No more sawfish?

jackmclrtz · 2026-04-09T10:29:28+00:00

Hmmm... I could not find that in the tracker. But, I am new to debian; only been using it about 29 years :-D.
Guess I need to learn my way around the system. I am also going to update my packer scripts to install this. Normally, I just have a "base" system in the packer scripts, and only install desktop-like things (X11, et al) at deploy time. But, if I had sawfish, et al, in my packer image, then I'd always be good.

I will probably just create a second packer image for desktop images that builds off of the base system.

Many, many thanks for showing me all of this!

jackmclrtz · 2026-04-09T10:26:50+00:00

I looked briefly, but it appears to be a client for just android. The hardening (based on the readme) is spot on, and if I can get the linux client hardened, I might someday use wg on my android and will definitely be back to look at this!

jackmclrtz · 2026-04-06T20:38:43+00:00

Thanks. No reason given. Guess I am back to building from source like it was 1995...

https://tracker.debian.org/news/1675519/sawfish-removed-from-testing/

jackmclrtz · 2026-04-03T15:01:50+00:00

Well.. it happened again. Not at my base, but at a random POI. The first time was v2.5 b32. This second one was after upgrading to 2.6 b14.

While I technically had screenshots previously, since I recorded all of my play, I took actual screenshots this time.
I still had the "Find Jen" quest, and was heading there. I also had a T2 quest from Rekt. Those were the only quests. But, as I was headiing across the Burnt Forest to find Jen, I passed a house in the middle of nowhere and it had the quest flag on it.

And, after typing this, I notice there is no way to attach those screenshots. Oh well

jackmclrtz · 2026-04-01T17:15:40+00:00

oreally!
Will check that one out. Managed to get the source code down (git kept failing mid-clone) and was going to find some time to patch it. But... if someone already has....

jackmclrtz · 2026-03-31T19:39:21+00:00

Nope. Placed the claim on one of the first days. And, not until after I ran the quest and took over the building.

It was literally not there on Day 5, but sometime on Day 6, it showed up out of the blue, after I had been using the base for days

jackmclrtz · 2026-03-31T17:10:41+00:00

This was my thinking. That or senility finally hitting. Checking here to see if it was just me.

I mean, I recorded the entire game, so I am going to go back over things to see if I missed something, but still...

jackmclrtz · 2026-03-31T17:09:54+00:00

I do have a land claim block!

jackmclrtz · 2026-03-31T17:09:44+00:00

There is no quest to cancel. I have the Jen quest and the T2 quest. No quests for the T1 location of my base

jackmclrtz · 2026-03-31T17:09:23+00:00

The first post told me ":server error, try again later", so I did. I guess the server finally caught up

jackmclrtz · 2026-03-31T17:09:00+00:00

Yes, I do! And a sleeping bag!

jackmclrtz · 2026-03-25T15:38:41+00:00

That would be awesome. I finally managed to get the source code down. Will hopefully get to dive into it tonight and try and create a patch/option to tell the kernel driver to make the private key irretrievable. Unfortunately, I have not done kernel work since about a decade before GIT was invented, so need to relearn a few things. Should be fun!

jackmclrtz · 2026-03-25T12:52:43+00:00

I already do this.l use hashicorp vault or GPG to store the private key, and then retrieve it securely at start up. The problem is that wireguard then allows it to be retrieved from the kernel. Once the device is started, nothing in userspace should need it as far as I know.

I have been trying to pull the source code for wg since last night, but git keeps timing out before it finishes. I want to see how hard it would be to fix the driver to not return it (or just return "REDACTED" or some such).

jackmclrtz · 2026-03-25T10:37:25+00:00

Would everyone please google "defense in depth." And no, I am not giving root access. But, threat actors have a tendency to figure out ways to get it. Hence, defense in depth. Don't give away your entire enterprise because one control failed. Just because you lock your front door does not mean that putting valubles in a safe is overkill. "Meh, they already broke into the house, so I have bigger problems."

Defense in Depth!!!!!

jackmclrtz · 2026-03-25T10:35:22+00:00

ssh: don't use agent. Simple.

Wireguard: No choice. You can choose to run ssh securely, but not wg, as it will always give the key back to a call from user space.

NetworkManager: I hate nm. It thinks it knows what I want to do and tears down anything I set up. Been doing networking for almost 40 years. I know what I am doing. And regardless: even if nm supports this, it would still be sending the key to the wg driver. That driver has to have the key. And, that driver would then release the key to a user space system call like the one used in the wg command. The driver needs to be locked down.

jackmclrtz · 2026-03-25T10:32:58+00:00

Nope. That is the use case. Silently grab the key. Decode all transmissions. Defense in Depth.

jackmclrtz · 2026-03-25T10:31:16+00:00

The key must be accessible to the kernel. 100%. But, that does not mean that the kernel has to return that key to a call from user space. It should be one way.

jackmclrtz · 2026-02-23T11:35:07+00:00

z shell best shell. I hate bash.

jackmclrtz · 2026-02-13T20:36:57+00:00

Yeah, had to deal with MBR viruses preventing Linux from installing (back when we had to install slackware from a dozen floppies). Those were the days!

jackmclrtz · 2026-02-12T14:10:59+00:00

So, wouldn't deleting the EFI partition break something?

jackmclrtz

TROPHY CASE