• 1 Post
  • 17 Comments
Joined 1 year ago
cake
Cake day: June 8th, 2023

help-circle
  • Yeah, this is one of those constant annoyances that you kinda just live with. It doesn’t matter that much, because compound words were at some point not one word, and there may be separate words that you use today that will join together during your career. Electronic mail became e-mail became email. As long as the casing doesn’t hide the meaning, you’re doing it right. Also be consistent. Don’t recreate such monstrosities as XMLHttpRequest.




  • Thank you! Here’s the actual PDF doc of their clarifications and here’s the original DSA

    The specific language for number of users is:

    average monthly active recipients of their service in the Union, calculated as an average over the period of the past six months

    And the definition of active recipient:

    (p) ‘active recipient of an online platform’ means a recipient of the service that has engaged with an online platform by either requesting the online platform to host information or being exposed to information hosted by the online platform and disseminated through its online interface;

    So you just need 45 million EU citizens looking at a platform to qualify as a VLOP. Amazon probably qualifies, but it would be easy for them to prove they were unfairly discriminated against as well.










  • As a software dev, so much this.

    PWAs are super fucking cool, but current web browsers are a SuperFund disaster site, so they make PWAs suck, and PWAs are partially to blame as Google and Apple keep adding features to browsers to mirror their phones’ native features. Every PWA is going to be slower than a native app for the foreseeable future, regrettably, and they’ll always be nothing more than a browser with the decorations hidden.

    I hate this reality with a passion, but native apps are faster because it’s an app on your phone and not an app in a browser on your phone.

    PWAs are great, because Apple and Google have no say in whether or not you can use them, and they get no cut if you spend money through them (scumbags at Apple taking 30%).


  • That’s why I said largely useless. An attacker can narrow down the attack surface by ignoring anything that can’t login, but that just leaves them with root and delial, and they already knew or could’ve guessed both of those pieces of information (in this context anyway).

    And as you noted when looking at the service accounts, they might be able to login or crack their way in via xrdp or sshd. So, unless you’re port-forwarding those protocols from the internet, how useful is that really? I would say largely useless. Assuming they port-scanned your public IP, they still need either an insecure config or an unpatched, remotely exploitable bug.

    That being said, you’re totally right. The average Linux user isn’t “administering” their system, so they probably aren’t following their distribution’s security mailing list, installing security patches as they’re released, and actually RTFM. It’s best for the average user to play it unbelievably safe.

    In this case, the machine isn’t actually running xrdp, and sshd doesn’t accept passwords or root logins. (Although, I need to setup knockd to protect that non-standard sshd port a bit more.) All passwords used on the system are random and longer than 32 characters. My router doesn’t port-forward to this machine, either.

    This has been an exercise of Cunningham’s Law for the benefit of those reading.


  • Since you told me not to. There isn’t a risk on most linux systems; passwords were moved to /etc/shadow a long time ago. It only leaks the names of your users and largely useless info for most attackers:

    root:x:0:0:root:/root:/bin/bash
    daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
    bin:x:2:2:bin:/bin:/usr/sbin/nologin
    sys:x:3:3:sys:/dev:/usr/sbin/nologin
    sync:x:4:65534:sync:/bin:/bin/sync
    games:x:5:60:games:/usr/games:/usr/sbin/nologin
    man:x:6:12:man:/var/cache/man:/usr/sbin/nologin
    lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin
    mail:x:8:8:mail:/var/mail:/usr/sbin/nologin
    news:x:9:9:news:/var/spool/news:/usr/sbin/nologin
    uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin
    proxy:x:13:13:proxy:/bin:/usr/sbin/nologin
    www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin
    backup:x:34:34:backup:/var/backups:/usr/sbin/nologin
    list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin
    irc:x:39:39:ircd:/run/ircd:/usr/sbin/nologin
    gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/usr/sbin/nologin
    nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin
    _apt:x:100:65534::/nonexistent:/usr/sbin/nologin
    systemd-network:x:101:102:systemd Network Management,,,:/run/systemd:/usr/sbin/nologin
    systemd-resolve:x:102:103:systemd Resolver,,,:/run/systemd:/usr/sbin/nologin
    messagebus:x:999:999:System Message Bus:/:/usr/sbin/nologin
    systemd-timesync:x:998:998:systemd Time Synchronization:/:/usr/sbin/nologin
    systemd-coredump:x:997:997:systemd Core Dumper:/:/usr/sbin/nologin
    delial:x:1000:1000:,,,:/home/delial:/bin/bash
    sshd:x:103:65534::/run/sshd:/usr/sbin/nologin
    xrdp:x:104:110::/run/xrdp:/usr/sbin/nologin
    dictd:x:105:111:Dictd Server,,,:/var/lib/dictd:/usr/sbin/nologin
    nm-openvpn:x:106:112:NetworkManager OpenVPN,,,:/var/lib/openvpn/chroot:/usr/sbin/nologin
    sssd:x:107:113:SSSD system user,,,:/var/lib/sss:/usr/sbin/nologin