THREE WHOLE MEGABYTES
Me in 2024 holding a 4TB NVMe stick: Still not enough (it’s never enough)
THREE WHOLE MEGABYTES
Me in 2024 holding a 4TB NVMe stick: Still not enough (it’s never enough)
Thanks! I’ll save this, tell myself I’m going to strictly follow it this time and forget about it (again) lol
Is there a historical reason?
If you’re asking that in anything Linux related, it’s probably a Yes 99% of the time LMAO
Straw Man Fallacy: A straw man fallacy occurs when someone misrepresents an opponent’s argument to make it easier to attack or refute. Instead of addressing the actual issue, the person creates a distorted version of the argument that is easier to discredit.
This is what you have done in every single reply you made when I have made it quite clear that this is about the migration being an urgent security issue that the cyber security community at large has been calling attention to.
You avoid all the core points I make and distort them into trivial things that you can easily argue, like the fact that you “Don’t code C much and use Rust occasionally”. It’s irrelevant to the actual arguments and you use it to dismiss the real core issues AKA a Straw Man fallacy
You have failed to argue in good faith and are actually a part of the problem. Good job!
Ah I see your default is to sprinkle in a bit of argumentum ad logicam and add a dash of straw man at the end
Your statement comes across as the migration from C/C++ is more of an upgrade for new features and increased “ease of use” rather than an urgent security issue when it definitely is. It’s more than just a case of a couple of experts and some articles, you’ve got multiple governmental and NGOs like The NSA, The Whitehouse, CISA, DARPA all calling for the migration away from C/C++ to memory safe languages
https://devops.com/darpa-turns-to-ai-to-help-turn-c-and-c-code-into-rust/
“DARPA, the Defense Department’s (DOD) R&D agency, will lean on emerging AI capabilities in a new program to deal with the costly and time-consuming challenge of rewriting C and C++ code to Rust in a move designed to meet the push for federal agencies and private organizations to adopt memory-safe programming languages.”
https://www.theregister.com/2023/12/07/memory_correction_five_eyes/
"CISA, in conjunction with the National Security Agency (NSA), FBI, and the cyber security authorities of Australia, Canada, the United Kingdom, and New Zealand, said its call for better memory safety follows from its Secure By Design recommendations – endorsed by all of these cyber authorities.
“With this guidance, the authoring agencies urge senior executives at every software manufacturer to reduce customer risk by prioritizing design and development practices that implement MSLs [memory safe languages],” the report argues."
~
"CISA suggests that developers look to C#, Go, Java, Python, Rust, and Swift for memory safe code.
“The most promising path towards eliminating memory safety vulnerabilities is for software manufacturers to find ways to standardize on memory safe programming languages, and to migrate security critical software components to a memory safe programming language for existing codebases,” the CISA paper concludes."
Not quite, had I done something more broad than sure. But I reference a specific group of people whose job it is to provide security guidance on such matters. The ones who are out there fighting the good fight, RE’ing malware and busting down botnets among many security things
But I’m sure you are similarly credentialed as the SMEs in the cybersecurity field right?
Tl;Dr: Old farts holding us back, as always
Vast majority of the cybersecurity community: “an absolute ton of exploits come from memory safety issues with C/C++, we should move to memory safe languages like Rust to greatly reduce security risk and make everyone safer”
You: “Ehh Rust has a couple features, but it’s totally not worth switching from my precious precious C”
Lol, a couple times I commented whenever this came up that it was probably pointless deleting like this with the random words and what not because reddit was likely doing some form of versioning or backups of at least the text based content. Especially since said content was/is under inflated executive value because “AI”
I got downvoted routinely because “ThAT WoULd Be Too ExPeNsiVe anD CoMpLiCatED, no WaY thEY dOiN tHaT”…if what you say is true with the true random words and everything, then I was right and they’re doing exactly what I thought they’d do lol
If they’re mass restoring stuff, they’re probably chugging through in batches, betcha if you check in a couple weeks there will be more
Well it was more like a temporary duct tape, but I “installed” a copy of Ubuntu in RAM from the running Ubuntu system so that I could “boot” (pivot_root) into it without restarting it
All because I didn’t want to wait on a ticket for my dedicated server provider to hook in a KVM LOL
(See my meme post I posted to c/linuxmemes a few weeks back for more info)
If the switch supports it, you login with local credentials first, navigate to its config page and configure LDAP under there. You’ll tell it the IP address of the LDAP server as well as give it its client side configuration. You give it a bind account credentials (a dedicated service account with as minimal permissions as needed) that it uses to lookup the users on the server as well as Organization Unit paths and such
When a user goes to login the switch will query the provided credentials against the LDAP server, if it’s valid the LDAP server will respond with a success and the switch will log the user in
Generally there is always a local account fallback in the event that the LDAP server is unavailable for whatever reason
Your confusion is confusing me lol
I don’t see how this would work as it relies upon every single device on the network supporting a particular authentication mechanism.
Wdym? That’s not a thing, you can have some devices on LDAP some with local logins and some with OIDC or any other combination. Authentication is generally an application layer thing and switches operate at layer 2 maybe 3 if it’s doing some routing. As long as your network has a functioning DHCP server the web UI of the switch will be able to communicate with the LDAP server that you configure it to
Verizon are a bunch of bitches about it, they’re as bad as Samshit. They’re a match made in hell tbh.
Of the major 3 carriers, it’s always been T-Mobile that’s the “most friendly” to tinkerers. Technically, you can’t unlock the BL until it’s been carrier unlocked, which TMO is generally OK about overriding their requirements as long as you’ve had an account for awhile
Yes, but it’s far easier to obtain a SIM unlock than it is to unlock a BL from a manufacturer that just says “No” instead of “As long as it gets carrier unlocked”
I have a Pixel Fold purchased and (still) financed through T-Mobile that is BL unlocked and rooted. Most of the time they’ll override their SIM unlock requirements if you’ve had an account for awhile. Unsure about ATT, I’ve heard they’re 50/50. Verizon, ofc, are a bunch of bitches about it
Oof, yea Samshits are the worst of the worst. They’re actively hostile to those who would dare want to use their phone how they see fit.
Even if the stars align and people are able to breakthrough the BL lockdown, Samshit phones are designed to blow an efuse and permanently lock the phone to 80% battery capacity just for a big ol fuck you
Never EVER buy Samshit phones if you can help it
Yea, but it’s a good phone to target, Pixels are one of the few remaining manufacturers that freely let you unlock the BL and probably one of the last that is carried by nearly all major US carriers. OnePlus used to be another but iirc they’ve stopped selling on all carriers stores
Yes yes yes, you can buy any frequency-compatible phone you’d like from like Amazon, AliExpress, Best Buy, manufacturer store etc but that’s an expensive option for many as you have to front the entire purchase price with little exception.
So if you want a BL unlockable phone, purchased through a carrier to take advantage of the reduced financial load of payments instead of all up front, in the US…it’s pretty much just Pixels
What report? Is it worse than the microplastics given in… everything else?
Lol kinda related, but Uconnect sent me an email a few months ago about the GPS maps in my car (11 years old at this point) being way out of date…they wanted $300 (or something like that) for a flash drive with the map update.
Lmao, like it wasn’t 2024 and Google Maps on my phone does a far better job than their proprietary crap they want 300$/update for
Looks at the entire networking stack
Yup (unfortunately)