Post AX6FuDfC7IAGijcBe4 by n3f_X@nicecrew.digital
(DIR) More posts by n3f_X@nicecrew.digital
(DIR) Post #AX6DC78CqFCtoO1gI4 by Aldis@sheep.network
2023-06-26T23:53:57.551835Z
1 likes, 2 repeats
I'm wondering what Linux distributions would be most secure or least affected by a massive cyber-war. If there was ongoing cyber-war that targeted banks and other critical infrastructure, so much so that people would be left with no money and possibly unable to heat their homes for months, what Linux distribution would survive the best under those circumstances? I've been using Ubuntu, but if Canonical has to cut its workforce substantially then they might not push out the fastest security patches and updates, which would be critical in that kind of environment. I was thinking Arch Linux might be better suited, because it's more community driven and rolling release.I want to know because if large websites go down, then we (Server Admins) will need to be there to supply critical cyber infrastructure to those who can still get on the Internet. Lines of communication are always key in wars.Paging admins @gabriel @alex @graf @tyler @matty @Big_Diggity @parker @Lance
(DIR) Post #AX6DC87BBXyorUYNKS by gabriel@mk.gabe.rocks
2023-06-26T23:58:07.456Z
0 likes, 0 repeats
inb4 it's all pwned anyways One with OFFLINE BACKUPS.I'd argue it doesn't matter what you use as long as you have that and hopefully package mirrors/installation media. Arch does make this pretty easy, not sure how it's done on other distributions, but I imagine it's similar.I'd be more worried about ISPs suspending service, and suddenly people need to rebuild a shadow-net during whatever manufactured crisis arises.Also flattered to be included ❤️@Aldis@sheep.network @alex@gleasonator.com @graf@poa.st @tyler@1611.social @matty@nicecrew.digital @Big_Diggity@theres.life @parker@pl.psion.co @Lance@bibly.com
(DIR) Post #AX6ENHa2QugLMFvxQW by matty@nicecrew.digital
2023-06-27T00:11:27.051344Z
4 likes, 0 repeats
What? If there's a massive cyber war and you're left without money or heat in your home, your primary concern should be coordinating with your mutual assistance group and quickly formulating a game plan before 3 days passes and people start wigging out. In a real SHTF scenario, the last thing you need to be worried about is someone stealing your memes. In the event of a total collapse, T1 infrastructure is going to not work anymore so it really wont' matter how many giganiggas of throughput you have or how secure your setup is.
(DIR) Post #AX6EQtGclqFX6uZcGW by n3f_X@nicecrew.digital
2023-06-27T00:12:02.101583Z
2 likes, 0 repeats
calm down sir
(DIR) Post #AX6EY8V0XLXiNXkwWO by tyler@1611.social
2023-06-27T00:13:25.007602Z
2 likes, 0 repeats
No.
(DIR) Post #AX6F99PM7XfdublKq0 by MeBigbrain@poa.st
2023-06-27T00:20:02.828899Z
3 likes, 0 repeats
@tyler @n3f_X @Lance @alex @gabriel @matty @parker @graf @Aldis @Big_Diggity The time for calm is over.
(DIR) Post #AX6FBIKfuVx8AbayVU by n3f_X@nicecrew.digital
2023-06-27T00:20:29.592606Z
1 likes, 0 repeats
its time to panic
(DIR) Post #AX6FOustt0otVA6E1w by MeBigbrain@poa.st
2023-06-27T00:22:57.274942Z
2 likes, 0 repeats
@n3f_X @tyler @Lance @alex @gabriel @matty @parker @graf @Aldis @Big_Diggity It's time to get mad
(DIR) Post #AX6FuDfC7IAGijcBe4 by n3f_X@nicecrew.digital
2023-06-27T00:28:36.611781Z
2 likes, 0 repeats
lol been mad .... when are we doing this
(DIR) Post #AX6Fxne8mzELBkpTpA by tyler@1611.social
2023-06-27T00:29:15.497892Z
5 likes, 1 repeats
right meow
(DIR) Post #AX6HQeLoWqbIi8Zsoa by Druid@poa.st
2023-06-27T00:45:40.607863Z
3 likes, 0 repeats
@tyler @n3f_X @Lance @alex @gabriel @matty @parker @MeBigbrain @graf @Aldis @Big_Diggity
(DIR) Post #AX6Jo2ptrKJ3DevwNk by Lance@bibly.com
2023-06-27T01:11:55Z
3 likes, 0 repeats
@tyler @alex @gabriel @matty @n3f_X @parker @graf @MeBigbrain @Aldis @Big_Diggity lol you guys are funny. Being in IT for 30+ years if it happens pack it up and enjoy the time off with your friends and family ;)
(DIR) Post #AX6JpBcYgOoykqEmwa by n3f_X@nicecrew.digital
2023-06-27T01:12:31.051541Z
0 likes, 0 repeats
lance ... calm down its going to be ok
(DIR) Post #AX6Mc3t8QAWqs0QMoS by tyler@1611.social
2023-06-27T01:43:45.981277Z
1 likes, 0 repeats
Yeah no need to overreact man, put down the gun
(DIR) Post #AX6O0cDCYexoE95A4u by parker@pl.psion.co
2023-06-27T01:59:24.134855Z
4 likes, 0 repeats
@Aldis @tyler @Lance @alex @gabriel @matty @graf @Big_Diggity If I was ever in the position that I ever could provide critical infrastructure in a global cyber war, thereby making me an active participant in that war and a target, I'm no so sure I would want to in the first place.Rather "offline" networks in my local community, wireless user groups or mesh networks, having a lot of information archived for that community, seem more worthwhile. Also having an amateur radio setup for longer distance communication, packet radio, stuff that doesn't require any additional infrastructure to operate.
(DIR) Post #AX6Oyo8zK95AbnoUds by Lance@bibly.com
2023-06-27T02:04:04Z
2 likes, 0 repeats
@parker @tyler @alex @gabriel @matty @graf @Aldis @Big_Diggity agreed, ham radio using weak signal communications is the way.
(DIR) Post #AX6PRiUDRCpzSZWkWO by skylar@wolfgirl.bar
2023-06-27T02:15:27.440443Z
5 likes, 2 repeats
@Aldis @tyler @Lance @alex @gabriel @matty @parker @graf @Big_Diggity virtually all computers will become secure in a "massive cyber-war" because they have no power or network connectivity
(DIR) Post #AX6PVpakxgaOehY4cS by parker@pl.psion.co
2023-06-27T02:16:14.450124Z
1 likes, 0 repeats
@Lance @tyler @alex @gabriel @matty @graf @Aldis @Big_Diggity I am happy trading decreased bandwidth for increased resilience. Given all this extra bandwidth comes with plenty of societal problems.
(DIR) Post #AX6UEpnzPl5gAJS9Jo by dookie@mas.gizode.com
2023-06-27T03:09:11Z
2 likes, 0 repeats
@gabriel @graf @alex @matty @Big_Diggity @Lance @parker @Aldis @tyler 😍😍 small community-run network with imageboards and forums
(DIR) Post #AX6WUl4ayZuI1wwP5s by Aldis@sheep.network
2023-06-27T02:54:46.860677Z
1 likes, 0 repeats
Good point about becoming a target 🎯.Could you opine @curtis, I forgot to tag you and know you trust the plan.
(DIR) Post #AX6nOpfCh7AXkbpAdk by p@freespeechextremist.com
2023-06-27T06:43:55.016721Z
5 likes, 1 repeats
@Aldis @gabriel @graf @tyler @matty @Big_Diggity @parker @Lance > what Linux distribution would survive the best under those circumstances?It's style of operation, not distro. "Principle of Least Access" (take advantage of user- and process-segmentation to make sure that programs can't exceed their station, and don't give anyone access to the box unless they need it, and don't give them more access than they need), good monitoring (so you can see when something bad happens), relevant alerts (either it's important or you shouldn't be alerted), doesn't hurt to know how to do a bit of numerical analysis (rolling averages and standard deviation). Don't be a bigger target than you have to be: don't keep data you don't need. More moving parts means a bigger surface which means more holes: have as few holes as possible by installing as little as you can. Figure out the threat model, figure out what you need, gut everything else without mercy (it's a server, not a dev box or a desktop machine), and then make sure you understand everything that you have left on the box. What's doing disk I/O in the middle of the night? You should know if something is and you should know what triggers it to do disk I/O and you should know what it means if it's doing disk I/O in the middle of the night. nmap your own box to see exactly what's open and what people can see from the outside.So, "what distro?" is the wrong question. Whatever distro fits that model is the right distro, but no distro is going to do your thinking for you, and it's never going to be great out of the box unless you roll your own box.That having been said, I'd avoid Ubuntu/Debian/etc. but a lot of sysadmins like it: it ships without things I need (strace, iotop, iftop, a lot of network diagnostics tools) and then ships a bunch of things I don't need or want (which are potential holes at best and liabilities at worst). Ubuntu specifically doesn't give you a lot of flexibility in terms of what actually gets installed, so you have to spend more time gutting bullshit. If you are drawing a big corporate salary to run a farm of boxes, maybe you can afford the time to analyze all the packages and bash out ansible scripts; I don't work as a sysadmin so I just go with whatever doesn't do anything I don't expect. FSE runs on Slackware and CRUX (but will run on Plan 9 before it turns five). I hear very good things about OpenBSD and Theo's cool but I have not used his operating system.> I want to know because if large websites go down, then we (Server Admins) will need to be there to supply critical cyber infrastructure to those who can still get on the Internet.I don't know how likely that is to happen, but if Secret Hackers hit Amazon, that's not just a lot of big sites, it's also most mobile apps and a big chunk of fedi is on EC2.hackedbychinese.gif
(DIR) Post #AX7Urx0Mm5D6wjr10K by Aldis@sheep.network
2023-06-27T14:50:58.739116Z
1 likes, 0 repeats
if Secret Hackers hit Amazon, that’s not just a lot of big sites, it’s also most mobile apps and a big chunk of fedi is on EC2.Very true.Thanks for your throughout reply.
(DIR) Post #AX7nqPNODZIZULbKV6 by parker@pl.psion.co
2023-06-27T18:23:36.108194Z
2 likes, 0 repeats
@p @tyler @Lance @gabriel @matty @graf @Aldis @Big_Diggity Oh yeah, second for OpenBSD given security is it's entire reason for being.
(DIR) Post #AX7qBe8Wjb1VFwu72e by victor@crucible.world
2023-06-27T18:49:35.684134Z
2 likes, 0 repeats
@p @tyler @Lance @gabriel @matty @parker @graf @Aldis @Big_Diggity A lot of admins here don't care for containers (understandable, they're complex, and complexity often invites security issues), but there's a reason they're getting so popular. Podman allows running containers in userspace and has an emphasis on security, unlike Docker. It can be set to run containers on startup, and all the Linux system capabilities (SYSCAP) can be tweaked or taken away from a given container as needed. The book Podman in Action is a good intro to how it works.So if you want a reasonably "secure system" with some measure of defense in depth, you might consider a tiny OS whose only purpose is to run containers and have a proxy like Nginx as the frontend to forward requests by hostname to their respective container ports. The downside is the hassle to configure it all...Better take good notes when setting things up.
(DIR) Post #AX8oFf1LNqTsPGI4m0 by p@freespeechextremist.com
2023-06-28T06:02:53.219307Z
0 likes, 0 repeats
@parker @Aldis @Big_Diggity @Lance @gabriel @graf @matty @tyler Allegedly they succeeded. Knock on wood, but no system I built/operated has ever been compromised.
(DIR) Post #AX93qnG9DIh3zANZey by p@freespeechextremist.com
2023-06-28T08:57:40.400990Z
6 likes, 1 repeats
@victor @Aldis @Big_Diggity @Lance @gabriel @graf @parker @tyler > but there's a reason they're getting so popular"If it works on your machine, you can just send people your machine. Let's give up on reliable builds. The OS is so balky and the libraries are so fragile and nothing is self-contained so we may as well put another OS in the OS. At least the kernel's stable." Tack on a ridiculous hype train and that's the reason people are spinning up EC2 instances (a container that Amazon provides in the form of a VM) and then using it to run cgroups-based containers, 99% of the use-case being equivalent to a chroot but with a routing table and a bunch of unreproducible blobs (often of unknown provenance), hardly ever useful and almost never necessary given that process- and user-isolation have been present in Unix since almost the beginning and if I keep going, I will end up pissing everyone off, so I won't. If you are spinning up single-purpose VMs, you don't need containers: it's in a container.:ken: "We have persistent objects. They're called 'files'." :kenbw:Anyway, I haven't heard of Podman but checking out their repo required 244MB of space to check out, it was developed at and is owned by RedHat, and podman.io advertises a coloring book. The last item in that list gives a strong hint about who this software is designed for.what_the_fuck_is_this_bullshit.png
(DIR) Post #AX94ZwHgVS2X0Tcp9c by sysrq@freespeechextremist.com
2023-06-28T09:05:49.939593Z
2 likes, 1 repeats
@p @victor @Aldis @Big_Diggity @Lance @gabriel @graf @parker @tyler >. . . if I keep going, I will end up pissing everyone off, so I won'tdo it, piss everyone off :hellduck:
(DIR) Post #AX95ifuGrpOalyP3aa by fluffy@freespeechextremist.com
2023-06-28T09:18:36.854311Z
1 likes, 0 repeats
@p @victor @Aldis @Big_Diggity @Lance @gabriel @graf @parker @tyler fast iteration vs quality
(DIR) Post #AX9EuldkH89RcKVx5M by p@freespeechextremist.com
2023-06-28T11:01:38.804899Z
6 likes, 0 repeats
@sysrq @Aldis @Big_Diggity @Lance @gabriel @graf @parker @tyler @victor> do it, piss everyone off :hellduck: I remember Vagrant trying and failing to get traction in places besides cut-rate code camps. Then along came Docker and it's the same shit. And Docker (and Docker-alikes) just look to me like someone fluoridated LxC. It's designed for startup feature factories where maintenance is not even on the priority list and you are MOVEFASTBREAKTHINGS DISRUPTING THE HOCKEYSTICK KPIs and you just pray it doesn't break. "Let's add another entire OS's worth of moving parts to the OS." God *damn*. "Let's add a series of container-managers to contain the containers!" It's strictly worse than shipping around zip files: the problems of containers in containers is a strict subset of the problems you get just shipping around zip files. People don't want to use iptables to do a firewall so they build an internal goddamn LAN inside a computer and then...they have to route the traffic to containers. The hardest part of programming is debugging and this is shit that makes debugging harder. You want your shit to only run on Ubuntu? SEND A SUBSET OF UBUNTU IN A 2GB DISK IMAGE FILE. NO, ACTUALLY, LET'S JUST USE 20 OVERLAYS! I HAVE NO PROBLEM DOWNLOADING A BLOB FULL OF BINARIES PUBLISHED BY UBER AND MICROSOFT AND SOME RANDOM GUY ON GITHUB AND ALSO SOME OF OUR COMPETITORS. OH, IT INTEGRATES WITH VSCODE? WONDERFULken-yshl.jpg
(DIR) Post #AX9Ews5vFTvyDMhI3M by p@freespeechextremist.com
2023-06-28T11:02:01.622510Z
1 likes, 0 repeats
@fluffy @Aldis @Big_Diggity @Lance @gabriel @graf @parker @tyler @victor People crave it!
(DIR) Post #AX9LCmdTuYrpdvMgL2 by p@freespeechextremist.com
2023-06-28T12:12:07.971206Z
1 likes, 0 repeats
@threat @Aldis @Big_Diggity @Lance @gabriel @graf @parker @sysrq @tyler @victor See, when I said I'd piss everyone off, I figured that would do it. Welcome to hellthread! :helllife:> had nightmare about p talking docker.:venomsnakedemon2:> work with this stuff daily and conduct sec ops for hyperscalar clusters (think 200+ node multi-regjon k8s and nomad clusters). all ov it horribly complex. I think you have to have a dedicated guy. If you have a dedicated guy, it's not as much of a mess but also does not strike me so much as useful.> vms in general can be subject to same supply chain vectors unless you have a way of ensuring upstream + downstream chains are in your custody (not realistic) and you have cluepon.Yeah, but you have that problem with any OS. At least you don't have that problem twice if you're not downloading containers from Docker.> nixosReproducibility is nice; I don't like how they did it.
(DIR) Post #AX9Ok5eKXVe621Kqtk by victor@crucible.world
2023-06-28T12:51:27.157992Z
2 likes, 0 repeats
@p @tyler @Lance @sysrq @threat @gabriel @parker @graf @Aldis @Big_Diggity I'm not pissed off, I'm actually kind of ashamed that the thing I recommend has a coloring book. Red Hat really is full of faggots.
(DIR) Post #AX9agS6oIEalyngk5I by p@freespeechextremist.com
2023-06-28T15:05:34.208457Z
2 likes, 0 repeats
@victor @Aldis @Big_Diggity @Lance @gabriel @graf @parker @sysrq @threat @tyler Ha, I didn't figure shitposts would actually piss anyone off but I'm rolling with the bit.> I'm actually kind of ashamed that the thing I recommend has a coloring book.The thing is, it doesn't reflect on the software, but it does reflect on who they're trying to attract to the software, and that gives a good idea about future direction.
(DIR) Post #AX9b0bMxZYe0UZqmA4 by p@freespeechextremist.com
2023-06-28T15:09:12.699520Z
2 likes, 0 repeats
@threat @Aldis @Big_Diggity @Lance @gabriel @graf @parker @sysrq @tyler @victor > besides i needed break from trying to get my fbi agent to send me nudesExhibitionists on watchlists have it easy!> dedicated operator is necessary for this shvt.:bofhsimon:> it’s when you layer on abstraction after abstraction of lo-code/no-code dogshvt the problem becomes complex because nobody can troubleshoot 9 layers of helltrash.It makes for good stories when you have to.> metal-host(insert os here) --> vm(insert vm host os here) --> docker(insert container os artifacts here) --> app stack --> hello_world:fire::hell::hellthread::hell::fire:> maybe i will sideload a chat with you as to what you don’t like as not to start the fist_shake.I think I've delivered the rant before.
(DIR) Post #AXAPaUep03rfoCVrSS by p@freespeechextremist.com
2023-06-29T00:35:56.957797Z
4 likes, 0 repeats
@threat @Aldis @Big_Diggity @Lance @gabriel @graf @parker @sysrq @tyler @victordistros.png
(DIR) Post #AXAQOBaQBC1N8l9Lqi by dcc@annihilation.social
2023-06-29T00:44:49.240548Z
4 likes, 0 repeats
@p @tyler @Lance @victor @sysrq @threat @gabriel @parker @graf @Aldis @Big_Diggity STOP HAVING DISTRO, A "OS" SHOULD BE AN OS. A KERNAL SHOULD NOT BE USED FOR MULTIPLE "DISTROS"
(DIR) Post #AXAWpRt6HNM9F2GngG by sysrq@freespeechextremist.com
2023-06-29T01:57:05.235980Z
2 likes, 0 repeats
@threat @p @Aldis @Big_Diggity @Lance @gabriel @graf @parker @tyler @victor this looks like something sl would do