sylver_dragon

A face full of alien wing-wong

Azure Linux, because why wouldn’t you want Microsoft in your Linux? ^/s

DC really could use more public places to piss.

Mexican, because life is just better with spices.
American, given that American “culture” is really just cultural appropriation with added sugar and calories, I’ll get to try something close to every other cuisine.

Watched Napoleon on Apple+. Had to pause every 10 minutes or less to explain the historical context to my wife. Even having some knowledge of the historical context, the movie was a rushed mess. While I understand that some reviewers thought the movie was too long, it really needed to be longer. Like, HBO limited series long. The whole context around the first French Revolution, The Terror and Napoleon’s rise to, and fall from power needs a lot more screen time to really cover. That, or just give up on the history and make a movie about a controlling, abusive relationship.

Does a roof and windows count? Or, do those fall under the “house” heading? That was around $20k all done.
Finishing the basement was around $15k, though that’s certainly under the house.
Then there’s the septic tank we had to replace, that was about $10k.

The cost of a home isn’t done with just the mortgage.

I use virt-manager for my lab VMs. Though, don’t discount the power of containers (podman/docker) to isolate and run applications. And lastly, python environments via Conda or venv can create isolated enough environments when doing different things in Python.

The three top competitors of the US, two of which are under heavy sanctions by the US, and the other one has been the target of a trade war, are conspiring against the US? I’m shocked, shocked I tell you. Well, not that shocked. If only there was an area of the world where the US could be using its massive military resources to directly bleed one of those competitors and indirectly bleed a second, just by transferring material to a country which wants closer trade and relations with the US.

I think that makes you a “humanitarian”.

While the upper management is a bag of syphilitic dicks, the CDC’s site for this is really nice (for now):
https://covid.cdc.gov/covid-data-tracker/#maps_positivity-week

And we’re just supposed to trust the word of partisan hack. Ya, no.

I do get that there is a lot of intransigence in Federal IT. I was an IT and IS contractor for a couple sites within the US FedGov and there were places where “that’s the way we’ve always done it” was the trump card for any proposed change. And this led to some abysmal security practices which should have resulted in a lot of management getting shown the door (and mostly not just IT/IS management, culture gets set from the top). And I’ve worked at others where we had a large staff of folks whose entire job was ensuring compliance with all required cybersecurity controls and documentation. While I’ll be one of the first to state that compliance is not security, I also have yet to see a site which got security mostly right which didn’t also have compliance on lock. If you are doing things the right way, compliance is actually pretty easy to achieve, since good documentation is the foundation of security. If you go into a site and they can’t even spell CMDB, expect a shitshow.

So ya, if the DHS team went to FEMA’s IT team and started asking for network diagrams, data flow diagrams, system and network baseline checklists and system documentation; and the FEMA IT team’s response was, “sorry, we don’t have that”. Then yes, I would get cleaning house. Though, I’d have started by figuring out if the problem is the IT team just not getting it done; or, if the IT team was prevented from getting it done. My experience has been that IT teams are willing to patch and correct configurations; but, this means downtime and risk to applications. So, upper management will side with the application owners who want five nines uptime on a “best effort” budget, which ends up blocking patching and configuration changes. Also, if the IT team is spending 40 hours a week putting out fires and dealing with the blow-back from accumulated technical debt, that’s an upper management problem.

The problem, of course, is that the DHS is led by a two-bit partisan hack. And this administration is known for straight up lying to clear the board for it’s own partisan interests. I have zero faith that they did any sort of good faith analysis of the FEMA IT department. Especially since this is the same administration which gave us Russian compromised DOGE servers.

Given WINE’s focus on gaming, the execution of the malware could run into issues with system calls which the malware relies on not being fully implemented or acting in unexpected ways. That said, if the if the execution works, the malware may run to completion and have some impact, depending on what the malware was designed to do.

• Infostealers - On a Windows system, this class of malware pulls credentials from browsers (never, ever save your passwords in a browser. Use a password vault. e.g. KeePass, BitWarden). In the ones I have analyzed, they pull the passwords from the browser storage files directly and rely on known file paths. I think this would ultimately fail, as the files in those known paths won’t actually be your browser profile. Under the same logic, stealing cookies won’t work out either. They are just files in a known location, which won’t actually be the right location when running under WINE. Similarly, stealing credentials from Windows Credential Manager will fail, as that won’t have anything useful there. There is other stuff they can go after, but I think you get the point. The stuff it tries to steal won’t actually be in the locations it’s expected to be in. So, I’d think this class of malware would ultimately fail. Of course, attackers could always rewrite the malware to detect the WINE environment and then have it pivot to the the right locations for all this stuff. So, all of this analysis could become wrong.
• Ransomware - On a Windows system, this class of malware will search through the filesystem and encrypt files with specific extensions (.docx, .pdf, .png, and so on). Given that the Linux filesystem is reachable from the WINE environment, I kind think this has a chance of working. One interesting question would be if the encryption routines in the malware would actually work. Again, I think they would. The malware is likely to leverage cryptographic libraries built into Windows and I’d think that WINE would mostly handle those due to DRM/Anti-Cheat in games. It would just be down to how gracefully the malware deals with Unix file paths. My guess would be that the WINE translation layer would make it work. That just leaves the communications back to the attacker’s server for delivery of the keys. I’d guess this would work as WINE is setup to allow communications out to the internet.
• Remote Access Tool (RAT) - I’d guess that some of these would work though they may act funny for the attacker. As with ransomware, the communications back to the attacker’s server should work. This isn’t going to be terribly different from communicating with a game server. There might be some issues around the local agent working correctly though. The attacker may be relying on cmd.exe or powershell to run their commands. So, that might run into issues. At the same time, the malware could implement any commands directly via system and API calls. I’d think most of those would work. So, the attacker may have enough capability to fully compromise the Linux system, if they are willing to put the time into it.

That’s just three possible classes of malware, though it’s most of what I run into professionally (I work in Incident Response). Overall, I’d recommend not relying on Linux to keep you safe from malware bundled into pirated games. While I don’t expect that the infostealer parts of the malware would work correctly (for now), a lot of malware does more than one thing. The attacker may not get your credentials with the initial infection, but you could be opening yourself up to other malware. And, if the attacker includes a RAT, he could come back later and ruin your day.

So ya, be very, very careful about running stuff which you don’t know is safe.

The US Government hasn’t given a shit about harmful monopolistic practices in a long time. They only pretend to care from time to time to force large companies to start donating to politicians.

I remember the Great Digg Exodus. One of the common reasons was the shit UI which was the new Digg. Looking at the screenshots in the article, it looks like they made it even worse. And the descriptions they give makes it sound like a cut-rate Twitter clone.

What’s next, is Fark going to do a major re-brand and attempt to launch as a Twitter clone as well?

Is someone finally holding him to account for eating all those poor oysters in their bed?

I think the real answer was “we wanted to charge $90 for the game, but knew we’d get our shit pushed in over that. So, we released a stripped down version at $60 and then did a $30 up-charge for the Premium edition, which is the full game”.

On the upshot, the game and it’s “DLC” will probably hit the usual Steam sales in a year or three. I can snag it then.

Fun fact, in some countries the 3.5" floppies were called “stiffy disks”. You know, because the outer casing was “stiff” as opposed to the floppy 5.25" disks. This discovery led to a lot of chuckling among the team I worked with when we opened a new product from one of those countries and read the manual. The instruction to “insert stiffy disk” still leads most of us to chuckling today.

ever had to worry whether you’d parked your hard drive’s heads before moving it, child…?

Yes, also you parked it before shutting down the system every time. Once the hard drive was powered down, the heads would just crash into the platters. While not instantly fatal, it wasn’t good for the drive. So, you’d park the drive before flipping the power switch.

The Great Firewall of China The UK

You’d think that a competent technology company, with their own AI would be able to figure out a way to spoof Cloudflare’s checks. I’d still think that.