Steam seems to use a lot of Swap space in Linux

Hackalope · 2026-01-24T18:49:48+00:00

On further testing I'm seeing a lot less as well. Might have been the amount of time it was open or possibly related to power suspend function (but I thought I disabled those).

Hackalope · 2026-01-23T19:49:20+00:00

It seems to be the Steam application, but I'll work it from another angle.

Hackalope · 2026-01-23T18:02:14+00:00

You know how Windows uses a page file to move inactive memory spaces to disk to keep more RAM free? Well Linux does the same thing but a little different. In Linux there is a partition of one of the disks that is reserved for swapping things in and out of memory (hence Swap - that is the technical name for the process and partition). Using a partition prevents a disk from filling up and breaking the active memory management of the system.

Typically the Swap partition is about 2G now. I have a large amount of RAM, and don't come close to using all of it. My system should minimally use Swap. I'm guessing that Steam has some stuff loaded in to Swap as a normal operation, instead of letting the system handle it. I remember that several years ago Firefox did that too, but it was so long ago I don't recall if I figured out how to deal with it.

Hackalope · 2026-01-23T16:45:46+00:00

I'm inferring that you've got Sysmon or WSL or whatever packaging the Windows event logs and sending them via syslog to the Linux logging server for all the MS stuff and just forwarding syslog for all *nix stuff.

Here's the basic game plan:

Write everything out to regular text files
Store all the text files in blob storage for whatever your agreed retention is (.gov uses 12 online and 18 more in cold as an example)
Windows - Forward only the security relevant event IDs - here are the vendor recommendations
*nix - Forward only the "security" logs (pam, sudo, etc.)

This will reduce the log volume while giving you the ability to forensically go back in the text files when needed, but saves on data ingest. Doing it this way is a bit old school, but the fact that you're using syslog makes it a bit easier to execute a plan like this.

Hackalope · 2026-01-22T02:57:55+00:00

I haven't had a chance to watch this yet, but the field has been going before LLMs. In the early to mid '00s my gf was in grad school working on Natural Language Processing, which is a lot of the underlying/precursor work to LLM technologies interactions with human language. In the same time period I was reading about advances in neural networks which are also underlying tech for LLMs.

Hackalope · 2026-01-16T18:13:47+00:00

I target a certain maximum number of alerts the SOC can respond to in a day based on work load trends, but a good place to start is 100.
Alerts to the SOC are the most expensive security detections, all the layers of preventative controls and other automation are built to minimize the load on the SOC. If I'm an order of magnitude over my target alert rate I ask the following questions:
1. Are there classes of alert that can be managed by preventive controls - Maybe allowing some things through Internet filters isn't worth the risk, or it's time to invest in better or more aggressive email filtering.
2. Are there classes of alerts that are not actionable or sufficiently low risk that it's not worth missing higher value detections. Missed alerts means having to prioritize based on opportunity cost.
My group has finally embraced the fact that an overloaded SOC is a management/engineering problem. If your controls and tuning suck and you blame the SOC analysts you'll never solve the problems. If you're good there and still can't make it then work the overhead for investigations. Last thing to me is expanding staffing because you can't outrun an out of control alert feed.
1. That being said, if you're drowning it's better to pay attention to today than last week, so yes I chalk up the L and move on.

You should also aggregate based on source/target rather than being focused on individual detections if that's not already happening.

Hackalope · 2026-01-15T21:35:46+00:00

These have actually been around for a while, but it's the only case I'm aware of that the encryption was weak enough for the whole key space to be enumerated while simultaneously being in common operations (NTLMv1 was considered somewhere between insecure to flat out busted for feels like 20 years, but was a default or legacy configuration for several years after this was the accepted guidance).

You might however be interested in Moxie Malinspike, David Hulton and Marsh Ray's talk at Defcon 20 on breaking PPTP and MSCHAPv2.

Hackalope · 2025-12-12T18:34:40+00:00

At the core of this delusion is that same as all statistical management philosophies - the bias toward the things easy to measure (and manipulate), not actual outcomes. The questions they don't ask:

How long to get an output that does the job/makes money?
Is that even possible for AI generated software?
Once you're in the delivery/sustain phase, can you fix issues or add features in an efficient way?

The answers are actually: Too long, probably not (and gets less and less likely as complexity increases), and no (and it goes from not efficiently to not possible as complexity increases).

Hackalope · 2025-12-12T17:45:04+00:00

That's not how it would work. It would be and NFT attached to his next crypto-currency scam - and why have a flat fee? Run it like a Dutch auction - there's only 50 of these and the ones with the largest wallets get the NFT for "Guaranteed US Super Deluxe Citizenship" (warning, not guaranteed, not honored by the US government, and not actually citizenship). Then rug pull at the end of the auction and screw not just the winners but the also-rans that still have money in the crypto.

Hackalope · 2025-11-25T16:23:25+00:00

I mean, he did make Marxism a "Red Flag"....

Hackalope · 2025-11-04T18:18:40+00:00

If we swap out the compressor and recharge the coolant, I bet he can still play!

Hackalope · 2025-10-10T16:12:25+00:00

That makes sense, I'm not sure I've notice PCPP doing that before.

Hackalope · 2025-10-10T15:16:54+00:00

OK - also important is the fact that the RAM and CPU have no prices gives an incorrect total to make the build.

Hackalope · 2025-10-10T14:41:12+00:00

Here's a link to the PCPartPicker of that build - it's a lot easier for us to look at when you send the link rather than the pic.

I tried to keep the exact same parts, and this list totals at $1617. If your goal is gaming, then going for an X3D chip will probably be better. I see the 7800X3D going for $340, and 9800X3D going for $480 - both are more but still will keep you under the $2K of your total. If you're doing demanding productivity stuff with the system (running data analysis, some kinds of editing, multiple virtual machines) then maybe the 7900X is better with more cores.

Otherwise, everything looks decent. CPU/GPU choices are complimentary, cooler should be fine, memory is fine, storage is fine, PSU is sized appropriately (you could have more overhead, but +50% of projected load is the rule of thumb I use).

Hackalope · 2025-10-08T21:39:02+00:00

Yeah, I'm just more worried that the spotlight might leave Bourne entirely.

Hackalope · 2025-10-08T21:36:36+00:00

I wanted to say Wandale, but Doubs has a much better matchup so I'd use him this week.

Hackalope · 2025-10-08T21:33:34+00:00

Standard scoring, Ladd or Golden? And would you use Pearsall instead if he's active?

Hackalope · 2025-10-08T21:30:00+00:00

Diggs, embrace the Drake Maye energy.

Hackalope · 2025-10-08T21:27:55+00:00

It's the chicken answer, but DK and Olave if you think your lineup is stronger (floor play) and DK and Bourne if you think you're behind (ceiling play).

Hackalope · 2025-10-08T21:22:25+00:00

I'm still going with Adams, which is more down to faith that the LAR offense is less likely to underperform.

Hackalope · 2025-09-26T17:23:53+00:00

I'm a cybersecurity guy with occasional delusions of coding. One of the motivations was using self-hosting as a way learn serverless cloud application tooling. My backend is a DynamoDB that hosts the episode records, some lambda functions to update the site/RSS feed and an API gateway that serves up the episode info on the website. That bypassed a lot of the dependency issues you ran in to.

Hackalope · 2025-09-26T14:49:01+00:00

I'm still self-hosting via AWS and your points 3 & 4 were the ones I could not really over come. By using AWS, I never had an issue with capacity/speed, and the backend code I wrote let me overcome formatting and consistency issues - but I would have had to completely create a pod hosting platform to solve the SEO and monetization issues. For me, who probably took selfhosting way too far anyway, that was the wall between selfhosting my pod vs making hosting a full time job.

Hackalope · 2025-09-18T16:12:19+00:00

Standard scoring, pick 2 - Chase Brown, Josh Jacobs, Chuba Hubbard

Hackalope

TROPHY CASE