yeah, there’s a lot of shit that should never have been allowed in the kernel and rust is definitely up there. May as well add npm dependencies to the kernel next.

I’ve never had much of an opinion on micro vs monolithic. I think either can be fine, but I will say that 99% of the reason I compile my own kernels is to take stuff out lol

Both openrc and runit are great; simple, stable, secure and fast. I had some huge problems with systemd even before it was considered usable. Since then, watching it becoming a bloated CVE monster by needlessly sucking up dozens of userspace components has really made me lose a lot of faith in the direction of GNU/Linux. Linux was supposed to be a free and open version of unix for desktop users, but it’s being reshaped into a cheap tool for capital and prone to all the pitfalls of corporate / techbro thinking.

I’ve worked on Linux for decades, but I might ditch Linux altogether if FreeBSD had better hardware support. There’s only so much I can write and maintain, myself. I love OpenBSD for servers and network appliances since it’s very hardened, straightforward and very well documented.

I’m the same with booting into a tty. Starting up with easy to read shell scripts (like just being able to edit .xinitrc) is exactly how I want everything to work :)

I’d hope “linux” users might have a little better awareness of the attack surface of systemd after xz, but I’m usually disappointed. Tech bros and big tech are absolutely ruining Linux to the point that you have to go pretty far out of the circle now to get a good distro that understands unix philosophy and KISS principals. Void and Gentoo are pretty much my go-to’s, even then I blacklist a good number of packages.

Again, you really don’t know what the fuck you are talking about.

I only rock with Beasties and sysdfree Linux. Everyone running a CIAware OS gets what they fucking deserve.

How can we write policy to make the kids hornier?

lol, yeah, that line is beyond insane.

He said the country had recently “begun to change into a female-dominant society” and that this might "partly be responsible for an increase in male suicide attempts”.

He pointed out that globally more men took their lives than women. In many countries, including the UK, suicide is the biggest killer of men under 50.

Having capitalism strip your life of all meaning and dignity sure produces interesting forms of dissonance when you’re not allowed to criticize capitalism.

I did a little poking around on this and found a lot of people are experiencing similar issues with being spammed with unrequested microsoft login codes. Some of them do not have a microsoft account, either.

Saw these on reddit

I keep getting these codes and I literally don’t have an account for that email. When I try and log in it says “no account under this email”

If you don’t already have an MS account ( i have google) and after you enter your email address, it sends and requests the code so that MS can open an account with them. It never requests a password in this case. I tested it myself. I believe its a brute force attack on our email addresses… even though with a 7 digit code there are 10 million possible combinations… Its freaking me out regardless.

In the cases where people are receiving hundreds of these emails, it looks like it’s probably a botnet campaign to steal ms accounts. The attacker script might, intentionally or unintentionally, attempt to create an account associated with that email address if one does not exist. Which would be mostly pointless if that were the case (but I can imagine a fairly complex and specific way that could result in a compromised ms account). You could test that theory and see if it sends you the same email. Depending on the volume and frequency, I might not fully rule out someone forgetting what their own email address, either.

If you don’t have, and never plan to have, a microsoft account (big ups) I think you can just mark this crap as junk and safely ignore it.

It’s incredibly sad the more you think about it…

Also, critical support for Comrade Osprey, who has pwned more military fash than I’ll ever get the chance to

Certified 200 IQ moment

If someone gained access to your email there’s little chance they would use it for that purpose considering it’s far easier to just create email bot accounts. Scammers rarely leave you access to your account if they’re using it for SMTP. If the scammer is using your payment info, they’d be far safer from detection by using a different email address.

It might be this is a clever spearfishing campaign, or it could be someone confused/mistyped their address (frequently happens with TLDs). Also see this a lot with more newly created accounts, where the previous owner lost/gave up the email address, then either the old owner or attacker attempt to access an account protected by 2fa.

Did you check the DKIM signature?

The Labour party is just neolibs. The most you will get is platitudes, poverty and imperialism.

Don’t use microsoft products spyware and you can safely ignore all the associated scams

That’s not even coherent. You know a lot less than you think you do.

Well that’s your choice, but it’s a lot more rational to limit filesystem access by the browser, but allow a user unlimited access to the files downloaded by the browser (very easy to set that up asymmetrically with a symlink). Or at least restrict which directories a browser can or cannot access.

At the cost of security, speed and efficiency?

1. Systemd is the most egregious pile of shit poetteringware in linux, hands down. It’s a gigantic, slow, bloated mess that runs as pid0 and keeps getting bigger as it consumes all other unix services. It violates every single unix and kiss principal. The attack surface is massive and, becuase it’s pid0, has the highest level of privilege escalation attacks. The recent xz backdoor (absolutely state-sponsored btw) was made possible because of the integration of sshd (and xz) into systemd. It’s been a cve nightmare forced onto us by redhat/ibm despite our protests. It may as well have been written by the cia. Systemd alternatives like runit are superior in every respect, particularly speed and security, while adhering to unix and kiss philosophy.

2. Not all js is malicious, but it’s objectively the most vulnerable and commonly expolited component by malicious actors in browsers (webassembly will be worse). It’s also an objectively terrible and idiosyncratic language on its own. Good css can eliminate a lot of the most worthless uses of js, but in many cases it’s still a necessary evil in frontend and web design. The best compromise we have is to only use trustworthy, foss 1st-party code and restrict 2nd/3rd party code. It’s also always a good idea to run your browser in a sandbox (bsdjail, bwrap, firejail) with no access to user files or dbus.

Is it a public instance or just for you and your fam/comrades? But yeah, mandating a login requirement is what I’ve been afraid of. I would just stop using yt altogether if it came down to that.

Security and privacy are things accomplished in layers. You can implement any or all of these as you’re able to learn what they are and how they work.

At the very least a few browser tweaks and addons can prevent a lot malicious scripts and fingerprinting and are the absolute most simple, surface level things you can do. Just FF + ublockorigin will block most ads and surveillance capitalism tracking networks. noscript gives you granular control over what you do and do not want to run, and it’s a good learning experience for most users. Want ads gone, poof, there ya go.

Arkenfox is just a policy confg file (user.js) for firefox, which further helps block tracking, fingerprinting and the most awful annoyances and grievances sold as “convenience” in modern browsers. It’s well documented, easy to read and lets you configure things to your preference. The LibreWolf browser is firefox with a preconfigured arkenfox user.js for users who aren’t tech savvy or don’t like configuring things in text files. Highly recommended over FF + arkenfox if you’re getting started.

invidious is a privacy frontend for youtube that runs on instances (servers) that anonymizes users and cleans up youtube’s awful ui. Lemmygrad provides automatic invidious links when a user links to a yt video.

Running your own router firmware means owning your secure device and having meaningful control over it. Otherwise someone else has more access to your network than you do.

Finally, none of the security or privacy stuff means anything if you’re running an nsa compromised operating system, which is exactly that way by design. Opting out is free and returns speed, freedom and ownership to property held hostage by the worst excesses of capitalism and techno-fascism. This may tilt some “GaMeRs” … but people who won’t even liberate a personal computer from fascism at absolutely no risk, won’t liberate much else, either.

How easy has it been to find (presumably?) vps hosting able or willing to accommodate the IP bans from google? I feel like at some point google is going to go hard against the hosting on these ip-rotated instances.