This is a bit of a “how long is a piece of string” question, security is multifaceted.
From what I understand, it uses your phones kernel, so if its out of date or vulnerable, that might be a problem, and you may not be able to fix that.
Conversely, its running inside android, so the android hardening might make it more secure.
What are you specifically concerned about? Firewall? Zero days? Antimalware?
/etc/passwd: you may be able to get to this from the GUI file manager.
If not, open a terminal and type: cat /etc/passwd. Copy the relevant lines.
To test the login, from a terminal, type su otheruser, replace otheruser with the username from /etc/passwd. It should ask for a password, put that in and it should log you in. Type whoami and make sure its the same username as you expected. Paste any errors here.
I think that was meant to be a reply to me, so I’ll respond.
Technically, /etc/passwd can have encrypted passwords in it, but as far as I’m aware, no distro has done that in decades, so realistically its not that risky. It does expose the user names though.
Can you share the lines from /etc/passwd for your user and the user your adding? Despite its name, there are no passwords here, that is in /etc/shadow
Edit: can you su to login as the user?
I think it perfectly highlights what can happen when the risk/severity is blown out of proportion. People will latch on to that and waste precious time and energy defending that.
If the original guy had just published “CUPS has a RCE, firewall it if you haven’t already”, the issue would have been patched in the next release, and the world would have kept turning.
It was a really cool bug, and a great find, it didn’t need the hype
Didn’t know that, but makes sense.
if you are from Russia, it is impossible to convince the US that you are not a part of a state-sponsored entity
This quote from your article does nail the problem on the head though.
Russians can still contribute, they just can’t be direct maintainers.
Nothing will likely change in the short term.
Linux distros are getting mature
I think this is exactly it. Back in the early days of Fedora and Ubuntu a new release often meant major bug fixes, new software, and possibly a significant qol/usability changes and performance changes. Now, its all new versions of stable software, which all behave roughly the same. Which is exactly what you want in a daily driver OS. Stability.
Thats for proving its untampered with right? I’m more thinking of validating the archive copy is a “true” copy when adding it initially, which requires each node to check against the live site?
Its definitely an intriguing idea though, but I don’t know enough to know how feasable it can be
I figured that every node would need to scrap the site, in order to validate the content. If there are thousands of nodes, that would ddos the site.
I don’t really understand how PoW would solve that, can you explain?
Yeah, quite possibly. Could still be very hard to get right. Region blocking might make consensus difficult.
Edit: just occurred to me, any method of consensus could be used to ddos sites as well. Might be best left for people smarter than me
There was a ActivityPub wiki clone, no idea where it got to.
The major upside of IA being built and owned by one central company is trust. We can (so far at least, if I’m wrong please correct me) trust IA to not censor/rewrite history. As soon as every man and his dog can contribute, that gets a lot harder to guarantee.
Edit: https://github.com/Nutomic/ibis
Don’t take me linking it as endorsement, I think federated wiki’s for anything other than fandom stuff to be madness.
deleted by creator
If your goal is to interrupt her usage to avoid excessive usage, would a pomodoro timer help?
I dunno if that can be setup to force lock the screen or something, but maybe its helpful? Depends if its easy to override?
Doesn’t even startup on my box, but doesn’t crash the kernel or system either, just regular application crash
There really is 2 NSA’s, with conflicting goals. Keep Americans secure, and collect everyone elses data. Its a difficult line to walk. The first half does produce really good advice and tools, but is undermined by the second halfs image.
I fortunately never learnt Ida due to cost, so I have no idea what is missing, but ghidra was a godsend for CTFs. Suddenly reversing challenges were accessible and easy.
https://code.nsa.gov/# - Lots of useful stuff here.
Kernel shouldn’t crash, and anything running in memory will be okayish, but it definitely will get less and less stable. It won’t be possible to start new processes.
I have a Linux install on a USB SSD with a flakey connection, if I bumped the cord the root would unmount. It was fairly resilient, but graphics would slowly start disappearing. I’m fairly sure I could cleanly reboot as long as I had a terminal open, but its been a while, so maybe I’m misremembering.
Still, the overall system becomes pretty useless, so i guess its fair to call it a crash
There are rust libraries to send signals, might be better to use those rather than calling bash. eg. https://docs.rs/nix/latest/nix/sys/signal/index.html
I’m guessing if input was “”, then it would sigkill all processes? Less confident, but some functions behave slightly differently in an interactive console vs a non interactive, maybe ps has a different format when used non interactively?
Aside, you want three backticks and a newline to get code formatting :)
Ah, that definitely would feel like a crash. Sent kill signal to cgroup accidentally? Or just iterate over all processes and signal them all?
Still a bit open ended. Web browser finger printing is probably going to be quite specific, unless you have a browser that avoids fingerprinting.
There is a trust issue, you need to trust the userland packagers to not build in any additional tracking, but its pretty unlikely that they’ll do that given its a tiny project.
Privacy is also multifaceted, and its never going to be as simple as “use this distro”. The techniques for online tracking are changing and evolving all the time.