Show newer

1,096 2/6

⬛🟨⬛🟨🟩
🟩🟩🟩🟩🟩

Surprisingly short solve today!

In an effort to escape the data-mining AI hellscape that is modern software, I installed Linux on bare metal (a HP laptop) this weekend. I haven't run Linux outside of a VM since I got my first academic VMWare key in around 2013, because I frankly haven't needed to. VMWare, VirtualBox, WSL, Multipass, Lima, Docker Desktop, and the cloud have provided me a ton of capability without having to worry about drivers.

I ended up going with Debian Stable. Canonical seems as enthusiastic to treat me as just another training tool for AI as Microsoft, so Ubuntu wasn't on the table for me. My Red Hat developer account is broken, so I can't connect to RHEL package repositories. I'm not smart enough to run Arch. That left me with Fedora and Debian, and I have been super impressed with Debian recently. Greg K-H did a great episode on the #osspodcast about Debian running a stable kernel release, and the way the team responded to the XZ backdoor was incredible. Plus @joshbressers recommended Debian Stable to me.

I am super impressed by the experience so far. The visual installer in the netinstall image worked pretty seamlessly (I had to ask it twice to detect my NIC, but it found them on the second try). There's a hiccup where Wayland doesn't want to use the AMD GPU in the laptop (even though the drivers are loaded and the card is detected), but there's not much screen tearing in Gnome even with the Intel integrated card being used to drive a 4K display. Honestly, it works better than my work machine (M3 Pro Macbook), because I don't have to randomly restart it to get it to use a USB C monitor, and I don't need a 3rd-party utility to get windows to snap to the sides of the screen (how is that not implemented in MacOS in 2024?).

pre-coffee thoughts with Tilly:

when you have a boat and put a figurehead of a woman on the prow you’re really displaying your prowess

this has been pre-coffee thoughts with Tilly

When this hit master, I quickly found myself using it all the time. For those not using #HelixEditor built straight from source, it’s actually very very stable. I haven’t had any significant breakage since I started following upstream/master 6 months ago.
urbanists.social/@markstos/112

I had a little Tetris action in my 1,059 this morning.

⬛⬛⬛⬛⬛
⬛🟨🟨⬛⬛
⬛⬛🟨🟨⬛
🟩🟩🟩🟩🟩

My talk about the NICE Cyber Career Ambassador program is picked up for SATX! It's a pretty fun little conference in San Antonio.

Wordle 1,037 - today's solve rate is about 70%, that's one of the lowest I've ever seen.

🟨⬛⬛⬛⬛
⬛⬛⬛⬛⬛
⬛🟨⬛⬛⬛
⬛🟩🟩🟩🟩
🟩🟩🟩🟩🟩

I matched WordleBot's solve speed today.

"What is the good of sex?"

— The Selfish Gene by Richard Dawkins

I don't think I can help you man.

Quote of the day (from the Fedora devel list):

We have no mechanism to flag when J. Random Packager adds "Supplements: glibc" to their random leaf node package. As a reminder, *we are a project that allows 1,601 minimally-vetted people to deliver arbitrary code executed as root on hundreds of thousands of systems*, and this mechanism allows any one of those people to cause the package they have complete control over to be automatically pulled in as a dependency on virtually every single one of those systems.

Adam Williamson

Again the FOSS world has proven to be vigilant and proactive in finding bugs and backdoors, IMHO. The level of transparency is stellar, especially compared to proprietary software companies. What the FOSS world has accomplished in 24 hours after detection of the backdoor code in #xz deserves a moment of humbleness. Instead we have flamewars and armchair experts shouting that we must change everything NOW. Which would introduce even more risks. Progress is made iteratively. Learn, adapt, repeat.

people are saying the xz backdoor is likely the work of a nation state actor, and given that it appears to been slow rolled for a couple of years and immediately became obsolete before it was fully launched - you do have to admit it bears the hallmarks of a government IT project

That nice thing where you get home and get the kids to bed and you can finally check whether your boxes with exposed SSH are backdoored by xz, and Debian Testing has auto-updated itself and mitigated the issue already.

I've long been convinced that the actual changed line of code is one of the most hilarious lines of code ever written

if ((options == (__WCLONE|__WALL)) && (current->uid = 0))
retval = -EINVAL;

Show thread
Show older
Qoto Mastodon

QOTO: Question Others to Teach Ourselves
An inclusive, Academic Freedom, instance
All cultures welcome.
Hate speech and harassment strictly forbidden.