Notices by Jan Schaumann (jschauma@mstdn.social)

"/bin/sh: the biggest #UNIX security loophole", by James A. Reeds, 1984

https://www.tuhs.org/Archive/Documentation/TechReports/Bell_Labs/ReedsShellHoles.pdf

All the tried and true ways to escalate privileges, including your common shell-out of setuid programs, PATH games, etc. with the conclusion we still see people having to learn repeatedly:

A Visit from St. Root - a #SysAdmin poem

'Twas the night of the moratorium, and all through the cloud
not a pager was beeping: no deploys were allowed.
The packages frozen on the servers with care,
In hopes that an outage would strike nowhere;

Enterprise IT Security tends to lose its shit when their endpoint protection finds #Tor browser on employees' devices.

Unless you do deep packet inspection / middlebox all traffic, I don't see a meaningful risk increase. (If you do, then it seems comparable to e.g., Apple Private Relay + browsers' DoH use.)

Does anybody have a good summary (not written by a VPN vendor) on the actual risk to the enterprise from its use by average users (not attacks on Tor itself, nor running a Tor node)?

I swear, every time I use (a, any) Linux, I have to do a double-take and go "what the fresh fuck is this now". Today it's whatever is going on with /etc/motd on Ubuntu.

Making simple things complicated seems to be the trend there.

"Multinational corporations are destroying Earth for profit. If we want real change, we have to be willing to threaten those profits"

https://www.irishtimes.com/life-style/people/2024/11/23/sally-rooney-when-are-we-going-to-have-the-courage-to-stop-the-climate-crisis/

Google announced a new #quantum chip, "Willow":
https://blog.google/technology/research/google-willow-quantum-chip/

This chip demonstrates exponential error correction:
https://research.google/blog/making-quantum-error-correction-work/

Their research in Nature:
https://www.nature.com/articles/s41586-024-08449-y

This is a pretty cool step forward in quantum computing. But the reporting I've seen, or perhaps: the takeaways people assume after skimming the headlines are often wildly off the mark.

Part of the problem is in the phrasing, saying Google's chip can solve a problem in 5 minutes that a classical computer can't solve in "a quadrillion times the age of the universe".

This is misleading.

What Google did was demonstrate exponential error correction, which is critical due to qubit fragility, requiring multiple physical qubits to be combined into one logical qubit to avoid a collapse into a classical state.

But the calculations they performed are not generic, general purpose calculations. Instead, they ran a specific type of computation, the random circuit sampling (RCS) benchmark:

https://research.google/blog/validating-random-circuit-sampling-as-a-benchmark-for-measuring-quantum-progress/

I really don't think Trump's talk of ending birthright citizenship is getting enough attention, being too easily dismissed as unlikely to execute.

It is literally the equivalent of the Reichsbürgergesetz under the Nuremberg Laws.

Remember that glorious period back in 2012, when #ICANN started accepting applications for new generic top-level domains (#gTLDs), eventually adding over 1,200 new TLDs, including such goldmines as .extraspace and .vermögensberatung?

Well, clearly that wasn't enough, because we're now finding ourselves on the cusp of another round.

https://newgtldprogram.icann.org/en

Why, you ask?

Is it because we've filled up all existing #TLDs and ran out of space?

Or is it because consumers, widely recognized for understanding so well the intricacies of the internet, are clearly asking for more TLDs?

Or could it be because ICANN will charge applicants $227,000, and if they get even half the number of applications they did in 2012 (1,930) that adds up to a cool $220M?

I'm gonna go out on a limb here and say that we don't need any new gTLDs. I've previously discussed TLDs[1] and am collecting ongoing stats[2] on the domain count as best as I can, which lets me provide an at least superficial overview of their current use, so if you'd indulge me for a moment...

[1] https://www.netmeister.org/blog/tlds.html
[2] https://www.netmeister.org/tldstats/

Advanced #Programming in the #UNIX Environment

Week 12, Asynchronous and Memory Mapped I/O

We conclude our series on a set of mixed advanced I/O topics with a quick summary of asynchronous (aio(7)) and memory mapped I/O (mmap(2)).

https://youtu.be/_R_t0d5BzEk

#apue

Advanced #Programming in the #UNIX Environment

Coding mistakes using strncat(3) are common - better: use strlcat(3).

https://www.netmeister.org/blog/strlcat.html

#apue

Advanced #Programming in the #UNIX Environment

Week 13, POSIX.1e ACLs

In this week, we look at the various ways in which processes can be restricted from impacting one another, beginning with methods we've already discussed to some degree (e.g., unix file access semantics, resource limits) and ultimately leading up to #containers.

In the first video, we show how POSIX.1e Access Control Lists (ACLs) can be used for more fine-grained file system access control.

https://youtu.be/lCACl3NE058

#apue

Advanced #Programming in the #UNIX Environment

Week 13, eUIDs, file flags, mount options, securelevels

We look at new ways to restrict processes and even root itself. We revisit how we change effective UIDs (see week 3) using su(1) and sudo(8), and then cover file flags, certain mount options, and BSD securelevels.

https://youtu.be/WBm5j-XAyVk

#apue

Advanced #Programming in the #UNIX Environment

Side-quest: IPC Buffer Sizes

In our discussion of IPC, we noticed that each form must use some sort of buffer. But what is the actual size of those buffers? Is it the same across #NetBSD, #Linux, #FreeBSD and other Unix versions?

https://www.netmeister.org/blog/ipcbufs.html

#apue

Advanced #Programming in the #UNIX Environment

Week 10, Daemon processes

We take a quick look at processes intended to run continuously and in the background: daemon processes. We'll also brush upon system start scripts and daemon/service conventions.

https://youtu.be/YbYQqVMv7b8

#apue

Advanced #Programming in the #UNIX Environment

Week 11, The Executable and Linkable Format

We begin our exploration of shared libraries. We start with a look at the Executable and Linkable Format (#ELF) for binary files such as executables, object files, core files and shared libraries. We'll use the hexdump(1) and readelf(1) utilities to better understand the format.

https://youtu.be/i1UDF05iZPU

#apue

Advanced #Programming in the #UNIX Environment

Week 11, Of Linkers and Loaders

Building on top of what we discussed in Week 5 in the context of the compiler chain, we take a look at how a relocatable object file is turned into an executable by the dynamic linker (ld) and how an executable is loaded into memory by the run-time link-editor (ld.so or ld.elf_so).

https://youtu.be/8KWuz7gLycc

#apue