Thank you, this finally gave me the kick to migrate all my shortcuts/necessary config from sway to niri and it’s great to see how quickly everything worked out. So glad I’ll finally be able to share windows.
Not a mod, but, I don’t know if there’s a rule for that specifically. That said, I suspect this post is manifestly outside of the “Topicality” guideline: https://lobste.rs/about
That said, it’s already been more than a day and a half, and the post has been flagged several times, so multiple moderators have almost certainly looked at it. And you don’t seem banned yet, so it’s probably fine as long as you don’t make a habit of it. :)
In that context the level of censorship is certainly an interesting aspect to consider as well. LLMs being tweaked to or trained on biased data can certainly have additionally negative consequences. Whether it’s minority protection or historical revisionism, they’re all encoded into the model.
I would have never thought this to be possible, but I somehow recalled a comment by @pl that it had already been done! (I would have been interested in the solution btw ;)
Aww thank you, feels good. Glad you figured it out, especially the oddity of kexec on NixOS at the moment, I’ll definitively have to revisit this. Somehow noticed that I can’t get the key from dmicode any longer over the weekend, not sure what the appropriate way is nowadays.
I’m always a bit puzzled by the self-promo rule enforcement. Every so often there’s a comment like this, it gets upvoted, and people flag as spam. But there are plenty of other times where I notice someone’s profile is full of “authored” and everyone seems to be letting it slide. Am I supposed to call them out? It feels a bit weird, to go digging at random (or more likely, to find justification after forming a negative view of someone). It’s also not easy to tell how much of someone’s comments are self-promo.
Sometimes people only post links to things they’ve authored but actively comment on other things. If you see a load of interesting comments from someone but every story they post is ‘authored by’ then it’s fine.
For the rest, it requires someone to notice. Some people get away with it because there’s no automated enforcement, just a rule that relies on people flagging the stories and the admins making a judgement call.
Usually, if someone posts a warning like the one that you replied to, it’s intended a gentle reminder: lobste.rs is not your marketing channel, please participate in the community or don’t, but don’t just use it to advertise your own things.
Yeah I think we should judge the content on whether it’s GOOD, not whether it’s “self-promo”, which is sort of ambiguous
I haven’t read this article yet, but it seems pretty on topic and good
The only thing that bugs me in the Substack pop-ups, but that’s better than Medium and other blogging sites that have been posted here in the past
And yeah it would be better to not have the top comment thread be “meta” – it seems like the article has inspired some other discussion, which is good, and should be at the top instead
31 out of 46 submissions are authored by @abhi9u. When you try to read the article, you’re greeted with an interaction reminder (subscribe to newsletter). I think both things are generally discouraged.
@abhi9u is not participating within the community, most comments are within the own submissions.
There have been concerns about the content previously and there seems to be little adjustment so far.
lobste.rs is different to most /r/‘s or ycombinator news. If the author intends to reach an audience and little interaction within the community, perhaps it’s best to share content on other sites instead.
[…] someone’s profile is full of “authored” […]
I assume mods/admins usually keep an eye on that themselves, you will receive a private warning when mods feel there is too much self promotion. If you look at the moderation log with the “users” filter and search for “promotion” there are plenty of people that are getting kicked off the platform, so whilst there may be some sort of “letting it slide” - I do not believe that “letting it slide” is the default.
Maybe do a “meta” posting or talk to the mods if you have a concern and are able to share some examples.
Yeah, I agree. Maybe it mostly is, but I’m only seeing these public comments, so I get the wrong impression about the rule being enforced inconsistently.
Remapped with keyd Backick to the esc key and made caps lock esc and on long hold Ctrl. Becomes quite erginomic, original motivation was a small sized mechanical keyboard that lacked backtick. Besides that I’m on standard querty with compose keys enabled. I try to keep my layout in a state where others can use my keyboard as well so I don’t lose touch with regular keyboards. keyd configuration is a bit hard to understand, but eventually I started understanding the config.
Next thing is to not accept pull requests, contributions are like free puppies - great but also become a commitment. (From one of the blog postings of zed-editor)
This has come up before .. but I occasionally do tiny “drive-by” PRs for fixes that look simple, or that I’ve applied locally and seem to work. I often then get nickel-and-dimed to death by a maintainer wanting me to read and comply with pages of project-specific policy, when they could easily have reworked the PR in half the time they’ve spent badgering me. When I do these sort of PRs, it’s an attempt to be helpful: “if the fix really is as simple as it looks, I’ve enabled you to apply it with one click .. if not, no worries.” I’m not going to spend hours jumping through hoops to get familiar with a project I’m never likely to contribute to again. Users get old / ill / tired / burned out as well, and recently my new policy is just to close these PRs when maintainers behave like this.
Yeah, this perfectly describes my last attempt to help fix a bug instead of reporting it. Posted a one-line fix for a bug that was probably just a typo, got asked to fill out some paperwork. I declined and they called me mean. I don’t really understand this mindset, but everyone is free to run their project as they like, I guess.
I don’t mean to call you out so hard, but seriously, you cleared the PR template they already had in place and left it blank. Even a one-liner takes time to evaluate, and if you can’t be bothered doing the bare minimum requested to help over-worked maintainers (who had already put in the effort to make that as effortless as possible), it isn’t really help at all — you’re saying, “here’s a patch, I won’t justify it at all, and if you don’t accept it you’re being mean.”
* “Take or leave this patch. I decided the repo was abandoned and forked it for myself.”
** “We all have our obligations and do this in our free time. It’s not a company backed repo. […] you passive-agressively declare this repo as abandoned because things don’t play out in the way you want them.”
Many of us are not going to fill out forms to send a quick fix. I just posted it as a courtesy, which they can take or leave, and yes, I did explain the bug. Worse, I ended up not using the fork either, once I understood what all that code was doing.
They are still welcome to the fix, no strings attached.
Not sure how my feelings would’ve been hurt here, I have no relationship to the project. I just found the stated scenario of “got asked to fill out some paperwork. I declined and they called me mean” so improbable that I thought I’d spend 30 seconds looking up what actually happened. And what do you know.
Is there a mitigation other than validating that variables used in arithmetic context only contain numeric values before use? e.g:
$ x='a[$( echo "evaluated" >&2 )]'
$ # bad
$ if (( x > 0 )); then echo "gt 0: $x"; fi
evaluated
$ # OK
$ if [[ $x =~ ^[0-9]*$ ]] && (( x > 0 )); then echo "gt 0: $x"; fi
$ x=42
$ if (( x > 0 )); then echo "gt 0: $x"; fi
gt 0: 42
$ if [[ $x =~ ^[0-9]*$ ]] && (( x > 0 )); then echo "gt 0: $x"; fi
gt 0: 42
I think that’s the appropriate thing to do, arithmetic on untrusted input is something you’d discourage in any language I believe. I’d add a [ ${#x} -lt 5 ] in there as well to ensure short values as well if it’s untrusted data. But still, quite awful.
While I strongly support this report and shared it on other networks, I flagged it as off-topic as it doesn’t relate to “computing”. It already sparked more bad faith than what I was expecting to see from this community.
Discussion of FSF’s governance is absolutely on-topic for this forum, IMO.
Ultimately, I think the whole report is less about condemning one man (which the report explicitly does) and more about the FSF moving past its problematic leadership and hopefully becoming relevant again.
That’s a fair point. I just don’t think we’ll be able to move past Stallman apologists and have an honest discussion about the FSF, even if we remove the person tag and try to recenter the debate.
So many analogues to the FSF have been founded specifically to enable ignoring RMS, and thriving for that reason, that I don’t think the relevance of the FSF-per-se is even that important any more.
This isn’t really about FSF’s governance though, it’s about the behaviour of someone governing FSF. Would Hans Reiser’s murdering of his wife be on topic at the time he was project lead on ReiserFS?
Topicality: … Some rules of thumb for great stories to submit: Will this improve the reader’s next program? Will it deepen their understanding of their last program? Will it be more interesting in five or ten years?
The Reiser case seems to me to be a “no” on all three questions, although I acknowledge that alone doesn’t necessarily mean it was off-topic.
I disagree on at least 2 here: Knowing that the core maintainer of a major filesystem is in jail with a chance to stay there for decades is useful info when picking the FS for my next project and it certainly had repercussions 10 years later (reiserFS isn’t relevant anymore). Of course a lot of things happened in addition to that, but the stability of its leadership was certainly an issue in its decline.
I would agree that following Reisers court case would not be on subject here, but I would find the fact that there’s something going on around Reiser while he was still in that leadership position - I’d see this definitely in scope for me as a software developer, as long as the source is reputable and factual.
Discussion of FSF’s governance is absolutely on-topic for this forum, IMO.
I don’t have a stake in this forum, but such discussions should absolutely be off-topic for a technical forum, especially if it involves cancelling people based on politics. This is mostly because the material is triggering, regardless of your opinions about it, and I don’t see a way to filter such crap out.
Furthermore, as an opinion, I couldn’t care less about the FSF. This is an organization that teaches people that proprietary software is immoral. I mean, this is basically the reason for why Open Source happened because, despite all the good that RMS and the FSF did in jump-starting an ecosystem around GPL licensing, the FSF was and will always be a political cult, all the discussions it generates are political, and I have better things to do.
I don’t know what sense exactly oz meant, but here’s what the About page says:
Brigading: Lobsters is not to be used to whip up an outrage mob and direct them at targets, especially individuals and small projects. It always feels righteous at first and becomes an awful tool for abuse. There isn’t a clear-cut line between this and discussing trends and advocating for improvements in the field, so expect frustrating judgement calls.
I guess the definition of “brigading” there is “to whip up an outrage mob and direct them at targets”.
Which is why it probably has no place on Lobsters. It is drama in our community (at least judging by the Pareto distribution of upvotes vs. flags for this post). You’ll be more likely to find people that won’t downplay this report if you go to Reddit/Twitter/etc.
Off-topic or not, I find it too significant to flag it even if it is not strictly about computing.
It refers to a person who has profound impact on the shape of the worldwide software community.
It documents thoroughly, with countless references to sources, that is Stallman’s statements and manifests in his own site - a concern far too significant to be overlooked, flagged and deleted, even if for many it’s off-topic as in well, paedophilia and sexual harassment are not relevant for me.
Flagging does more than hide it from your feed. It marks the account. If you get enough flags you get a nice message suggesting you delete your account (not a joke).
I think “off topic” should be used sparingly. It is not an “I disagree with this” button or a downvote substitute.
That’s the one. It is more nuanced. I was going from memory.
Even though it’s couched, the phrase “delete your account” was quite memorable for me. It’s also a little different experience when it shows up as a banner on the page rather than reading an ERB partial on mobile.
While I think the original banner was in place to “gently” remind trolls that their antics were not welcome, it had the unfortunate effect of also being applied to prolific posters who attracted an unproportionate amount of flags.
I think I’m the top / second most flagged poster on here every once in a while and it’s honestly ridiculous. I’ve reached out to the mods twice about it with no response, so the whole “delete your post or contact the mods to discuss” is seemingly not a meaningful choice.
Can’t blame burntsushi for it a bit. I’ve considered deleting my account over it since it literally suggests that you consider just that. At this point I’ve moved past it and don’t really care about the banner at all.
Unfortunately, lobsters has the same problem that every site with a scoring system has. People downvote or flag or whatever because they disagree with you, not because you lack substance. No amount of good faith engagement will ever keep people from flagging you, and there is seemingly no recourse for flagging erroneously.
It seems to me possible to strongly support a thing and yet more strongly support principles that one sees as saying it doesn’t belong here. (I am not commenting on whether it does belong here.)
I don’t even think it has to be “more strongly support” re: principles. It’s seems entirely consistent to say “this is the most important issue in my life” while also saying “and I will discuss it in the venues where it is appropriate to do so”, even if you consider discussion in appropriate venues to be of lesser importance. One dictates the value of the conversation, one is simply a practical acceptance of where that issue is best discussed.
I don’t think this gotcha! argument really applies here. I thought to be important to show that off-topic flags are not (all?) in support of Stallman because that’s not what they are for. In addition, the discussion immediately derailed with insults against the report’s authors and trolling—the report on itself is not controversial, but Stallman supporters are trying to make it look like so.
Compare it with the situation on the orange site, where this submission is much more topical: it was flagged to death and never reached the home page. That’s not what happens with off-topic flags on lobste.rs and the link is still #1.
I’m also using iwd and there are some issues with nmcli device wifi list --rescan yes and networks not showing up until multiple rescans. Also nmcli device wifi list shows incorrect MAC addresses and also wrong channels. Sometimes nmcli connection up WirelessNetwork will fail with “Credentials Missing”, even though the actual issue is that connection up doesn’t trigger a rescan and if iwd hasn’t seen the network yet it will fail to connect.
That being said, I’m still staying on iwd.
Also note, switching to iwd changes the device identifier - so previous created wireless connections won’t just work immediately.
Cool! Did you give dbus-broker a try yet? Currently there are some challenges with the nixos systemd team to set it as a default, but works great for me.
You might want to remove (or asterisk) “SSH 3” from your list, since it’s not actually SSH and not from the SSH team. It looks like the project’s homepage now says they’re looking for a new name.
Surprised the author doesn’t mention terragrunt for the Plan C. I’ve been splitting up states that way for some time now and it works fairly well. Allows you to hit the sweet spot of speed (smaller applies) and validity (apply all with dependency tracking).
Back when I was living with my parents, I grew up in a cottage with just some tens of single-family houses. The closest DSLAM was ~6.5KM away (which is a lot for DSL) and the last 3KM were just paper coated lead telephone wires, with a lot of resistance. We barely had 0.8 Mbit/s, in the beginning even 0.25 and everytime it was raining the network would collapse, become asynchronous since allegedly the insulation was getting wet underground. Really sad growing up with frequent internet outages whenever it starts raining.
Can’t imagine what Lasse Collin must be going through right now. Here one of Lasse’s older messages from 2022:
[..] I haven’t lost interest but my ability to care has been fairly limited
mostly due to longterm mental health issues but also due to some other
things. Recently I’ve worked off-list a bit with Jia Tan on XZ Utils and
perhaps he will have a bigger role in the future, we’ll see. [..]
It’s also good to keep in mind that this is an unpaid hobby project.
Now having a co-maintainer has ultimately backfired. I hope Lasse is doing well.
Publicly speaking about mental health opens up you, and everyone who experiences directly or indirectly similar mental health issues, to support and personal and collective understanding of mental health issues, and normalisation of mental health issues in societies and communities.
The ‘attack vector’ of getting a society to suppress open communication around mental health issues is huge compared to any software attack vector - an adversary would drool over the net effect of getting a nation to steep in its own undiscussed, untreated mental health issues.
First office job, they were having all their servers with full-disk encryption and different passwords for each server.
When I joined they were typing those out for 50+ servers on every single important Kernel upgrade. First thing was just an xdotool-script that would type those passwords out through the KVM console.
A while later I learned about kexec and realized I could pass a LUKS password via the /proc/cmdline. Allowing you to reboot encrypted systems, with no user interaction.
When you’re root user, you can extract the unlocked LUKS main key from RAM and can use that to add a key.
Wrote several shell scripts and a Salt state that basically would:
add a temporary key to the LUKS key slots
then prepares the kexec-cmdline with a new key
kexec reboots the machine and parses /proc/cmdline args inside the initramfs for the key
then unlocks
automatically removes the key from the LUKS main key again
then bind mounts over /proc/cmdline to hide from regular user processes the key that was temporary used
In the end, this made it possible to upgrade 80+ remote servers on one evening - rather than two weeks of work by the ops team power cycling and typing or pasting passwords.
After quitting the job I’ve found someone who implemented something similar, calling it keyexec on GitHub. The main difference is that this doesn’t use dmsetup ... | xxd -r for LUKS key operations, but rather a permanently added keyfile on the rootfs.
I’ve been meaning to rewrite this for NixOS for a while now, shoot me up if you want to see that happen :D.
In the future there will be hopefully kexec permanent memory in the Kernel with prmem(lkml-article) which will allow using that for passing the luks key material instead.
then bind mounts over /proc/cmdline to hide from regular user processes the key that was temporary used
Is that just an additional safety measure in case something goes wrong with the removal? If they key has been properly deleted, it should be worthless, or am I missing something? (not that familiar with how LUKS works)
Is that just an additional safety measure in case something goes wrong with the removal?
Yes, just to make sure you leak a bit less information into the regular user-space.
If they key has been properly deleted, it should be worthless, or am I missing something?
The way SSDs are working might make it possible that your main key is getting re-written somewhere else altogether, if you are unlucky you might have someone who saw the temporary key and is able to restore an older LUKS main key that is still compatible with that temporary key from the physical SSD.
I have not, I don’t think that comes remotely as ingenious as using kexec to be honest. It requires networking, multiple services running and introduces new security challenges. I think most would just use dropbear-initramfs and ssh-unlock if they want network luks unlock.
Please don’t comment “why not X”. This is not about “X”, this showcases NVMe TCP - which is a technology I haven’t heard of before and seems to be trivial to setup for what it provides.
An added benefit is that I learned how to export disks using NVME over TCP, thanks to my colleague
Definitively and in addition this posting also taught me about this technology.
I suppose that will allow high performance network block storage without network-block-device/ndb, whilst providing all low-level primitives of NVMe. Which is particularly cool since it appears to be stable enough to run over wi-fi.
Now after Googling a bit around, one thing that might have made things a bit easier (except ?Wi-Fi?) is using https://github.com/poettering/diskomator on the source laptop.
“Why not X” comments have taught me a lot I would’ve otherwise never looked into, or heard of. I want to agree, but it had never occurred to me dd would work over ssh, which is useful and obvious in hindsight.
I think it depends a bit on the tonality, if you ask in an honest question after reading the article I think it’s alright - but here (and also on ycombinator news) the responses are more entitled sounding, kinda a “I know better” mentality - which I was meaning to ask not to bring up here further.
I think you are talking about my question about using dd. I didnt aim to be read as entitled or something else, I just wanted to understand how NVMEoF was performing better than other arguably simpler solutions. I was especially surprised by the time it took and the bandwidth achieved (20MB/s). I’ll try to word my question better next time, I was on mobile and didn’t take time to elaborate.
Thank you, this finally gave me the kick to migrate all my shortcuts/necessary config from sway to niri and it’s great to see how quickly everything worked out. So glad I’ll finally be able to share windows.
I think this should have the tag meta and none or the others. Also an ad for an alcohol company here is against lobste.rs rules overall.
Agree! Looks like our suggestions were applied ;)
Hi, do you have a reference for that, because I did not know that. I’d like to avoid a ban.
Not a mod, but, I don’t know if there’s a rule for that specifically. That said, I suspect this post is manifestly outside of the “Topicality” guideline: https://lobste.rs/about
That said, it’s already been more than a day and a half, and the post has been flagged several times, so multiple moderators have almost certainly looked at it. And you don’t seem banned yet, so it’s probably fine as long as you don’t make a habit of it. :)
In that context the level of censorship is certainly an interesting aspect to consider as well. LLMs being tweaked to or trained on biased data can certainly have additionally negative consequences. Whether it’s minority protection or historical revisionism, they’re all encoded into the model.
I would have never thought this to be possible, but I somehow recalled a comment by @pl that it had already been done! (I would have been interested in the solution btw ;)
Aww thank you, feels good. Glad you figured it out, especially the oddity of kexec on NixOS at the moment, I’ll definitively have to revisit this. Somehow noticed that I can’t get the key from dmicode any longer over the weekend, not sure what the appropriate way is nowadays.
https://unix.stackexchange.com/a/119832
Maybe cool it a bit with the constant self-promotion? See https://lobste.rs/about :
I’m always a bit puzzled by the self-promo rule enforcement. Every so often there’s a comment like this, it gets upvoted, and people flag as spam. But there are plenty of other times where I notice someone’s profile is full of “authored” and everyone seems to be letting it slide. Am I supposed to call them out? It feels a bit weird, to go digging at random (or more likely, to find justification after forming a negative view of someone). It’s also not easy to tell how much of someone’s comments are self-promo.
Sometimes people only post links to things they’ve authored but actively comment on other things. If you see a load of interesting comments from someone but every story they post is ‘authored by’ then it’s fine.
For the rest, it requires someone to notice. Some people get away with it because there’s no automated enforcement, just a rule that relies on people flagging the stories and the admins making a judgement call.
Usually, if someone posts a warning like the one that you replied to, it’s intended a gentle reminder: lobste.rs is not your marketing channel, please participate in the community or don’t, but don’t just use it to advertise your own things.
Yeah I think we should judge the content on whether it’s GOOD, not whether it’s “self-promo”, which is sort of ambiguous
I haven’t read this article yet, but it seems pretty on topic and good
The only thing that bugs me in the Substack pop-ups, but that’s better than Medium and other blogging sites that have been posted here in the past
And yeah it would be better to not have the top comment thread be “meta” – it seems like the article has inspired some other discussion, which is good, and should be at the top instead
31 out of 46 submissions are authored by @abhi9u. When you try to read the article, you’re greeted with an interaction reminder (subscribe to newsletter). I think both things are generally discouraged.
@abhi9u is not participating within the community, most comments are within the own submissions.
There have been concerns about the content previously and there seems to be little adjustment so far.
lobste.rs is different to most /r/‘s or ycombinator news. If the author intends to reach an audience and little interaction within the community, perhaps it’s best to share content on other sites instead.
I assume mods/admins usually keep an eye on that themselves, you will receive a private warning when mods feel there is too much self promotion. If you look at the moderation log with the “users” filter and search for “promotion” there are plenty of people that are getting kicked off the platform, so whilst there may be some sort of “letting it slide” - I do not believe that “letting it slide” is the default.
Maybe do a “meta” posting or talk to the mods if you have a concern and are able to share some examples.
It would be better if issues with the rules would be dealt with by the moderators or via DM instead of by off-topic meta-discussion in the comments.
Yeah, I agree. Maybe it mostly is, but I’m only seeing these public comments, so I get the wrong impression about the rule being enforced inconsistently.
Remapped with keyd Backick to the esc key and made caps lock esc and on long hold Ctrl. Becomes quite erginomic, original motivation was a small sized mechanical keyboard that lacked backtick. Besides that I’m on standard querty with compose keys enabled. I try to keep my layout in a state where others can use my keyboard as well so I don’t lose touch with regular keyboards. keyd configuration is a bit hard to understand, but eventually I started understanding the config.
Next thing is to not accept pull requests, contributions are like free puppies - great but also become a commitment. (From one of the blog postings of zed-editor)
This has come up before .. but I occasionally do tiny “drive-by” PRs for fixes that look simple, or that I’ve applied locally and seem to work. I often then get nickel-and-dimed to death by a maintainer wanting me to read and comply with pages of project-specific policy, when they could easily have reworked the PR in half the time they’ve spent badgering me. When I do these sort of PRs, it’s an attempt to be helpful: “if the fix really is as simple as it looks, I’ve enabled you to apply it with one click .. if not, no worries.” I’m not going to spend hours jumping through hoops to get familiar with a project I’m never likely to contribute to again. Users get old / ill / tired / burned out as well, and recently my new policy is just to close these PRs when maintainers behave like this.
Yeah, this perfectly describes my last attempt to help fix a bug instead of reporting it. Posted a one-line fix for a bug that was probably just a typo, got asked to fill out some paperwork. I declined and they called me mean. I don’t really understand this mindset, but everyone is free to run their project as they like, I guess.
You declined* and they called you mean**.
I don’t mean to call you out so hard, but seriously, you cleared the PR template they already had in place and left it blank. Even a one-liner takes time to evaluate, and if you can’t be bothered doing the bare minimum requested to help over-worked maintainers (who had already put in the effort to make that as effortless as possible), it isn’t really help at all — you’re saying, “here’s a patch, I won’t justify it at all, and if you don’t accept it you’re being mean.”
* “Take or leave this patch. I decided the repo was abandoned and forked it for myself.”
** “We all have our obligations and do this in our free time. It’s not a company backed repo. […] you passive-agressively declare this repo as abandoned because things don’t play out in the way you want them.”
I’m sorry I hurt your feelings or theirs.
Many of us are not going to fill out forms to send a quick fix. I just posted it as a courtesy, which they can take or leave, and yes, I did explain the bug. Worse, I ended up not using the fork either, once I understood what all that code was doing.
They are still welcome to the fix, no strings attached.
Not sure how my feelings would’ve been hurt here, I have no relationship to the project. I just found the stated scenario of “got asked to fill out some paperwork. I declined and they called me mean” so improbable that I thought I’d spend 30 seconds looking up what actually happened. And what do you know.
If the maintainer doesn’t accept code contributions at all, then they’re unlikely to ask you to do paperwork to contribute code.
Unfortunately Shellcheck isn’t aware of this behavior yet. I’ve opened an issue: https://github.com/koalaman/shellcheck/issues/3088
ShellCheck can’t really do anything about it, because
As mentioned elsewhere in this thread, OSH has arrays (arrays being why bash has the bug), but it does not have any hidden
eval, including this bug.OSH is the most bash-compatible shell in the world, and also the most bash-compatible one that doesn’t have this bug :)
Shellcheck already forces you to accept certain warnings, such as that
echo '${foo}'is most likely not what you are trying to do.I believe having behavior of:
[ "$foo" -lt 5 ]over[[ "$foo" -lt 5 ]](( foo + 5 ))to ensurefoois numeric onlyThe author of this post learned of the issue from a 2018 post on Vidar Holen’s blog. Vidar is the author of ShellCheck:
https://www.vidarholen.net/contents/blog/?p=716
Pretty soon ShellCheck will just have to warn that bash is installed on the system:
Ahh . Yeah maybe we are soon to be at a point where Bash can be abandoned.
ShellCheck should maybe warn about probably-dangerous indirection like
"${!varname}"andprintf -v "$varname"(if it doesn’t warn already).Is there a mitigation other than validating that variables used in arithmetic context only contain numeric values before use? e.g:
I think that’s the appropriate thing to do, arithmetic on untrusted input is something you’d discourage in any language I believe. I’d add a
[ ${#x} -lt 5 ]in there as well to ensure short values as well if it’s untrusted data. But still, quite awful.Though, the Python equivalent of the bash code above would be:
and that, clearly, is insane.
Wow, such a great write up and a positive success story with something that is inherently just technology.
While I strongly support this report and shared it on other networks, I flagged it as off-topic as it doesn’t relate to “computing”. It already sparked more bad faith than what I was expecting to see from this community.
Discussion of FSF’s governance is absolutely on-topic for this forum, IMO.
Ultimately, I think the whole report is less about condemning one man (which the report explicitly does) and more about the FSF moving past its problematic leadership and hopefully becoming relevant again.
That’s a fair point. I just don’t think we’ll be able to move past Stallman apologists and have an honest discussion about the FSF, even if we remove the person tag and try to recenter the debate.
So many analogues to the FSF have been founded specifically to enable ignoring RMS, and thriving for that reason, that I don’t think the relevance of the FSF-per-se is even that important any more.
It theoretically could be but clearly isn’t in this specific case.
This isn’t really about FSF’s governance though, it’s about the behaviour of someone governing FSF. Would Hans Reiser’s murdering of his wife be on topic at the time he was project lead on ReiserFS?
Why would Reiser’s wife’s murder not be? It sure seems like something the community should know about.
“something the community should know about” is not Lobsters’s definition of “on topic”:
The Reiser case seems to me to be a “no” on all three questions, although I acknowledge that alone doesn’t necessarily mean it was off-topic.
I disagree on at least 2 here: Knowing that the core maintainer of a major filesystem is in jail with a chance to stay there for decades is useful info when picking the FS for my next project and it certainly had repercussions 10 years later (reiserFS isn’t relevant anymore). Of course a lot of things happened in addition to that, but the stability of its leadership was certainly an issue in its decline.
I would agree that following Reisers court case would not be on subject here, but I would find the fact that there’s something going on around Reiser while he was still in that leadership position - I’d see this definitely in scope for me as a software developer, as long as the source is reputable and factual.
I don’t have a stake in this forum, but such discussions should absolutely be off-topic for a technical forum, especially if it involves cancelling people based on politics. This is mostly because the material is triggering, regardless of your opinions about it, and I don’t see a way to filter such crap out.
Furthermore, as an opinion, I couldn’t care less about the FSF. This is an organization that teaches people that proprietary software is immoral. I mean, this is basically the reason for why Open Source happened because, despite all the good that RMS and the FSF did in jump-starting an ecosystem around GPL licensing, the FSF was and will always be a political cult, all the discussions it generates are political, and I have better things to do.
everything is political, and if you think otherwise, you’re a bloody fool.
Well, it also looks like brigading.
It is important work, but I think I’d rather not read about this here.
In what sense?
I don’t know what sense exactly oz meant, but here’s what the About page says:
I guess the definition of “brigading” there is “to whip up an outrage mob and direct them at targets”.
I also flagged it. I don’t come to lobsters for this kind of drama. Leave it to the orange site.
Respectfully, calling it “drama” downplays decades of clearly documented abuse by the person in question to a rather sickening degree
Which is why it probably has no place on Lobsters. It is drama in our community (at least judging by the Pareto distribution of upvotes vs. flags for this post). You’ll be more likely to find people that won’t downplay this report if you go to Reddit/Twitter/etc.
Off-topic or not, I find it too significant to flag it even if it is not strictly about computing.
It refers to a person who has profound impact on the shape of the worldwide software community.
It documents thoroughly, with countless references to sources, that is Stallman’s statements and manifests in his own site - a concern far too significant to be overlooked, flagged and deleted, even if for many it’s off-topic as in well, paedophilia and sexual harassment are not relevant for me.
Flagging does more than hide it from your feed. It marks the account. If you get enough flags you get a nice message suggesting you delete your account (not a joke).
I think “off topic” should be used sparingly. It is not an “I disagree with this” button or a downvote substitute.
This appears to be more nuanced than what you describe. For reference: app/views/users/standing.html.erb.
That’s the one. It is more nuanced. I was going from memory.
Even though it’s couched, the phrase “delete your account” was quite memorable for me. It’s also a little different experience when it shows up as a banner on the page rather than reading an ERB partial on mobile.
This was discussed extensively 3 years ago: https://lobste.rs/s/zp4ofg
While I think the original banner was in place to “gently” remind trolls that their antics were not welcome, it had the unfortunate effect of also being applied to prolific posters who attracted an unproportionate amount of flags.
I think I’m the top / second most flagged poster on here every once in a while and it’s honestly ridiculous. I’ve reached out to the mods twice about it with no response, so the whole “delete your post or contact the mods to discuss” is seemingly not a meaningful choice.
Can’t blame burntsushi for it a bit. I’ve considered deleting my account over it since it literally suggests that you consider just that. At this point I’ve moved past it and don’t really care about the banner at all.
Unfortunately, lobsters has the same problem that every site with a scoring system has. People downvote or flag or whatever because they disagree with you, not because you lack substance. No amount of good faith engagement will ever keep people from flagging you, and there is seemingly no recourse for flagging erroneously.
Computing is (still) made by humans. Denying that is not productive nor is it beneficial.
How does any software license fit that topic then as well? Computing is about the people as much as it’s about the computers and computing.
you “strongly support” it, but you took action to reduce its reach and visibility. Your actions are at odds with your claim.
It seems to me possible to strongly support a thing and yet more strongly support principles that one sees as saying it doesn’t belong here. (I am not commenting on whether it does belong here.)
I don’t even think it has to be “more strongly support” re: principles. It’s seems entirely consistent to say “this is the most important issue in my life” while also saying “and I will discuss it in the venues where it is appropriate to do so”, even if you consider discussion in appropriate venues to be of lesser importance. One dictates the value of the conversation, one is simply a practical acceptance of where that issue is best discussed.
I don’t think this gotcha! argument really applies here. I thought to be important to show that off-topic flags are not (all?) in support of Stallman because that’s not what they are for. In addition, the discussion immediately derailed with insults against the report’s authors and trolling—the report on itself is not controversial, but Stallman supporters are trying to make it look like so.
Compare it with the situation on the orange site, where this submission is much more topical: it was flagged to death and never reached the home page. That’s not what happens with off-topic flags on lobste.rs and the link is still #1.
Not every alert needs to go out on every channel. It is worth defending the existence of topical distinctions between different discussion spaces.
I’m also using
iwdand there are some issues withnmcli device wifi list --rescan yesand networks not showing up until multiple rescans. Alsonmcli device wifi listshows incorrect MAC addresses and also wrong channels. Sometimesnmcli connection up WirelessNetworkwill fail with “Credentials Missing”, even though the actual issue is that connection up doesn’t trigger a rescan and ifiwdhasn’t seen the network yet it will fail to connect.That being said, I’m still staying on iwd.
Also note, switching to
iwdchanges the device identifier - so previous created wireless connections won’t just work immediately.Heads-up folks, I just pushed an update adding a few more things.
So for those that liked the first version, you will probably find a few more hidden gems now :).
Cool! Did you give dbus-broker a try yet? Currently there are some challenges with the nixos systemd team to set it as a default, but works great for me.
Forgot about
dbus-broker, yes I also use it by default. Will add it later.Added it, thanks for remining me!
A typo. Great article, btw!
Fixed, thanks.
I definitely need to setup up a spell/grammar check in neovim though.
You might want to remove (or asterisk) “SSH 3” from your list, since it’s not actually SSH and not from the SSH team. It looks like the project’s homepage now says they’re looking for a new name.
Who would be “the SSH team”?
https://www.openssh.com/
Surprised the author doesn’t mention terragrunt for the Plan C. I’ve been splitting up states that way for some time now and it works fairly well. Allows you to hit the sweet spot of speed (smaller applies) and validity (apply all with dependency tracking).
The related Issue on Gnome GitLab.
Back when I was living with my parents, I grew up in a cottage with just some tens of single-family houses. The closest DSLAM was ~6.5KM away (which is a lot for DSL) and the last 3KM were just paper coated lead telephone wires, with a lot of resistance. We barely had 0.8 Mbit/s, in the beginning even 0.25 and everytime it was raining the network would collapse, become asynchronous since allegedly the insulation was getting wet underground. Really sad growing up with frequent internet outages whenever it starts raining.
Can’t imagine what Lasse Collin must be going through right now. Here one of Lasse’s older messages from 2022:
Now having a co-maintainer has ultimately backfired. I hope Lasse is doing well.
He put out a short statement today
https://tukaani.org/xz-backdoor/
Publically speaking about mental health open you up to social engineering attack vectors. What a sad and cruel world.
What’s also sad is people feel the need to add the mental qualifier. As if it was not a part of the regular health.
“Oh it’s just burnout? I thought you had cancer or something” is probably a concern for many.
True, I understand what you are trying to convey. It is sad.
Publicly speaking about mental health opens up you, and everyone who experiences directly or indirectly similar mental health issues, to support and personal and collective understanding of mental health issues, and normalisation of mental health issues in societies and communities.
The ‘attack vector’ of getting a society to suppress open communication around mental health issues is huge compared to any software attack vector - an adversary would drool over the net effect of getting a nation to steep in its own undiscussed, untreated mental health issues.
First office job, they were having all their servers with full-disk encryption and different passwords for each server. When I joined they were typing those out for 50+ servers on every single important Kernel upgrade. First thing was just an xdotool-script that would type those passwords out through the KVM console.
A while later I learned about
kexecand realized I could pass a LUKS password via the/proc/cmdline. Allowing you to reboot encrypted systems, with no user interaction.When you’re root user, you can extract the unlocked LUKS main key from RAM and can use that to add a key. Wrote several shell scripts and a Salt state that basically would:
/proc/cmdlineargs inside the initramfs for the key/proc/cmdlineto hide from regular user processes the key that was temporary usedIn the end, this made it possible to upgrade 80+ remote servers on one evening - rather than two weeks of work by the ops team power cycling and typing or pasting passwords.
After quitting the job I’ve found someone who implemented something similar, calling it
keyexecon GitHub. The main difference is that this doesn’t usedmsetup ... | xxd -rfor LUKS key operations, but rather a permanently added keyfile on the rootfs.I’ve been meaning to rewrite this for NixOS for a while now, shoot me up if you want to see that happen :D.
In the future there will be hopefully kexec permanent memory in the Kernel with
prmem(lkml-article) which will allow using that for passing the luks key material instead.Is that just an additional safety measure in case something goes wrong with the removal? If they key has been properly deleted, it should be worthless, or am I missing something? (not that familiar with how LUKS works)
Yes, just to make sure you leak a bit less information into the regular user-space.
The way SSDs are working might make it possible that your main key is getting re-written somewhere else altogether, if you are unlucky you might have someone who saw the temporary key and is able to restore an older LUKS main key that is still compatible with that temporary key from the physical SSD.
Have you looked at Mandos? It can unlock machines using pki.
I have not, I don’t think that comes remotely as ingenious as using kexec to be honest. It requires networking, multiple services running and introduces new security challenges. I think most would just use dropbear-initramfs and ssh-unlock if they want network luks unlock.
Have you heard of clevis/tang? I’ve met the project initiator at fosdem many years back, and it was just presented this year again.
Please don’t comment “why not X”. This is not about “X”, this showcases NVMe TCP - which is a technology I haven’t heard of before and seems to be trivial to setup for what it provides.
Definitively and in addition this posting also taught me about this technology.
I suppose that will allow high performance network block storage without network-block-device/ndb, whilst providing all low-level primitives of NVMe. Which is particularly cool since it appears to be stable enough to run over wi-fi.
Now after Googling a bit around, one thing that might have made things a bit easier (except ?Wi-Fi?) is using https://github.com/poettering/diskomator on the source laptop.
“Why not X” comments have taught me a lot I would’ve otherwise never looked into, or heard of. I want to agree, but it had never occurred to me dd would work over ssh, which is useful and obvious in hindsight.
I think it depends a bit on the tonality, if you ask in an honest question after reading the article I think it’s alright - but here (and also on ycombinator news) the responses are more entitled sounding, kinda a “I know better” mentality - which I was meaning to ask not to bring up here further.
I think you are talking about my question about using dd. I didnt aim to be read as entitled or something else, I just wanted to understand how NVMEoF was performing better than other arguably simpler solutions. I was especially surprised by the time it took and the bandwidth achieved (20MB/s). I’ll try to word my question better next time, I was on mobile and didn’t take time to elaborate.