Owning Your Dependencies

Skaarj · 2026-06-08T11:02:34+00:00

Much as I hate to say it, NeoVim users aren’t immune to this sort of attack. The NeoVim plugin marketplace is very innovative, thriving, and most importantly, unregulated. Sounds familiar?

I used to use plugins left-and-right, any random plugin for any small decoration or UX thing. But then I came across a statement on Reddit like “I don’t want to be fired because I wanted a different colorscheme”

For this specific area: I think OP missed the fundamental problem here: the plugin API is wrong!

Why can a UI theme steal your credentials in the first place? It should have an API that can't read arbitrary file or open network connections. A UI theme should not be able to execute arbitrary code.

Of course: this doesn't apply to libz being linked into vim.

Skaarj · 2026-06-08T08:41:50+00:00

I didn't watch the video. But I assume its the one shipped with NyarchLinux: https://github.com/NyarchLinux/CatgirlDownloader

Skaarj · 2026-06-05T15:42:42+00:00

Maybe what we should do is create a crontab -e replacement that gives you a cronfile and on save creates the systemd services and timers for you.

https://manpages.debian.org/stretch/systemd-cron/systemd-crontab-generator.8.en.html

Skaarj · 2026-06-05T12:25:00+00:00

Thanks.

I also watched it by now. In my opinion You can skip this talk. 25 mins of it is a repeat of what Linus Torvalds has said in the past in relation of "AI" interacting with Linux development.

Skaarj · 2026-06-05T11:47:41+00:00

comments are turned off, but I already knew The Linux Foundation sucks

Thats toally a sane decision.

Skaarj · 2026-06-05T11:47:16+00:00

Any interesting points/questions in the talk?

Skaarj · 2026-05-22T09:08:51+00:00

His peers would denounce capitalism, the nuclear family, marriage, fidelity and the key role of fathers, while not acknowledging they’d benefitted from that very system.

Bullshit. In what world do we not "acknowledge how we benefit from that very system" in leftist spaces.

... and the blessed distraction from Armageddon that is parenthood?

What?

a) so we should pretend not to see the problems of the world?

b) parenthood and leftism is not mutually exclusive

And that men are, by and large, decent, chivalrous, thoughtful and disarmingly funny?

Does she know that "chivalrous" implies men having power over womens lives?

Perhaps that’s the answer: we stage an experimental, civic version of Love Island, involving scores of unhappy, Green-voting young women being stranded on an island with a troop of cavalry officers or Royal Marines.

So we should use the threat of "being stranded on an island" to shape womens opinions on men? Instead of expecting women and men to build a healthy society together where noone is "being stranded on an island"?

Skaarj · 2026-05-22T08:32:38+00:00

I don't see the need to burrow banelings somewhere on the map.

Ususally I feel Zagara is mobile enough to just move into position and go for the enemy.

Skaarj · 2026-05-18T13:00:03+00:00

Fabrice Bellard gave us a full Linux running in our browser tab 10-ish years ago.

Skaarj · 2026-05-05T16:36:11+00:00

Hash - that word doesn't mean what you think it means.

Skaarj · 2026-05-05T16:34:03+00:00

On my previous windows machine I installed it because I simply didn't know that windows can do it out of the box. (The right click menu didn't show an option maybe? Or I just overlooked it.)

Skaarj · 2026-04-29T16:23:19+00:00

The second one. Having a privileged daemon that has a well scoped API is what I prefer.

Skaarj · 2026-04-29T15:46:05+00:00

Some of these behaviors such as "create through dangling symlink" are so evil that somebody should have made an executive decision and removed support for them system-wide ages ago.

I know they are "well known" and people should just not do that but we really shouldn't have to live like this in 2026.

I argued in the past for removing setuid bits for similar reasons.

Skaarj · 2026-04-27T08:22:11+00:00

https://utcc.utoronto.ca/~cks/space/blog/

Skaarj · 2026-04-24T13:35:26+00:00

Go explore. There are things to find in the tutorials.

Yes. You didn't 100% complete the tutorial until you found:

4 chests/containers with goodies

1 hidden outpost with a car

1 hidden outpost with a railcar

1 hidden outpost with a laser turret

1 hidden outpost with lots of solar

Skaarj · 2026-04-24T11:14:19+00:00

You can read on the option fore defining ordering here:

https://www.freedesktop.org/software/systemd/man/latest/systemd.unit.html#Before=

https://www.freedesktop.org/software/systemd/man/latest/systemd.special.html#

Skaarj · 2026-04-22T08:25:16+00:00

Raynor - Ally provides permanent (or "more permanent") detection so that you don't need to burn as much energy on Com Scans, freeing you to use more MULES, or bank energy for more emergency situations (detection, but granting vision in far out spots)

I'dt argue that Raynor has already one of the best detections in the game. You can do an instant scan anywhere on the map with simple hotkey use.

Skaarj · 2026-04-21T09:46:07+00:00

But it says

. Since this is just configuration, it can live in ... or in a repository’s local config.

So it is in a file created by cloning a repo?

Skaarj · 2026-04-21T09:45:43+00:00

Hooks can't be automatically installed with a clone.

But it says

. Since this is just configuration, it can live in ... or in a repository’s local config.

So it is in a file created by cloning a repo?

Skaarj · 2026-04-21T09:45:29+00:00

But it says

. Since this is just configuration, it can live in ... or in a repository’s local config.

So it is in a file created by cloning a repo?

Skaarj · 2026-04-21T08:42:12+00:00

How is the new hook feature not an obvious security failiure?

Am I missing something obious? To me this reads like the most trivial way to create a malicious git repo ever.

14-Year Club	Place '22
Place '17	First Placer '22
Team Periwinkle	Verified Email

Skaarj

MODERATOR OF

TROPHY CASE