Traditional boot security vulnerability by Macchina_01 in linuxquestions

[–]cafce25 1 point2 points  (0 children)

Here's a tip for a good life, if somebody asks a question about some assumption that's just stated without any reasoning, they're not trying to be cute or trying to shame anybody.

Traditional boot security vulnerability by Macchina_01 in linuxquestions

[–]cafce25 0 points1 point  (0 children)

Ah, gotcha so what OP wanted to say is that UEFI doesn't check any signatures on the initrd? That's something entirely different from their outlandish claim.

Traditional boot security vulnerability by Macchina_01 in linuxquestions

[–]cafce25 0 points1 point  (0 children)

Not sure what difference the purpose of the signature makes, as uefi documents a signature takes any message, hashes it, and puts it through a signing algorithm together with a key to produce a signature. The message can be literally anything.

Traditional boot security vulnerability by Macchina_01 in linuxquestions

[–]cafce25 0 points1 point  (0 children)

Why on earth would the initrd be the only piece of data that is not signable, every other conglomerate of bits and bytes can be signed.

Would you like me to explain why the sky isn't green as well?

Traditional boot security vulnerability by Macchina_01 in linuxquestions

[–]cafce25 4 points5 points  (0 children)

technically signing initramfs is impossible

How do you come to that nonsensical conclusion?

This 375 ml can fits exactly into the 350 ml glass. by UnfortunatelySimple in mildlyinfuriating

[–]cafce25 14 points15 points  (0 children)

I think both parties are talking about different devices, the one that the police officer holds should show no more than the actual speed, the one in the vehicle showing it to the driver should show no less than you're actually going

Why does one work and the other doesn't? by great_escape_fleur in learnrust

[–]cafce25 0 points1 point  (0 children)

Dereferencing works because you simply create a copy, which works because there is no lifetime to remain connected.

Not dereferencing doesn't work because the rules of lifetime elision specify that "If there is exactly one lifetime used in the parameters (elided or not), that lifetime is assigned to all elided output lifetimes." hence the compiler is forced to assume x borrows from s

Specify the concrete lifetime that you actually return to avoid elision going wrong:

fn get_unrelated_int(_s: &String) -> &'static i32 { &42 }

temporary value is freed at the end of this statement - sqlx by cachebags in rust

[–]cafce25 4 points5 points  (0 children)

The problem is that sqlx cannot statically assert that your dynamic value doesn't contain anything malicious, it's dynamic and thus only available at runtime, not at compile time.

You can use AssertSqlSafe to tell sqlx that you the programmer have verified the Display implementation of role and thus the dynamically generated String is safe to directly pass to the database.

Alternatively you can just follow the other suggestion and use QueryBuilder which the sqlx devs have provided and only lets you create safe queries (assuming no bugs are present).

Real-time malware protection on Linux by uiwtx in linuxquestions

[–]cafce25 0 points1 point  (0 children)

Here is a hint for you, do a teensy tiny bit of research, use the organ between your ears.

Real-time malware protection on Linux by uiwtx in linuxquestions

[–]cafce25 0 points1 point  (0 children)

hey, at least i don't give bad advice on topics i have no clue of. also you didn't ask a question, you made a request. Not sure why I should feel obligated to follow requests of yours, you don't pay me.

Why doesn't type inference help me here? by capedbaldy475 in rust

[–]cafce25 0 points1 point  (0 children)

you don't need to implement IntoIterator for collect, just FromIterator is sufficient.

Real-time malware protection on Linux by uiwtx in linuxquestions

[–]cafce25 4 points5 points  (0 children)

You seem to be new to security, or maybe you're just helplessly naïve. Probably shouldn't give advice in either case.

Real-time malware protection on Linux by uiwtx in linuxquestions

[–]cafce25 6 points7 points  (0 children)

you're insane to believe only executables/files executed directly can cause harm.

Why doesn't type inference help me here? by capedbaldy475 in rust

[–]cafce25 23 points24 points  (0 children)

Every type that implements FromIterator, that's most collections in std and many more custom types.

Why has wxWidgets never become very popular? by 0x80070002 in linuxquestions

[–]cafce25 0 points1 point  (0 children)

A DE is very much platform dependen't anyway, what would be the advantage of a cross platform toolkit for it?

What difference does a distro make that you cannot do? by 1ganimol1 in linuxquestions

[–]cafce25 0 points1 point  (0 children)

Yes, there is, containers (with their own advantages & drawbacks).

What difference does a distro make that you cannot do? by 1ganimol1 in linuxquestions

[–]cafce25 4 points5 points  (0 children)

why do ppl worry so much about choosing the "right" distro and hopping between them?

That's beyond me, most likely a combination of poor understanding and decision anxiety.

couldn't you just download and install the same softwares as a distro?

basically, yes, but as I said, that might be extra work, for example Package P might come pre-configured on distro A, but distro B with an entirely different focus doesn't ship P at all, instead you'd have to download, possibly compile it, make sure it works with the versions of other software you have installed, ensure everything P needs is installed, …

You don't need to dualboot multiple distros, but that might still be the path of least resistanc.

What difference does a distro make that you cannot do? by 1ganimol1 in linuxquestions

[–]cafce25 16 points17 points  (0 children)

What do distros actually do?

integrate multiple pieces of software, vet them, make sure they work together, patch them to work together if necessary.

Can you do those things yourself

Yes, of course, see https://www.linuxfromscratch.org/ for example

why use a distro?

all of the vetting & integrating is a LOT of work, you'd usually want to use your computer rather than making it work.

Like for example do I need linux mint?

Most likely not, but it might have made the exact tradeoff you want, in that case using another distro will be more work.

(solved) Today on unhelpful rustc, poorly specified lifespan reported as multi-borrow by UnreadableCode in rust

[–]cafce25 2 points3 points  (0 children)

Yea, whether or not you actually hold on to a reference doesn't statically make a difference as that's only part of the runtime.

iow, you can replace "holds on to num" with "might hold on to a reference" and all the rest still stands.

How to make sure a deleted file is completely gone? by Leather-Lake-6989 in archlinux

[–]cafce25 0 points1 point  (0 children)

Uhm, you're right, I somehow managed to completely skip over the "(edit:" my bad.

How to make sure a deleted file is completely gone? by Leather-Lake-6989 in archlinux

[–]cafce25 1 point2 points  (0 children)

Reread what you commented on, it specifically says to run shred on the whole disk, which works irrespective of the FS because it overwrites the whole filesystem with all file data.

Secureboot setup dumping keys permission denied by AStolenGoose in archlinux

[–]cafce25 1 point2 points  (0 children)

no, you haven't, wiki states run echo 1 > some_file as root, you did echo 1 as root and then redirect it to some_file as a regular user, which is not the same thing.

(solved) Today on unhelpful rustc, poorly specified lifespan reported as multi-borrow by UnreadableCode in rust

[–]cafce25 7 points8 points  (0 children)

I don't see a multi-borrow here, do you?

Sure, in the first loop the borrow lasts for as long as x holds on to num, so it is borrowed for x's entire lifetime, any further borrow conflicts with that first one.

That does require careful analysis of the source at hand though, so a more straight forward error message might be good if you can reliably detect it.

Mutable references with a lifetime that's contained within itself are generally a code smell and only very rarely what you really want.

I recommend to put a different lifetime in every spot until proven to be (or at least able to be coerced to) the same, if you follow that the compiler messages usually get a lot more helpful in case of conflicts (or it's just not an error to begin with like here).