• 1 Post
  • 28 Comments
Joined 1 year ago
cake
Cake day: June 11th, 2023

help-circle

  • dzervas@lemmy.worldtoMemes@lemmy.mlIt's not what I pictured.
    link
    fedilink
    English
    arrow-up
    9
    arrow-down
    1
    ·
    7 months ago

    hey I just wanted to share that I moved to a small, remote-ish village in Greece about a year ago (born & raised in Athens, a “big” city for our standards, the biggest in Greece) and it’s quite close to that.

    It’s been amazing although I miss ordering food online and maybe the occasional bar/coffee with friends.

    It’s almost inside a forest and 15’ drive from both mountain and amazing beaches

    Thank you for listening, I honestly hope that everyone has the choice to do the same <3



  • dzervas@lemmy.worldtoMemes@lemmy.mlJust no
    link
    fedilink
    English
    arrow-up
    12
    ·
    11 months ago

    yeap steam is the best example of a service i’d very happily pay - I’ve paid LOTS to them and just last month, I downloaded “have a nice death” for yuzu, played 30", loved it and insta bought it on steam. It was 25 euros but having my saves forever and being able to single click install & play is something that I value more.

    you don’t get to get my money AND fuck me, pick one (netflix, youtube, etc.)


  • I’ve not looked into fire jail in depth but I’ve read lots and lots of bad takes on it

    What we need is docker with a better graphics integration, in terms of both ease of use and security. maybe wayland can help in that (cause with X you just forward the whole management socket and that’s it, anyone can draw anything)

    There’s a chance that snap has done it right (I know that everyone hates it but there’s a CHNACE that they got it right in terms of security and ease of use)

    flatpak “is not enough” since the controls it gives you are not enough. first you need flatseal to disable stuff per application and the defaults aren’t good enough and steam for example REQUIRES access to the whole home folder which defeats the whole purpose


  • what kind of privilege separation? you’re talking about containers/namespaces?

    cause as it is linux desktop has 1 unprivileged user and that’s it. from an attackers perspective privilege escalation is irrelevant - you have access to the screen, keyboard, browser, files. there really is nothing left to gain from gaining root

    and if you have any reason to gain root, it’s super easy by just replacing sudo with an alias in .bashrc you’ve got the user’s password

    We REALLY need sandboxing and soon, that’s why I want to give fedora silverblue a try but my hopes are quite low

    btw windows is in a bit of a better place and M1 mac is in much better place




  • I never got where the misconception of “*nix doesn’t have malware” came from. Maybe from the 2k era where “malware” was anything that was slowing down your PC (I also don’t get why a malware would slow down your PC, unless it’s a ransomware)?

    I remember the c99.php shell from way back which is an amazing example of cross-platform (PHP can run anywhere) “virus” and it was considered a golden standard (2010 era?)




  • ok so let’s start with the exploits. Exploit is a bug (problem) in a piece of software that when… umm… “abused” (well the word is just exploited) it allows you to do stuff that you shouldn’t. An exploit could be live from your browser to the program you use to zip files. The top 2 reasons to use an exploit is to either get initial foothold on a machine (e.g. an exploit in a browser that would allow an attacker to execute arbitrary code when you visit their page or an exploit in winrar that when you open a zip file executes code)

    From the attackers perspective, you got in, nice. Mind you you got in through means that have nothing to do with windows (and that’s true most times, especially on desktops). but now? what?

    You hacked into the machine for a reason! You might wanna grab the browser cookies (giving you direct access to the accounts that the victim is logged into), grab some files, screenshots, passwords

    That’s where the AV kicks in. After the initial exploit the malware behaves like a normal program. But not completely. Assuming that the AV hasn’t seen the same exact malware before (which would an insta kick ban) it’s going to see a random process accessing files in chrome’s directory. HUH. ISNT THAT SOMETHING. quarantined.

    Wanna start listening to each and every keystroke? quarantined

    Meanwhile the way that the exe ended up in your system was not through an installer, you don’t provide an uninstaller and it was downloaded from www.xXxveryNicEsiteyou.got. HUUUUUUUH

    the whole process is a bit simplified of course, but it captures the general idea

    So why does linux not have an AV? FUCK IF I KNOW! It would be very, VERY useful. Writing malware that bypasses AV is an art of its own. Can be done for sure, but it’s an extra step and it’s not fun

    background: used to get paid to do shit like that (legally, pentest) and it’s a fun hobby (writing code around it, not hacking people)


  • dzervas@lemmy.worldtoMemes@lemmy.mlGoogle now
    link
    fedilink
    arrow-up
    5
    ·
    1 year ago

    my whole experience with matrix is deeply disappointing. devices getting out of sync, not being able to decrypt messages, missing notifications and that fucking mark as read not working are daily problems

    dig deeper and you’ll find the causes of the problems, which are disturbing. e.g. a json string is hashed (however 2 equal json objects can be the same while their strings are very different)

    the only reason I still use it is a room I want to be part of



  • dzervas@lemmy.worldtoMemes@lemmy.mlSociety
    link
    fedilink
    arrow-up
    2
    ·
    1 year ago

    Contrary to popular similar stories I had the feeling that I was in my 20-25s for “I was there for a long time” and I was eager for the next decades (with a small break for depression but I got through) Now I’m 28 and it kinda feels it speeds up but I don’t complain (but I do complain about everything else, A LOT)


  • dzervas@lemmy.worldtoMemes@lemmy.ml***
    link
    fedilink
    arrow-up
    2
    ·
    1 year ago

    I knooooooow, my feeling for WebUSB/whatever are completely love/hate. I come from a security background (and hobby) but the alternative to WebUSB is horrible and implementation specific - you need to download the binary, install the correct version of the X programmer and make it kiss your debugger. It’s bad.

    Also I just don’t wanna open chrom* - I do but I’d like to tell a huge fuck off

    About camera blur: What I wanted to point out is the lack of some “exotic” features that firefox lacks. the blur implementation is not in chrome but in each web app - means there’s the required api to do that

    But it’s niche, I don’t care that much. there’s also a py project on gh that does exactly that: blur your background and expose a fake cam. It’s not “production ready” but it’s ok


  • dzervas@lemmy.worldtoMemes@lemmy.ml***
    link
    fedilink
    arrow-up
    2
    ·
    1 year ago

    there’s a very high chance that something’s off with my profile but deleting my profile is not worth it (yet?)

    Losing my history isn’t something I take lightly - at all

    Tell you the truth I’m just “harvesting” anger to fix the fucking bug and fix it “properly”. I hope


  • dzervas@lemmy.worldtoMemes@lemmy.ml***
    link
    fedilink
    arrow-up
    3
    arrow-down
    3
    ·
    1 year ago

    I’ve never (almost?) used chrome as main for the past 15+ years

    but he’ll, the last years updates are more and more unstable. Tab and browser crashes are to be expected multiple times per week (ok browser crash maybe once per week)

    Also I actually miss WebUSB, WebBluetooth (I work with embedded as a hobby and it’s very convenient) and background blur (nobody wants to allow camera blur in ff, especially linux)