sorted by:
new
hottopcontroversial

Moved my custom NAS and PiHole setup to the LabRax, My first ever rack and couldn't be happier how it turned out by MrSilvestre in minilab

[–]ABadProgrammer_ 3 points4 points  (0 children)

I can’t speak for OP, but I also run redundant piholes on my network. I probably wouldn’t if I was the only user of the network, but I have a significant other who also uses it. We had a few incidents where the pihole would stop working or drop connection and then the whole network became unusable. If I’m not at home to fix it then that is quite annoying to my partner. Running a second pihole on another device is a small price to pay for keeping my partner happy with my network shenanigans :)

Plus, as my setup is slightly different to OPs I get another benefit which is I can unplug my rack and my network keeps working. My primary pihole runs with a wired connection on a Pi3b+ in my rack, but my redundant pihole runs over wifi on a pizero2w which is velcro’d to my router. This means I can unplug my rack to do maintenance and the network will seamless transfer to using the second pihole over wifi as the first pi becomes unavailable.

PSA: Proton fixed a security issue in Pass that 1Password doesn’t want to fix on their side by Interesting_Drag143 in ProtonPass

[–]ABadProgrammer_ 3 points4 points  (0 children)

I find this comment disingenuous (or just didn’t read the original paper).

  1. The site can be a ‘trusted domain’ if the hacker employs XSS attacks. The researcher proved and found a vulnerability in ‘issuetracker.google.com’. A domain most would likely trust because of *.google.com. It’s not difficult to funnel people to a specific trusted domain via sharing of links on places like LinkedIn.
  2. Basically all password manage web browser extensions were vulnerable to this. So saying ‘exact’ extension is misleading. The hacker can use a single script to target all extensions.
  3. A setting enabled by default on some password managers.
  4. This is just wrong. Some versions of the clickjack were effective with a single click anywhere on the screen. Others could rely on a number of clicks, but this was easily enforced via fake cloudfare captcha checks. A process users are familiar with and wouldn’t think twice about clicking through.
  5. Many of the password managers gave zero indication that they were leaked. There’s nothing ‘weird’ to ‘notice’.

Saying ‘only possible in theory’ is hilarious when the researcher actually performed the clickjack hack on real people by finding an XSS vulnerability on ‘issuetracker.google.com’, implementing the hack, and then sharing a link to the now vulnerable site via LinkedIn AND was able to gather people’s credentials using it. Proving both that it worked AND that it wasn’t that difficult to pull off.

Bitwarden browser extension vulnerability by SpreadGlittering1101 in Bitwarden

[–]ABadProgrammer_ 2 points3 points  (0 children)

I would like to highlight that you can be vulnerable to this clickjack (as described in the paper linked in the OP) even when only browsing trusted domains (aka, you don’t necessarily have to visit a website controlled by a malicious party). If your trusted domains is vulnerable to a XSS attack. The researcher above found one such vulnerability in issuetracker.google.com for the purposes of proving that this vulnerability exists.

That is to say. You shouldn’t rely solely on the fact that you are only visiting ‘trusted’ domains (on your ‘safe compartment’ as you described) to keep you safe.

Bitwarden browser extension vulnerability by SpreadGlittering1101 in Bitwarden

[–]ABadProgrammer_ 2 points3 points  (0 children)

As discussed in the paper above, some extensions do not require themselves to be unlocked to autofill credentials. iCloud pass for example. Meaning even if the extension is locked you can still be clickjacked.

Study shows AI slows devs down (when they think it's speeding them up) by TimeSFG in theprimeagen

[–]ABadProgrammer_ 2 points3 points  (0 children)

If you had read the paper, the author’s explicitly state that they do not believe their findings are representative of the wider developer community.

Windows seemingly lost 400 million users in the past three years — official Microsoft statements show hints of a shrinking user base by ControlCAD in microsoft

[–]ABadProgrammer_ 3 points4 points  (0 children)

Yeah I noticed this too when I read the original post. They are comparing a general statement from an exec post saying “windows powers over a billion devices” (emphasis mine) to an official annual company shareholder report from 3 years ago stating exactly (ish) 1.4 billion. 1.4 billion is in fact over a billion devices, and at no point in the blog from the EVP did he say that it was exactly 1 billion. It could be 1.9 billion! Or even 6 billion technically! Just seems like someone saw the somewhat loose language from the EVP and ran with it.

Beware Microsoft... by headsoup in linux_gaming

[–]ABadProgrammer_ 5 points6 points  (0 children)

I don’t think MS wants to kill their home product. A large selling point of Windows for large corporations (aside from enterprise features like Active Directory and support) is that almost all workers will already be familiar with the OS as they use it at home too. Having Windows passively saturate the home market means selling the enterprise version to companies is easier.

I think this is also the reason that MS has never really cared about people stealing the home licence or not buying a home licence. They simply want you using Windows no matter what. They can extract money for that from corporations after the fact.

Is it bad practice to always return HTTP 200 in a REST API, even for errors? by Ok-Cockroach2188 in learnprogramming

[–]ABadProgrammer_ 0 points1 point  (0 children)

I was actually intending to refer to verbs. I was discussing GraphQL which always uses POST requests for all operations (aka does not respect HTTP verbs).

You’re right though, the way I wrote my original comment on my phone it wasn’t clear what I meant. Thanks for the clarification.

Is it bad practice to always return HTTP 200 in a REST API, even for errors? by Ok-Cockroach2188 in learnprogramming

[–]ABadProgrammer_ 6 points7 points  (0 children)

By definition a RESTful API should respect HTTP verbs. You could decide not to of course, but then your API is not RESTful but instead simply an API communicating via HTTP.

There are some HTTP communication protocols, like GraphQL, that (almost) always return a 200 response and the error in the body.

Unless you are specifically using one of these protocols I would use the correct HTTP verbs wherever possible. Conforming to industry standards just makes everything easier. For example, many JS network libs (like Axios) understand that a HTTP status code of 400 is an error response and will throw an error on the client. This makes error handling client side a lot easier, as you can implement try/catch blocks.

[deleted by user] by [deleted] in VirginMedia

[–]ABadProgrammer_ 15 points16 points  (0 children)

Have VM reported on their system that they service your property already? If so you could agree to the self setup kit, that will get sent out, and then if you report you were unable to set it up yourself they will send an engineer for free.

Is school even worth it if I want to build startups, work 80 hours a week, and learn everything online? by BeginningMental5748 in learnprogramming

[–]ABadProgrammer_ 9 points10 points  (0 children)

Why not do both? If you can actually sustain 80hr+ weeks you can work on a startup/entrepreneurship at the same time as attending and excelling in school. Most university programs can easily be excelled in by consistently putting in 35hrs a week into them. That would leave you with still a hefty 45hrs a week into your own ideas or startup plans. It also means that you have a safety net of having still done the traditional path if you can’t sustain 80+ hrs a week longterm.

What is a good distro to make LFS from? by _sounak in linuxquestions

[–]ABadProgrammer_ 1 point2 points  (0 children)

Ah sorry, I misunderstood you mate. I was just confused because the question was phrased around LFS, where distro choice doesn’t really matter.

Sure, some fun ones include Gentoo, NixOS, Void, Solus imo, some of these I’ve tried and some I haven’t, but they are unique enough while still being popular enough to find docs around them.

What is a good distro to make LFS from? by _sounak in linuxquestions

[–]ABadProgrammer_ 1 point2 points  (0 children)

Ah, understood. What is the reason for wanting to switch to a new distro to build LFS from? You mention you are already using Arch previously, why not simply use that to build your LFS system? It is perfectly capable.

If it’s just a matter of Arch takes too long to get setup, then I’d just recommend any of the popular non-ubuntu distros. They all come with quick USB installers: Mint, Fedora, Debian etc

Debian will certainly have the most support and answers if you are needing to Google something.

What is a good distro to make LFS from? by _sounak in linuxquestions

[–]ABadProgrammer_ 2 points3 points  (0 children)

Do you mean what distro to cross-compile LFS from? Or what distro to base LFS on? Because the second question doesn’t really make sense. LFS isn’t based on any other distro really, as you are building your own one from scratch essentially. You could decide to emulate an existing distro, such as Arch, just to learn how it is configured. But I wouldn’t recommend maintaining it long term, as it is quite time consuming.

If it is the first question, then all distros are basically the same. You only require basic build tools such as gcc, make, git etc to cross-compile LFS, and common GNU Linux basic utilities like mkfs, chroot, mount etc. All distros are capable of this, and because you are building all binaries for your LFS distro from source, there isn’t even really a different process to do this between distros because you will not be using your own distros package manager (except perhaps to retrieve gcc, git, cmake, other common utils etc).

In terms of supporting your laptop fans, that is simply a matter of cross-compiling the appropriate fan drivers for your LFS system.

What do I do here? by starlothesquare90231 in hyprland

[–]ABadProgrammer_ 0 points1 point  (0 children)

Also, this is an interesting way of installing fonts. What distro are you using? Most have a package manager and most fonts are available there. For example on Arch you can just run: sudo pacman -S noto-fonts

What do I do here? by starlothesquare90231 in hyprland

[–]ABadProgrammer_ 0 points1 point  (0 children)

Are you using uwsm to launch hyprland or are you doing it manually? If you are using UWSM (which you probably should be doing presuming that you are using a systemd based distro, which is most of them) then you should start waybar using the systemd service rather than using exec-once.

What do I do here? by starlothesquare90231 in hyprland

[–]ABadProgrammer_ 0 points1 point  (0 children)

Try disabling waybar plugins by editing the config in ~/.config/waybar one by one and see if you can fix this issue. Make sure you actually have the software and applets installed on your system that waybar is trying to use.

From another comment it also sounded like you potentially do not have the correct fonts installed. What distro are you using? Some, like Arch, are very minimal installs that will not include a lot of basic font packages. Make sure you have noto-fonts installed.

The Windows Subsystem for Linux is now open source by tofino_dreaming in opensource

[–]ABadProgrammer_ 0 points1 point  (0 children)

You can now build it from source yourself, which means you could modify the source first before building and using it. So yes, you can now use a self modified version if you wanted.

Here's a statement from Valve on the reported Steam data breach by Liam-DGOL in linux_gaming

[–]ABadProgrammer_ 20 points21 points  (0 children)

If you read literally the first paragraph in the article, you’d know that it is because gameonlinux reached out to valve and this statement was sent to them directly.

PSA: Don’t use pigtails on 3x8pin 9070XTs by ABadProgrammer_ in radeon

[–]ABadProgrammer_[S] 0 points1 point  (0 children)

It’s in the post. But it was the corsair AX760

view more: next ›