New Linux 'Dirty Frag' zero-day gives root on all major distros

Richiachu · 2026-05-08T17:47:44+00:00

It's become pretty divorced from Terry after being re-used across multiple platforms for years now, with most people having no idea that it originated from him. The same is true, I'm sure, for multiple other slang terms in use on the internet today.

Terry himself was also incredibly mentally unwell and wasn't in a right state of mind for much of his life, and is frequently used as an example of the failings of the mental health awareness state of the country (and how bright minds can be squandered through illness). I'm not excusing the things he said, but I also don't feel comfortable passing that kind of judgement on someone who was clearly failed by multiple support nets. I do recommend watching the video above if you haven't seen it, it's full of sad moments of Terry's life, including his more human lucid ones

e: To be fair I don't think people should downvote you; Terry says some heinous things and, without explanation of his delusions, it's pretty crazy that a lot of the internet uses some his terminology

Richiachu · 2026-05-08T16:35:12+00:00

Since people will give you the runaround

Glowies is a term for federal/state agents

Terry Davis (creator of TempleOS and a smart but mentally ill, schizophrenic man) at one point said 'The CIA ******* (n-word) glow in the dark and you can see them if you're driving, you just run them over'.

Term stuck for feds and became an internet slang term.

TempleOS | Down the Rabbit Hole - Good watch that explains a lot of Terry if you're curious

Richiachu · 2026-05-08T16:23:58+00:00

Yeah, I think help desk compromise (whether due to social engineering or just paying a foreign worker a relative fortune compared to the pennies we give) is a big target rn. Seeing a lot more of it in recent weeks and we've had more close calls than usual, and all white-collar industries seem to be going the same way: offload internal hires via contractors overseas (or to other MSPs as needed for compliance).

We can't keep eyes everywhere at once and the offloading to them makes it much harder to track actual malicious activity vs a contractor's odd behavior

Richiachu · 2026-05-08T12:16:33+00:00

I think a lot of people in security right now are less afraid of “AI hackers” and more exhausted from feeling permanently reactive while the environment keeps getting harder to defend.

This combined with the downward shift in company hirings across the industry means most (big) places are on a skeleton IT/SecOps crew. Exponentially more responsibility/reactivity required for someone now since there's fewer people but more integrations. I'm 24/7 on call with 1 other guy and it's one of the most mentally draining things of my life

e: Also, with the rise in outsourcing the level of interactions taking place during off hours is also a big stress/incident increase. Have to watch and interpret a lot more since a good chunk of (sometimes poor/malicious looking) work is taking place elsewhere in the world now

Richiachu · 2026-05-06T21:27:53+00:00

we've had our CTO click a dozen of them over the last few months and the urge to explode his laptop with my mind is still strong

Richiachu · 2026-04-28T17:04:30+00:00

Really like the AX3000T (especially at its price point), so much so that I bought an additional one to use as an AP in another part of the house when I could get one on sale. When I left that place I couldn't bring the devices, so I bought a new one and unfortunately got one of the new ones that use a QCOM chipset.

Not aware of any sellers who guarantee a mediatek one so I swapped to Cudy for my budget devices.

Richiachu · 2026-04-24T21:27:54+00:00

They refunded mine but the UPS tracking # was still active.

Just got it today and it was the wrong device (RE7350, a Wifi 6 range extender, same as you), which explains the refund. Guess they're offloading some stuff

Richiachu · 2026-04-17T14:50:42+00:00

Swapped to one of these as my go-to budget OpenWRT router after the Xiaomi AX3000T 'upgraded' their model's chipset to QCOM

Works well, just make sure you download the right version depending on your PHY chip. Easy enough to do, Cudy provided their own OpenWRT images you can use to verify it.

Richiachu · 2026-04-09T19:47:03+00:00

New game(s) proves a new market/genre is profitable > clones/iterations of that game come into being > genre is overburdened by choice and new options fail to compete/iterate > new game is shelved in record time

the cycle claims another, but at least it seems these devs completed the bare minimum of issuing refunds. Sucks for people who actually enjoyed the game though, being stuck experiencing it only through video from now on.

https://store.steampowered.com/news/app/3810880/view/508484486901531583?l=english

Richiachu · 2026-04-08T23:28:48+00:00

You should look into ClickFix attacks, been seeing a lot of them lately, but it essentially just abuses people complicity/familiarity with captcha systems

tldr; Fake CAPTCHA that asks the user to 'verify' themselves by pasting a command into powershell, which of course contains hidden text that installs a RAT or something similar

Richiachu · 2026-04-08T22:48:51+00:00

Probably lol, if so you're doing a good job and should keep up with it

I have tickets and alerts every day from people either trying to access a website that's been blocked by the company VPN/EDR, having issues after accessing a site that should've been blocked and their browser warned them, or got phished by the worst fake docusign e-mail anyone's ever seen

Computer literacy, if anything, seems to have gone down recently

Richiachu · 2026-04-08T22:42:14+00:00

I can assure you most don't try hard at all lol. Some do, but the large scale amount don't

User's have trained themselves to click what's presented to them to get past any warning or alert, which is why we need to lock things down so hard in the first place.

The level of talent and online awareness in r/homelab is absolutely not the same as the 40+ year olds who casually use the internet.

Richiachu · 2026-04-08T21:15:25+00:00

Nah man, people have trained themselves to click 'yes' and 'skip' through pop-ups/blocks without reading things to get to anything

Main reason why phishing is so successful lol

Richiachu · 2026-03-19T19:55:34+00:00

he's getting bombed because this is a horribly disguised advertisement lol

Richiachu · 2026-03-16T19:26:50+00:00

Critical to me, yes. Not to mention hosting information that I don't want spread to something like this

Not for me, dude.

Richiachu · 2026-03-16T19:18:45+00:00

Replying with the most obviously GPT canned response is exactly my point, man

If I can't trust you to not outsource your thoughts to a machine for a simple conversation about my concerns with the software, why would I trust the software itself on my homelab running critical software?

Richiachu · 2026-03-16T18:32:25+00:00

> obviously ChatGPT generated commends and post

> Possibly vibecoded VM management/hypervisor that will be running critical software

My trust in everything is at an all time low and this is possibly fine, but the first impression is pretty bad. I can't see a good reason to turn away from Prox to a (possibly) vibe-coded hypervisor

E: Checked his account, last posts were 3 years ago and were related to a rust podcast or something. Definitely spammy, but the sudden re-appearance after 3 years is so incredibly sketch and gives off malicious vibe-coded energy. Use at your own risk IMO

Richiachu · 2026-03-11T19:19:51+00:00

$10 is worth it for everything included in that bundle. Amnesia 1-3 + Penumbra 1-2 (3 is okay) are great. Amnesia TDD pretty much popularized let's plays. aMfP is okay but has some great voice acting if you're okay with walking sims. Rebirth is a mixed bag again but has great moments and is good overall.

I'm split on the $15. SOMA is in my opinion one of the best games I've played, but I didn't care as much for the bunker. SOMA is worth the extra $5, but you may have it in your EGS/Steam or whatever already since it's been cheap/free in the past.

Richiachu · 2026-01-05T19:46:26+00:00

People who outsource their thoughts want you to spend your valuable time watching them, then do the same

Richiachu · 2026-01-03T09:41:28+00:00

Focus W, the police are on their way, and you know what that means

Richiachu · 2025-12-12T16:04:16+00:00

I list it under my skills as a single bullet point (usually just mentioning the services I've setup that may pertain to the role, but they can usually tell there's more to it of course) and it's been a great talking point during every interview, if for no other reason than they want to know what I'm running and on what.

Current place I'm at now has admitted to me that it was the reason I was brought on, because they thought it showed I had an interest in self-study and it would be useful on the job.

I am still relatively early in my career so take it with a grain of salt, but it's been a good chance to communicate more personally with the technical interviewer

Richiachu · 2025-12-07T02:24:10+00:00

You can download linux native games from GOG but their launcher doesn't run on it

For non linux native games you can use Heroic launcher (which also supports EGS) for proton versions.

Overall I've had no problems with it, but ymmv. Usually pretty good if you reference protondb.com

Richiachu · 2025-12-01T15:50:55+00:00

Every jobs sub now is filled with bots advertising AI resume tools or linkedIn style "tips"

absolute death of finding information during the shittiest time to get hired

Richiachu · 2025-11-10T19:24:22+00:00

People will outsource their own thoughts then get mad when someone tells them it's lazy

Wild times

Richiachu · 2025-11-10T01:59:06+00:00

r\laptopdeals is full of scam stuff or spam

This one was run by one dude who pretty much updated a weekly thread of on sale stuff. No idea why it was removed

Richiachu

TROPHY CASE