusations including beatings, sexual abuse and clandestine deportations of non-Mexican nationals into Mexico, according to a coalition of local and national US civil rights organizations.
In a 19-page letter, addressed to senior government officials at the Immigration and Customs Enforcement (ICE) agency and Fort Bliss military command, the coalition accuses officers at the immigration detention facility on the base, called Camp East Montana, of being “in violation of agency policies and standards, as well as statutory and constitutional protections”.
The advocates called for the immediate closure of the camp, where more than 2,700 detainees are being held in a complex of tents.
“In light of these abuses, we urge the end to detention of immigrants at Fort Bliss,” said the letter signed by eight organizations, including the American Civil Liberties Union, Humans Rights Watch, Estrella del Paso, the Texas Civil Rights Project and Las Americas Immigrant Advocacy Center.
Officers at Texas immigration detention facility accused of beatings and sexual abuse
Civil rights coalition calls for immediate closure of camp, where more than 2,700 detainees are being heldLorena Figueroa (The Guardian)
(ADC) “Smartphone, dopamina e dipendenza: il mio ESPERIMENTO di 7 Giorni”
Caspiterina, De Concimi ha cacciato fuori questo esperimentino pazzo 2 settimane fa e io me l’ero perso… l’ho scoperto solo stasera per caso: 1 settimana senza lo smarfonino (o smarfonone, nel suo caso) per capire se è possibile vivere senza. Non tanto in senso di pratica universale del mondo, perché purtroppo al giorno d’oggi l’avere […]
octospacc.altervista.org/2025/…
(ADC) “Smartphone, dopamina e dipendenza: il mio ESPERIMENTO di 7 Giorni”
youtube.com/watch?v=yKM4mMAxtE…Caspiterina, De Concimi ha cacciato fuori questo esperimentino pazzo 2 settimane fa e io me l’ero perso… l’ho scoperto solo stasera per caso: 1 settimana senza lo smarfonino (o smarfonone, nel suo caso) per capire se è possibile vivere senza. Non tanto in senso di pratica universale del mondo, perché purtroppo al giorno d’oggi l’avere ed usare costantemente uno smartphone è qualcosa di praticamente forzato dall’esterno, sia dalla società che per certi versi dagli Stati, e con ogni anno che passa la possibilità di poter rimanere senza in tal misura si fa sempre più sottile, quindi non è questo il punto del video… Il suo discorso è più che altro sull’abitudine, la dipendenza, e queste minchiatine qui. 😳
È un caso spassoso che, come la sua sfida sia stata di 1 settimana, così io stasera — dopo aver trovato appunto per caso questo video, che credo abbia qualche spuntino di riflessione, e quindi mi è venuta la voglia di postare — stia scrivendo qui dopo 1 settimana intera che non tocco il fritto misto… E beh, di un caso si tratta, perché io non ho affatto mandato a fanculo il telefono, ma semplicemente sono evidentemente a corto di olio, quindi è difficile friggere. (In altre parole, l’anedonia mi distrugge, e quindi col piffero che esce qualcosa da scrivere qui, di lungo e sensato… ma, anche oggi pomeriggio ho applicato il mio fix vietato, e dunque stasera ho la voglia di fare le cose, che wow… però non divaghiamo.) 🙏
Lui avrebbe voluto fare proprio una settimana senza Internet, ma non è riuscito a giustificare il prendersi una settimana di ferie (che sarebbe la conseguenza logica di una tale scelta per lui, visto che il suo lavoro non è raccogliere i pomodori), quindi ha ripiegato sul semplicemente mettere via lo smartphone pieghevole fantastico moderno che ha, e ritornare ai tempi antichi del suo vecchio cellulare Nokia, mettendo la SIM in quello e non usando più lo smartphone per niente; se non per i codici della banca (e zio merdone, le banche e le loro app!) e per registrare pezzi di vlog. 👌
Cosa ne può mai venire allora fuori da questa cosa? Boh; per lui, che può fare a meno di avere certe app molto distraenti sul cellulare (incluse alcune che, nonostante ciò, avrebbero un giustificabile scopo lavorativo, come YouTube Studio; quindi non parliamo solo di minchiatine), decidendo quindi di levarle da lì, allocandole solo al PC e a tempi della giornata più controllati, avendo così un potenziamento dell’attenzione e sprecando dunque meno tempo durante tutti i giorni e quindi nella vita… e, per chi guarda, invece, veramente boh; nel senso, dipende. 🍇
Io, in realtà, grandi problemi con il telefonone in questo senso non sento di averne… ma non tanto perché ne ho in realtà di ben più gravi in altri sensi—ehm, volevo dire, non solo perché non è la prima volta che sento queste cose; quanto più per il fatto che innanzitutto il mio uso dello smarfonone è abbastanza diverso dalla media delle persone della mia generazione (che, le statistiche lo dicono, è comunque quella più fissata), e poi perché tante misure riparative o preventive dell’abuso dello smartphone sono per me normalità da tempo… per una semplice questione di miei gusti e tendenze, in realtà, lol. 😊
Alla fine del video, Alessandrone suggerisce alcune cose effettivamente utili, che per me infatti non sono nuove. Piattaforme social che non aggiungono praticamente nulla alla mia vita non le uso (ma in realtà, curiosamente, come ho già detto, se le iniziassi ad usare non riuscirei ad acquisire l’abitudine; mi scoccerei naturalmente e smetterei senza farci caso)… Il telefono certamente non è il mio unico robo di battaglia, e anzi, a casa non ho davvero tanto la voglia di usarlo quando posso fare qualcosa ugualmente o meglio dal PC (come scrivere)… E beh, a me le notifiche danno proprio fastidio dentro (ma questa sarà altrettanto la potenza del mio autismo), quindi le uniche che permetto al telefono di ricevere in qualsiasi momento sono chiamate ed SMS, nient’altro (mentre, sul tablet, praticamente zero). 😈
In realtà, però, devo ammettere che dei problemi di abitudini zombi li ho pure io, a riguardo… e quindi sì, assolutamente evito di tenere collegamenti rapidi a cose che apro di continuo senza motivo, altrimenti è la fine, ma mi trovo a dover ogni tanto cambiare anche la disposizione del drawer delle app o altre cose di questo tipo, perché sennò non basta… Ma, questo non è tanto un problema di dopamina, visto che mi accorgo che per me pure il fottuto Alt+Tab sul PC è compulsivo; proprio nel mentre di scrivere questo post, l’ho premuto non so quante volte… e l’unica finestra che ho portato in foreground è stata la mia cartella Download rimasta aperta da poco fa, non una app con meccanismo da slot machine. (E no, impostare la scala di grigi non mi aiuta con ciò.) 🥴
Boh, complessivamente l’esperimento è gnam, e… io non lo farei, perché ehh… francamente, a me, lo smartphone, quando serve serve. Se voglio annotare qualcosa devo farlo, e idem se voglio cercare sul web delle robe, o se ho da scattare delle foto e persino modificarle al volo, nonché attuare rapidi momenti di sysadmin e programmazione in giro, visto che un tablet sarebbe troppo grosso e dunque non potrei portarlo ovunque… Però, allo stesso tempo, non è assolutamente la fine del mondo se in un certo momento non posso aprire Pinterest o Telegram per guardare (e pigniare…) i miei memini; basta che ho un manga da leggere, o una console per giocare, e riesco tranquillamente a non morire. (…E sì, sto implicando che se non ho la possibilità di scrivere quando voglio è improbabile io possa sopravvivere; ma insomma, se esplodessero gli smartphone domani userei il 3DS, e se esplodesse tutta l’elettronica del pianeta userei la carta.) 👍
#adc #dipendenza #dopamina #esperimento #smartphone
- YouTube
Profitez des vidéos et de la musique que vous aimez, mettez en ligne des contenus originaux, et partagez-les avec vos amis, vos proches et le monde entier.www.youtube.com
Glauber Braga é expulso do plenário após ocupação da Mesa Diretora
Glauber Braga é expulso do plenário após ocupação da Mesa Diretora
Congressista foi levado por policiais legislativos para fora do plenário após protesto contra possível cassação.Congresso em Foco
Can DSA Hold Mamdani Accountable? Its Co-Chairs Respond
- YouTube
Profitez des vidéos et de la musique que vous aimez, mettez en ligne des contenus originaux, et partagez-les avec vos amis, vos proches et le monde entier.www.youtube.com
Segal Secrets: docs reveal Antisemitism Envoy's big pay day - Michael West
Top Brazilian Official Warns Trump of 'Vietnam-Style' Regional Conflict If He Attacks Venezuela
cross-posted from: hexbear.net/post/6977610
cross-posted from: news.abolish.capital/post/1231…
A top Brazilian official is warning President Donald Trump that a US military attack on Venezuela could easily spiral out of control into a "Vietnam-style" regional conflict.
Celso Amorim, chief foreign policy adviser to Brazilian President Luiz Inácio Lula da Silva, said in an interview published on Monday by the Guardian that a US military strike on Venezuela would inevitably draw nations throughout Latin America into an armed conflict that would be difficult to contain.
"The last thing we want is for South America to become a war zone—and a war zone that would inevitably not just be a war between the US and Venezuela," he said. "It would end up having global involvement and this would be really unfortunate."
Amorim added that "if there was an invasion, a real invasion [of Venezuela]... I think undoubtedly you would see something similar to Vietnam—on what scale it’s impossible to say."
While acknowledging that Venezuelan President Nicolás Maduro is disliked by many other South American leaders, Amorim predicted that even some of Maduro's adversaries would rally to his side in the face of destabilizing military actions by the US government.
He also predicted that anti-US sentiment would surge throughout the continent in the event of an invasion, as there is still major resentment toward the US for backing right-wing military coups during the Cold War in Chile, Brazil, and other nations.
"I know South America," he emphasized. "Our whole continent exists because of resistance against foreign invaders."
The Trump administration in recent weeks has signaled that it plans to launch attacks against purported drug traffickers inside Venezuela, even though reports from the US government and the United Nations have not identified Venezuela as a significant source of drugs that enter the United States.
The administration has also accused Maduro of leading an international drug trafficking organization called the Cartel de los Soles, despite many experts saying that they have seen no evidence that such an organization formally exists.
Trump late last month further escalated tensions with Venezuela when he declared that airspace over the nation was "closed in its entirety," even though he lacks any legal authority to enforce such a decree.
The Washington Post reported on Monday that Maduro is remaining defiant in the face of US pressure, as he is refusing to go into exile despite the threat of an attack on his country.
According to the Post's sources, Maduro's inner circle of allies "shows no signs of imminent collapse," even as he has limited his public appearances and beefed up his personal security amid fears that he could be the target of an assassination attempt.
From Common Dreams via This RSS Feed.
Trump Claims Venezuelan Airspace Is Closed in Latest Illegal, 'Dangerous Escalation'
"Even if unenforced, Trump’s declaration functions as an improvised, extralegal no-fly zone created through fear, FAA warnings, and military pressure," said the anti-war group CodePink.julia-conley (Common Dreams)
it's the one we've created for ourselves thanks to self re-enforced propaganda.
remember this the next time someone tells you that you MUST vote democrat or republican.
Diaries of Blood, The secret artists within Israeli detention facilities.
cross-posted from: hexbear.net/post/6980575
"I will carry my soul in my palm,
And cast it into the abyss of death,Either a life that pleases a friend,
or a death that angers an enemy."When I asked my uncle Khader Shaat, 47, about the poetry verse that he inscribed on the embroidered, handmade notebook about 30 years ago in Asqalan Israeli prison, he told me that it was the fuel that made him survive.
"Clinging to a life of freedom kept me alive," he said, remembering the notebook he made out of black fabric and framed using many beads.
Khader Shaat was detained when he was 17, sent to prison as a child, and released as a very strong young man.
From 1948 until today, Israel has detained and attacked many iconic, educated thinkers and revolutionaries as a way to suppress their voices, lessen awareness, and hide the truth. But the Occupation doesn't discriminate. According to the 2023 report of the Palestinian Ministry of Detainees and Ex-Detainees Affairs, there are currently 4,850 detainees in Israeli prisons, among them 31 women, including eight mothers and 160 children.
Israel detains these children for nothing more than being Palestinian. You may be walking in the street, performing your prayer at a mosque or a church, doing your job at a company, studying for your exam to a school, or whatever and whenever. The accusation is homelove. They want the young Palestinians to grow up with fear, to stop raising their voices, to never defend their land.
Diaries of Blood: The secret artists within Israeli detention facilities
Palestinian prisoners have a powerful weapon against the Israeli occupation and illegal detainment: art, forged in blood on the prison walls.Eman Al-Astal (Scalawag)
Official Propaganda for Caribbean Military Buildup Includes “Crusader Cross”
cross-posted from: news.abolish.capital/post/1260…
An official U.S. military social media account on Monday shared a photo collage that included a symbol long affiliated with extremist groups — and Secretary of Defense Pete Hegseth.In a post on X trumpeting the deployment of troops to the Caribbean, U.S. Southern Command, or SOUTHCOM, shared an image that prominently displayed a so-called Jerusalem cross on the helmet of a masked commando.
The Jerusalem cross, also dubbed the “Crusader cross” for its roots in Medieval Christians’ holy wars in the Middle East, is not inherently a symbol of extremism. It has, however, become popular on the right to symbolize the march of Christian civilization, with anti-Muslim roots that made it into something of a logo for the U.S. war on terror.
Tattoos of the cross, a squared-off symbol with a pattern of repeating crosses, have appeared on the bodies of people ranging from mercenaries hired by the Gaza Humanitarian Foundation to Hegseth himself.
Now, the symbol has reared its head again to advertise President Donald Trump’s military buildup against Venezuela — an overwhelmingly Catholic country — and boat strikes in the Caribbean.
U.S. military forces are deployed to the #SOUTHCOM area of responsibility in support of #OpSouthernSpear, @DeptofWar-directed operations, and @POTUS' priorities to disrupt illicit drug trafficking and protect the homeland. pic.twitter.com/vLvg9fQ5Lx— U.S. Southern Command (@Southcom) December 8, 2025
“As with all things Trump, it’s a continuation, with some escalation, and then a transformation into spectacle,” said Yale University historian Greg Grandin, whose work focuses on U.S. empire in Latin America.
The social media post came amid rising controversy over a series of strikes on boats allegedly carrying drugs off the coast of Venezuela, dubbed Operation Southern Spear.
[
Read Our Complete Coverage
License to Kill
---------------](theintercept.com/series/licens…)Hegseth is alleged to have ordered a so-called “double-tap” strike, a follow-up attack against a debilitated boat that killed survivors clinging to the wreckage for around 45 minutes. The U.S. has carried out 22 strikes since the campaign began in September, killing a total of 87 people.
The Pentagon’s press office declined to comment on the use of the Jerusalem cross, referring questions to SOUTHCOM. But in a reply to the X post on Monday, Hegseth’s deputy press secretary Joel Valdez signaled his approval with emojis of a salute and the American flag. In a statement to the Intercept, SOUTHCOM spokesperson Steven McLoud denied that the post implied any religious or far-right message.
“The graphic you’re referring to was an illustration of service members in a ready posture during Operation SOUTHERN SPEAR,” McLoud told The Intercept. “There is no other communication intent for this image.”
The original image of the masked service member appears to have come from an album published online by the Pentagon that depicts a training exercise by Marines aboard the USS Iwo Jima in the Caribbean Sea in October. The photo depicting the cross, however, was removed from the album after commentators on social media pointed out its origins.
Amanda Saunders, a spokesperson for the Defense Visual Information Distribution Service, the Pentagon-run photo agency, said she was unable to comment directly but forwarded the request to the Marine unit involved in the exercise.
“Content on DVIDS is published and archived directly by the registered units,” she said, “so we don’t have control over what is posted or removed, nor are we able to comment on those decisions.”
Hegseth and the Cross
The Jerusalem cross’s popularity on the right has surged in part thanks to featuring in various media, including the 2005 Ridley Scott film “Kingdom of Heaven” and video games, according to Matthew Gabriele, a professor of medieval studies at Virginia Tech and a scholar of Crusader iconography.“It supports the rhetoric of ‘defense of homeland.’”“It supports the rhetoric of ‘defense of homeland,’” Gabriele told The Intercept, “because the crusaders, in the right’s understanding, were waging a defensive war against enemies trying to invade Christian lands.”
The symbol’s position of prominence in official military communications is just the latest example of a trollish extremism by the Trump administration’s press teams, which have made a point of reveling in the cruelty wrought on its perceived enemies at home and abroad, or “owning the libs.”
[
Related
Team Leader at Gaza Aid Distribution Sites Belongs to Anti-“Jihad” Motorcycle Club, Has Crusader Tattoos](theintercept.com/2025/08/06/ga…)
Monday’s post may also be intended as Hegseth putting his thumb in the eye of the Pentagon’s old guard. Hegseth’s embrace of the symbol — in the form of a gawdy chest tattoo — once stymied, however temporarily, his ambitions in the military.Folling the January 6 insurrection, according to Hegseth and reporting by the Washington Post, Hegseth was ordered to stand down rather than deploy with his National Guard unit ahead of the 2021 inauguration of Joe Biden. The decision to treat Hegseth as a possible “insider threat” came after a someone flagged a photo of a shirtless Hegseth to military brass, according to the Washington Post.
“I joined the Army in 2001 because I wanted to serve my country. Extremists attacked us on 9/11, and we went to war,” Hegseth wrote “The War on Warriors,” his 2024 memoir. “Twenty years later, I was deemed an ‘extremist’ by that very same Army.”
Hegseth was hardly chastened by the episode and has since gotten more tattoos with more overt anti-Muslim resonance, including the Arabic word word for “infidel,” which appeared on his bicep sometime in the past several years. It’s accompanied by another bicep tattoo of the Latin words “Deus vult,” or “God wills it,” yet another slogan associated with the Crusades and repurposed by extremist groups.
The use of the image to advertise aggressive posturing in a majority-Christian region like Latin America may seem odd at first glance. In the context of renewed U.S. focus on Latin America, however, it’s a potent symbol of the move of military action from the Middle East to the Western Hemisphere.
“They’re globalizing the Monroe Doctrine.”The post comes on the heels of the release of the Trump’s National Security Strategy, a 33-page document outlining the administration’s foreign-policy priorities that explicitly compared Trump’s stance to the Monroe Doctrine, the turn-of-the-century policy of U.S. dominance in Latin America in opposition to colonialism by other foreign powers. Grandin, the Yale historian, described the document as a “vision of global dominance” based on a model of great-powers competition that can lead to immense instability.
“They’re globalizing the Monroe Doctrine,” Grandin said. “I’m no fan of the hypocrisy and arrogance of the old liberal international order, but there’s something to be said for starting from a first principle of shared interests, which does keep great conflict at bay to some degree.”
The post Official Propaganda for Caribbean Military Buildup Includes “Crusader Cross” appeared first on The Intercept.
From The Intercept via This RSS Feed.
Pete Hegseth’s Arabic tattoo stirs controversy: ‘clear symbol of Islamophobia’
Critics say US defense secretary’s tattoo of the word kafir, meaning ‘infidel’ or ‘non-believer’ could offend MuslimsMarina Dunbar (The Guardian)
2025 set for second-hottest year on record
2025 set for second-hottest year on record
This year is expected to match 2023 as one of the warmest on record, second only to 2024, EU scientists warn. They cite greenhouse gas emissions from fossil fuels as the main cause of global warming.Felix Tamsut (Deutsche Welle)
like this
Spoiler formatting looks like this:
::: spoiler Tap for spoiler
Spoilers go here
:::The "Tap for spoiler" part is what shows up in the post, like this:
::: spoiler Tap for spoiler
Snape kills Dumbledore
:::
You can put whatever you like instead of "Tap for spoiler", such as emojis:
::: spoiler 😱😱😱😱
Mrs Flood is the Rani
:::
That's all 😀
Tesla Optimus falls in Miami demo, hand movements sparks remote operation debate
Tesla Optimus's fall in Miami demo sparks remote operation debate
While falls are not unusual in robotics development, a specific hand motion has raised questions about the current level of autonomy in Tesla’s system.Jijo Malayil (Interesting Engineering)
Samsung shifts focus from HBM to DDR5 modules: DDR5 RAM results in FAR more profits than HBM
Samsung is reportedly scaling down its HBM production, shifting focus of DRAM production to DDR5 modules because there's FAR more profits to be made.
Woman hospitalized after Pluribus ad on smart fridge triggers psychotic episode
A Pluribus ad displayed on a Samsung smart fridge led a UK woman to seek hospital care for a psychotic episode.
essell likes this.
‘I Was Paid’: Bongino’s Confession About His January 6 Claims | The deputy director of the FBI admitted to lying during his days as a pundit.
‘I Was Paid’: Bongino’s Confession About His January 6 Claims
The deputy director of the FBI admitted to lying during his days as a pundit.David A. Graham (The Atlantic)
like this
Unequivocal War Crimes
- YouTube
Profitez des vidéos et de la musique que vous aimez, mettez en ligne des contenus originaux, et partagez-les avec vos amis, vos proches et le monde entier.www.youtube.com
America Has Become a Digital Narco-State - Paul Krugman
America Has Become a Digital Narco-State
Social media giants have bought our government, and are trying to bully EuropePaul Krugman
like this
reshared this
Krugman is a worthless hack. Sensational headline with implicit endorsement of prohibition is a prime example.
Edit about the "nobel": Everybody who's talking about this "nobel prize". There is no nobel prize in econ. It's a phony award made up by bankers. That's how pathetic the pseudo-science of economics is. They need to make up their own fake awards for relevancy. So please don't tout the phony awards of this pseudo-scientists. I could make up an award for flat earthers but that wouldn't legitimize flat earthism.
(And even if there were a nobel for econ... Who cares about awards if the underlying "science" is still trash?)
Here's one of the best traders talking about the same issue:
invidious.nerdvpn.de/watch?v=b…
It's eloquent and funny at the same time.
I included a timestamp to jump (almost) directly to the most relevant bit (also 33m, but 31m sets up a better context for an extra 2min of time compared to going directly to the 33m mark). But the whole video is worth watching.
Yes, Krugman is a hack.
The Plan is to Make the Internet Worse. Forever. | Aaron Bastani Meets Cory Doctorow
- YouTube
Profitez des vidéos et de la musique que vous aimez, mettez en ligne des contenus originaux, et partagez-les avec vos amis, vos proches et le monde entier.www.youtube.com
I bambini che piangono quando viene tolto lo schermo: Alberto Pellai racconta la mutazione antropologica che ha cambiato l’infanzia
reshared this
Cose scontate, ma ignorate, evviva l'adhd per tutti!
Personalization algorithms create an illusion of competence, study finds
Selected highlights:
The researchers divided the participants into different groups to test the specific effects of algorithmic personalization. One group served as a control and viewed a random assortment of items with all features available to inspect. Another group engaged in active learning, where they freely chose which categories to study without algorithmic interference.the study measured the participants’ confidence in their decisions using a rating scale from zero to ten. The analysis showed that participants in the personalized groups frequently reported high confidence levels even when their answers were wrong. This effect was particularly distinct when they encountered items from categories they had rarely or never seen during the learning phase.
This indicates a disconnection between actual competence and perceived competence caused by the filtered learning environment. The participants were unaware that the algorithm had hidden significant portions of the information landscape from them. They assumed the limited sample they viewed was representative of the whole.
The findings provide evidence that the structure of information delivery systems plays a significant role in shaping human cognition. By optimizing for engagement, current algorithms may inadvertently sacrifice the accuracy of user knowledge. This trade-off suggests that online platforms can shape not just what people see, but how they reason about the world.
Personalization algorithms create an illusion of competence, study finds
While personalization algorithms keep users engaged, they may create a false sense of expertise. A new experiment reveals that curated content feeds limit information exploration, causing learners to form distorted views while remaining surprisingly …Eric W. Dolan (PsyPost Psychology News)
essell likes this.
Lonewolfmcquade
in reply to yazomie • • •yazomie
in reply to Lonewolfmcquade • • •Lonewolfmcquade
in reply to yazomie • • •N.E.P.T.R
in reply to yazomie • • •What I want out of a secure Linux (or BSD) system is full (top-to-bottom) sandboxing of all components to enforce least privilege. I am want to learn how to make my own distro (most likely for personal use) which uses strong SELinux policies, in conjunction with syd-3 sandboxing, which seems like the most robust and feature rich, unprivileged sandbox in both the Linux/BSD worlds (also it's totally in safe Rust from what i can tell).
Another thing that I would love to make is a drop-in replacement for Flatpak that is backwards compatible but uses syd-3 instead. It has much better exploit protections than Bubblewrap, and is actually an OOTB secure sandbox. I dont know much about the internals of Flatpak, or how to use xdg-desktop-portal, but I am going to start more simple with a Bubblejail alternative. One major advantage of syd is that you can modify an already running sandbox, so theoretical you could show a popup that says something like "App1 is requesting microphone access.", where you could toggle on without needing to restart the app.
Need to get better at coding tho lol
iopq
in reply to N.E.P.T.R • • •sudoer777
in reply to iopq • • •iopq
in reply to sudoer777 • • •aaravchen
in reply to iopq • • •SELinux is used on all the Fedora Immutable distros, and the OpenSUSE Immutable distro.
It's actually much easier to do SELinux in Immutable distros in a lot of ways than non-immutable. Especially the bootc-style ones where even more of the system is defined and prebuilt before deployment.
AppArmor is OK, but the whole issue is that you have to know what to throw into it. That's also its benefit, you can focus in the high risk things and ignore the low risk things. It keeps expanding profiles more and more though, and ironically the ultimate destination is everything being under MAC.
iopq
in reply to aaravchen • • •yazomie
in reply to N.E.P.T.R • • •moonpiedumplings
in reply to yazomie • • •Syd3, and gvisor, a similar project in go aren't really sandboxes but instead user mode emulation of the linux kernel. I consider them more secure than virtual machines because code that programs run is not directly executed on your cpu.
Although syd3 doesn't seem to emulate every syscall, only some, I know rhat gvisor does emulate every syscall.
If you compare CVE's for gvisor and CVE's for xen/kvm, you'll see that they are worlds apart.
Xen has 25 pages: app.opencve.io/cve/?vendor=xen
Gvisor has 1: app.opencve.io/cve/?q=gvisor
Now, gvisor is a much newer product, but it is still a full 7 years old compared to xen's 22 years of history. For something that is a third of the age, it has 1/25th of the cve's.
There is a very real argument to be made that the hardened openbsd kernel, when combined with openbsd's sandboxing, is more secure than xen, which you brought up.
Xen CVEs and Security Vulnerabilities - OpenCVE
app.opencve.ioyazomie
in reply to moonpiedumplings • • •I could use gvisor inside distrobox inside an appVM in Qubes, couldn't I?
Many CVE's for Xen were discovered and patched by the Qubes folks, so that's a good thing...
As for OpenBSD, I thought I mentioned in the blog post that I'm intending to use it as sys-net VM inside Qubes if not as HVM alongside my Linux appVMs, for when I need Linux. The best of both worlds, so to say.
moonpiedumplings
in reply to yazomie • • •to answer your first question, kind of. Gvisor (by google btw) uses the linux kernels sandboxing to sandbox the gvisor process itself.
Distrobox also uses the linux kernels sandboxing, which is how linux based containers work.
Due to issues with the attack surface of the linux's kernels sandboxing components, the ability to create sandboxing or containers inside sandboxes or containers is usually restricted.
What this means is that to use gvisor inside docker/podman (distrobox) you must either loosen the (kinda nonexistent) distrobox sandbox, or you must disable gvisors sandboxing that it applies to itself. You lose the benefit, and you would be better off just using gvisor alone.
It's complicated, but basically the linux's kernels containers/sandboxing features can't really be "stacked".
Linux | Madaidan's Insecurities
madaidans-insecurities.github.ioyazomie
in reply to moonpiedumplings • • •moonpiedumplings
in reply to yazomie • • •No, no, no.
It's no that sandboxing is the best practice, it's just that attempting to "stack" linux sandboxes is mostly ineffective. If I run kvm inside xen, I get more security. If I run a linux container inside a linux container, I only get the benefit of one layer. But linux sandboxes are good practice.
I do agree that secureblue sucks, but I don't understand your focus on Qubes. To elaborate on my criticisms let me explain, with a reply to this comment:
If really, really care about security, it's not enough to "find and patch CVE's". The architecture of the software must be organized in such a way that certain classes of vulnerabilities are impossible — so no CVE's exist in the first place. Having a lack of separation between different privilege levels turns a normal bug into a critical security issue.
Xen having so many CVE's shows that is has some clear architectural flaws, and that despite technically being a "microkernel", the isolation between the components is not enough to prevent privilege isolation flaws.
Gvisor having very few CVE's over it's lifespan shows it has a better architecture. Same for OpenBSD — despite having a "monolithic" kernel, I would trust openbsd more in many cases (will elaborate later).
Now, let's talk about threat model. Personally, I don't really understand your fears in this thread. You visited a site, got literally jumpscared (not even phised), and are now looking at qubes? No actual exploit was done.
You need to understand that the sandboxing that browsers use is one of the most advanced in existence currently. Browser escapes are mostly impossible... mostly.
In addition, you need to know that excluding openbsd, gvisor, and a few other projects almost all other projects will have a regular outpouring of CVE's at varying rates, depending on how well they are architectured.
Xen is one of those projects. Linux is one of those projects. Your browser is one of those projects. Although I consider Linux a tier below in security, I consider Xen and browsers to exist at a similar tier of security.
What I'm trying to say, is that any organization/entity that is keeping a browser sandbox escape, will most definitely have a Linux privilege escalation vulnerability, and will probably also have a Xen escape and escalation vulnerability.
This is just false. Anybody who is able to do the very difficult task of compromising you through the browser will probably also be able to punch through Xen.
This is true actually. Browser exploits are worth millions or even tens of millions of dollars. And they can only really be used a few times before someone catches them and reports them so that they are patched.
Why would someone spend tens of millions of dollars to compromise you? Do you have information worth millions of dollars on your computer? It's not a "utopic notion", it's being realistic.
If you want maximum browser security, ~~disable javascript~~ use chromium on openbsd. Chromium has slightly stronger sandboxing than firefox, although chromium mostly outputs CVE's at the same rate as firefox. Where it really shines, is when combined with Openbsd's sandboxing (or grapheneos' for phones).
Sure, you can run Xen under that setup. But there will be no benefit, you already have a stronger layer in front of Xen.
TLDR: Your entire security setup is only actually as strong as your strongest layer/shield. Adding more layers doesn't really offer a benefit. But trying to add stronger layers is a waste of your time because you aren't a target.
N.E.P.T.R
in reply to yazomie • • •I am excited to see Chimera Linux mature because iy seems like a distro which prioritizes a simple but modern software stack.
Features of Chimera that I like include:
- Not run by fascists
- Not SystemD (dinit)
- Not GNU coreutils (BSD utils)
- Not glibc (musl)
- Not jemalloc (mimalloc)
- Proper build system, not just Bash scripts in a trenchcoat
What I would like:
- MAC (SELinux)
- Switch to Fish over Bash (because it is a much lighter codebase)
- Switch from mimalloc to hardened_malloc (or mimalloc built with secure flag). Sadly hardened_malloc is only x64 or aarch64
- Hardened sysctl kernel policy
Chimera Linux
Chimera LinuxKajika
in reply to N.E.P.T.R • • •What are the pros/cons of GNU coreutils vs BSD utils?
EDIT : from their website : Desktop environment -> GNOME. What a choice, not for me.
yazomie
in reply to Kajika • • •LeFantome
in reply to Kajika • • •First, I use either Niri or KDE Plasma on Chimera Linux. Both are just an “apk add” away. You do not have to use GNOME. There is even a KDE live image so you do not even have to run GNOME once to install if you do not want.
I really like the BSD utils and have come to prefer them. Well written. Sleek. Well documented. The man pages are a walk through UNIX history. They feel “right” to me.
That said, the BSD userland is frequently a pain when interacting with the rest of the Linux universe. You cannot even build a stock kernel.org kernel without running into compatibility problems. The first time I built the COSMIC desktop on Chimera, I had to edit a dozen files to make them “BSD” compatible.
Sed, find, tar, xargs, and grep have all caused me problems. And you need bash obviously. But bash is no big deal because it has a different name.
The key GNU utils are available in the Chimera repos. But you get files named gfind, gtar, gxargs, gsed, etc. so scripts will not find them.
You often have to either add the ‘g’ to the beginning of utilities in scripts or edit the arguments to work with the BSD versions.
I mean, most things are compatible and I bet most of the command-line switches you actually use will work with the BSD utils. But I would be lying if I did not say third-party scripts are a hassle.
If I could do Chimera all over again, I would make it bsdtar and bsdsed (or bsed maybe) for the BSD versions.
Maybe the regular names could be symlinks with sed pointing to bsdsed by default but you could point it to gsed instead of you want. The system Chimera scripts and tools could use the longer names (eg. bsdsed) instead of the symlinks. The GNU tools could be absent by default like they are now. That would be the best of both worlds. The base system would have the advantages of the BSD tools (like easier builds as outlined on the Chimera site), the system could be GNU free if you want, and you could have a system that actually works out of the box more often with third-party scripts.
It pains me to say this. I would prefer not to use the GNU stuff but the GNU tools are the de facto standard on Linux and many, many things assume them. No wonder UUtils aims for 100% compatibility.
Anyway, even with what I say above, Chimera is my favourite distro. The dev can be a little prickly, but they do nice work.
Oinks
in reply to LeFantome • • •PATHmodification:or in script form:
/usr/local/opt/...is probably not the best place to put this but you get the idea, you can make it work with POSIX tools. I don't know that much about Chimera Linux but I'd be very surprised if nobody has thought of doing this systematically, e.g. as part of a distributable package.LeFantome
in reply to Oinks • • •Thank you for the suggestion. I am ashamed to confess that a temporary PATH variable had not occurred to me.
I first ran into these issues creating package templates. Chimera has a beautiful package build system where packages get built in containers and source code gets downloaded into the container and and built against a clean environment. As you point out, creating a package that creates the symlinks as a dependency (along with the GNU utils) could be a viable approach here. Maybe even just in /usr/local. The GNU utils get installed to /usr/bin in Chimera and the container gets recycled for every new package. The distro would never accept such hacky packages but I can use them myself.
For just generally working in the distro at the command-line, your temporary path idea could work well.
Thanks again. I appreciate it!
yazomie
in reply to N.E.P.T.R • • •N.E.P.T.R
in reply to yazomie • • •LeFantome
in reply to N.E.P.T.R • • •Chimera Linux is great. APK and cports are so good I cannot imagine going back to anything else.
Bash is not the default shell though. Chimera uses the Almquist Shell from FreeBSD. Other Linux distros have “dash” which is basically an Almquist variant.
Almquist is lighter than fish and fish is not POSIX compatible.
Bash is available in the Chimera Linux repos of course and is required for many common scripts.
“Not run by fascists”. Sometimes I wonder.
Jay🚩
in reply to yazomie • • •Ironclad
ironclad-os.orgyazomie
in reply to Jay🚩 • • •marcie (she/her)
in reply to yazomie • • •peskypry
in reply to marcie (she/her) • • •yazomie
in reply to peskypry • • •dXq9dwg4zt
in reply to peskypry • • •yazomie
in reply to marcie (she/her) • • •It works decently with just 8 GB RAM, and I'm going to upgrade the RAM.
Secureblue is based on sandboxing rather than paravirtualization, and I'm not sure that's secure enough for me.
marcie (she/her)
in reply to yazomie • • •I do agree it's likely more secure, but the tradeoff for common use cases (gaming, development) is steep. I could see using it solely for browsing and messaging people
You can also just slot secure blue into a qube I believe
non_burglar
in reply to yazomie • • •yazomie
in reply to non_burglar • • •non_burglar
in reply to yazomie • • •You aren't going to like this:
Because if you got yourself pwned by a malicious link in discord, your account highjacked, etc., then having discord in a vm, container, chroot, jail, or whatever won't help you on the server-side api abuse that got you pwned. In this case, you yourself should have been more vigilant.
From your article, and with respect, I think its nice you're thinking more about security, but you're mixing up quite a few concepts, and you should probably make smaller moves toward security that you actually understand, instead of going all-in on qubes with only a vague concept of the difference between sandboxing and paravirtualization.
mub
in reply to non_burglar • • •non_burglar
in reply to mub • • •Yep.
I was hoping not to sound too harsh, I'll have to work on that.
youmaynotknow
in reply to non_burglar • • •KubeRoot
in reply to mub • • •Well, maybe not any, but most ;D
mybuttnolie
in reply to yazomie • • •edit: thought i was funny but it sounds mean now. but i know how you feel, i got pwned once like 10y ago and they sent spam from my skype...
sudoer777
in reply to non_burglar • • •non_burglar
in reply to sudoer777 • • •MouldyCat
in reply to non_burglar • • •non_burglar
in reply to MouldyCat • • •Sure, but if the compromise stays within its own app, like for a browser, sandboxing won't help.
The bulk, and I mean like 95% of the compromises I see are normal employees clicking on things that "look legit".
Excel is now wrapped in a browser. Discord, almost all work apps are all wrapped in a browser. So you can be completely locked down between apps like grapheneos, but if you are choosing to open links, no amount of sandboxing is going to save you.
This is why we deploy knowbe4 and proofpoint, cause people are a liabilities, even to themselves.
FoundFootFootage78
in reply to non_burglar • • •Clicking on things that look legit is a critical part of interaction with computers. Programs should not be installed unintentionally, so first and foremost Office Macros should not be enabled by default (and eventually Microsoft did disable them).
Recently I think the main avenue for malware is to send a PDF with a fake popup for an update, that links to a phishing site and prompts you to download an exe with malware. That kind of thing is a harder issue to solve, but at the very least an OS should probably not let that program update your BIOS.
sudoer777
in reply to non_burglar • • •non_burglar
in reply to sudoer777 • • •sudoer777
in reply to non_burglar • • •Yes, but I never said you won't get pwned. I said that it would limit how it could be done and what damage it could do.
For instance, if you click a link and download something shitty, it can't just steal your auth tokens on GrapheneOS because all of that is isolated to only the program that uses them. Meanwhile on Windows/Linux there are tons of Python scripts that do that. It would take extra steps on GrapheneOS for someone to use social engineering to hack someone's Discord/Bank/etc account, which could be enough to prevent it for some people.
fruitycoder
in reply to yazomie • • •Another step up is the confidential computing project. Requires hardware that supports it though, which sucks, but takes the virtual hardware concept and adds multi key memory encryption on top.
Remember though security without a threat model is just paranoia, so what level of hoops and investment you need really depends on what your threats actually look like.
I personally love containers and Macsec. It limits most of my concerns. I want to mess with confidential containers next, which is to say lightweight VMs in containers with memory encryption set, but thats all future to me. The irony is that I then I have to figure out attestation better for those machines since from the host they are black boxes.
FoundFootFootage78
in reply to yazomie • • •