GNU social JP
  • FAQ
  • Login
GNU social JPは日本のGNU socialサーバーです。
Usage/ToS/admin/test/Pleroma FE
  • Public

    • Public
    • Network
    • Groups
    • Featured
    • Popular
    • People

Notices by Miah Johnson (miah@hachyderm.io)

  1. Embed this notice
    Miah Johnson (miah@hachyderm.io)'s status on Tuesday, 10-Sep-2024 02:24:51 JST Miah Johnson Miah Johnson

    Instead of going to the Apple Event, buy a book on how to fix things, like a computer. Then realize that Apple products are 99% landfill fodder walled garden garbage bullshit.

    In conversation about 9 months ago from hachyderm.io permalink
  2. Embed this notice
    Miah Johnson (miah@hachyderm.io)'s status on Thursday, 05-Sep-2024 04:03:54 JST Miah Johnson Miah Johnson

    I'm not convinced we need Wayland, but what we do need is somebody fix the goddamned clipboard in Xwindows. Holy fuck do I want to destroy things right now.

    If I paste in the command line in urxvt, its exactly what I wanted.

    If I open vim in that same window and paste, its something else.

    If I try to paste into a different window where weechat is, its something else (just a bunch of spaces).

    If I open xclipboard, it only contains the text that pastes fine in the command line.

    In conversation about 9 months ago from hachyderm.io permalink
  3. Embed this notice
    Miah Johnson (miah@hachyderm.io)'s status on Wednesday, 21-Aug-2024 01:52:28 JST Miah Johnson Miah Johnson

    Its going to be interesting to see what "retro computing" looks like in 20 years. I imagine its going to struggle with a lot of devices released from 2012 - now. Phones? lol half of them don't last 4 years. iPads? lol good luck. Same issues. Batteries are garbage. You can replace of course.

    But I hope you have a archive of those apps you love. Whats that? You can only download them through an app store.. well.. Good luck!

    How many apps & games from Android and Apple stores are just _gone_?

    In conversation about 9 months ago from hachyderm.io permalink
  4. Embed this notice
    Miah Johnson (miah@hachyderm.io)'s status on Thursday, 15-Aug-2024 00:47:08 JST Miah Johnson Miah Johnson
    in reply to

    So why do we need sudo if we have su?

    Well, su is very basic. You can 'Switch Users' (su). That's basically all there is to it. You can switch users, and invoke a shell. You can switch users and execute a command. You can pass some arguments to maybe inherit the environment or set $HOME appropriately. But thats basically it for su(1).

    In conversation about 9 months ago from hachyderm.io permalink
  5. Embed this notice
    Miah Johnson (miah@hachyderm.io)'s status on Thursday, 15-Aug-2024 00:47:08 JST Miah Johnson Miah Johnson

    I posted this poll because I was curious how many people know what `sudo` actually does.

    It seems many think it is distinctly different than `su`.

    `sudo` and `su` are effectively the same tool. They are both setuid binaries that allow you to change your effective uid from whatever it is now, to something else.

    Using either tool, you can switch to another user, and that other user may also be root.

    In conversation about 9 months ago from hachyderm.io permalink
  6. Embed this notice
    Miah Johnson (miah@hachyderm.io)'s status on Thursday, 15-Aug-2024 00:47:07 JST Miah Johnson Miah Johnson
    in reply to

    sudo is 'Switch User and Do'. You can still do all of the same things that you can with su, but you can also build a ACL that specifies what users, commands, and arguments a user is allowed to invoke.

    The /etc/sudoers file is described using Extended Backus-Naur Form (EBNF) rules. Most people just add their user with a glob. Something like this:

    `miah ALL=(ALL:ALL) ALL`

    But you can go MUCH MUCH more complex. I'm going to use some examples from the man page.

    In conversation about 9 months ago from hachyderm.io permalink
  7. Embed this notice
    Miah Johnson (miah@hachyderm.io)'s status on Thursday, 15-Aug-2024 00:47:06 JST Miah Johnson Miah Johnson
    in reply to

    Another /etc/sudoers example from the man page:

    The operator user may run commands limited to simple maintenance. Here, those are commands related to backups, killing processes, the printing system, shutting down the system, and any commands in the directory /usr/oper/bin/.

    `
    Cmnd_Alias SHUTDOWN = /usr/sbin/shutdown
    Cmnd_Alias HALT = /usr/sbin/halt
    Cmnd_Alias REBOOT = /usr/sbin/reboot

    operator ALL = DUMPS, KILL, SHUTDOWN, HALT, REBOOT, PRINTING,\
    sudoedit /etc/printcap, /usr/oper/bin/`

    In conversation about 9 months ago from hachyderm.io permalink
  8. Embed this notice
    Miah Johnson (miah@hachyderm.io)'s status on Thursday, 15-Aug-2024 00:47:06 JST Miah Johnson Miah Johnson
    in reply to

    A /etc/sudoers example from the man page:

    The user tcm may run commands that access a modem device file with the dialer group:

    `tcm boulder = (:dialer) /usr/bin/tip, /usr/bin/cu,\
    /usr/local/bin/minicom`

    In conversation about 9 months ago from hachyderm.io permalink
  9. Embed this notice
    Miah Johnson (miah@hachyderm.io)'s status on Thursday, 15-Aug-2024 00:47:05 JST Miah Johnson Miah Johnson
    in reply to

    Of course the sudoers file also allows you to bind to LDAP too, so you can actually store the entire ruleset in a single location to be used by all of your systems without any 'configuration management'.

    LDAP gives you some other features that typically come with configuration management too, like auditability of who made changes and when, as well as the ability to store diffs as changes and go through an approval process.

    Everybody hates LDAP for reasons.. But its fine. Its good actually!

    In conversation about 9 months ago from hachyderm.io permalink
  10. Embed this notice
    Miah Johnson (miah@hachyderm.io)'s status on Thursday, 15-Aug-2024 00:47:05 JST Miah Johnson Miah Johnson
    in reply to

    I've had to trim a bit from these to fit in the mastodon post length, so refer to sudoers(5) for more details.

    The point being, that you can create a curated list of commands, arguments, and users that can be used through sudo. Its not just a tool to 'give me a root shell', its a tool to give users limited access to commands.

    This can be extremely powerful if you need to let users who don't really know UNIX into a system to execute some commands with more privilege.

    In conversation about 9 months ago from hachyderm.io permalink
  11. Embed this notice
    Miah Johnson (miah@hachyderm.io)'s status on Thursday, 15-Aug-2024 00:47:04 JST Miah Johnson Miah Johnson
    in reply to

    Both sudo and doas give you good logs for auditing who did what and when.

    su logs too but as most people just jump to a shell its less useful.

    Allowing shell execution via sudo, or doas will also mean you lose fine grained audits, which is where their configuration power comes in handy. As now you're specifying exactly what people can do, and that is what gets logged.

    In conversation about 9 months ago from hachyderm.io permalink

    Attachments


  12. Embed this notice
    Miah Johnson (miah@hachyderm.io)'s status on Thursday, 15-Aug-2024 00:47:04 JST Miah Johnson Miah Johnson
    in reply to

    If you're on OpenBSD (and probably other BSD's) you likely have doas(1) instead of sudo. Its _almost_ the same thing. The configuration file ditches EBNF for a more forward approach. It doesn't have LDAP support that I am aware. Its very _simple_ and works.

    You can find docs in doas.conf(5) and here is an example:

    `permit nopass tedu as root cmd /usr/sbin/procmap`

    In conversation about 9 months ago from hachyderm.io permalink
  13. Embed this notice
    Miah Johnson (miah@hachyderm.io)'s status on Thursday, 15-Aug-2024 00:47:03 JST Miah Johnson Miah Johnson
    in reply to

    `sudo su` is always the least correct way to get a shell though. Effectively, you are doing:

    "switch user, switch user". You only need to do this once, and sudo can do it for you via `sudo -Hi`.

    But what if the user doesn't have a shell set? Or users /sbin/nologin as their shell?

    Then you can `sudo -u user /bin/bash` and well, you lose all auditing ability but now you can do things as that nologin user. This works similarly with doas, and su of course.

    In conversation about 9 months ago from hachyderm.io permalink
  14. Embed this notice
    Miah Johnson (miah@hachyderm.io)'s status on Thursday, 15-Aug-2024 00:47:02 JST Miah Johnson Miah Johnson
    in reply to

    I guess my last point on this is, if your system has sudo or doas, you never need to touch su. sudo and doas supersede su.

    =)

    In conversation about 9 months ago from hachyderm.io permalink
  15. Embed this notice
    Miah Johnson (miah@hachyderm.io)'s status on Sunday, 11-Aug-2024 01:29:47 JST Miah Johnson Miah Johnson
    in reply to
    • silverwizard

    @silverwizard @cynicalsecurity Not hard. =) The question would be... does the scanner process the zip bomb. Might be easier to respond with a redirect loop and let it hang forever.

    In conversation about 10 months ago from hachyderm.io permalink
  16. Embed this notice
    Miah Johnson (miah@hachyderm.io)'s status on Sunday, 11-Aug-2024 00:59:04 JST Miah Johnson Miah Johnson

    @cynicalsecurity Its also fun to respond with a 418 when somebody tries to pull wordpress stuff against your plain html server.

    Just.. don't do either if you use a CDN because they won't know what to do and will continue to pull that requested URL until it gets a 403/404, and possibly end up in your blocklist =)

    In conversation about 10 months ago from hachyderm.io permalink
  17. Embed this notice
    Miah Johnson (miah@hachyderm.io)'s status on Tuesday, 09-Jul-2024 01:17:30 JST Miah Johnson Miah Johnson

    So Boeing is going to pay out 4% of its 2023 profits and 'plead guilty'. Seems about right.

    In conversation about 11 months ago from hachyderm.io permalink
  18. Embed this notice
    Miah Johnson (miah@hachyderm.io)'s status on Saturday, 06-Jul-2024 04:39:18 JST Miah Johnson Miah Johnson

    In USB-C, the C stands for chaotic.

    In conversation about 11 months ago from hachyderm.io permalink
  19. Embed this notice
    Miah Johnson (miah@hachyderm.io)'s status on Friday, 21-Jun-2024 08:39:10 JST Miah Johnson Miah Johnson
    in reply to
    • minute
    • mhoye
    • ~n
    • 𝓼𝓮𝓻𝓪𝓹𝓪𝓽𝓱【ツ】☮(📍🇬🇧)

    @serapath @nblr @mhoye @mntmn We're lucky its working. Remember when L0pht spoke to the US Senate about Internet security, and much of "we can break things" involved BGP.

    https://www.youtube.com/watch?v=VVJldn_MmMY

    In conversation about a year ago from hachyderm.io permalink
  20. Embed this notice
    Miah Johnson (miah@hachyderm.io)'s status on Thursday, 20-Jun-2024 22:55:00 JST Miah Johnson Miah Johnson
    in reply to
    • SuperDicq

    @SuperDicq `/ignore JOINS QUITS PARTS` stops the mobile users spam.

    In conversation about a year ago from hachyderm.io permalink
  • Before

User actions

    Miah Johnson

    Miah Johnson

    Transgender, Author, Video Game Player, Programmer, UNIX, Fixer of Broken things(self not included); mechanic?; http://pronoun.is/she

    Tags
    • (None)

    Following 0

      Followers 0

        Groups 0

          Statistics

          User ID
          86592
          Member since
          9 Jan 2023
          Notices
          84
          Daily average
          0

          Feeds

          • Atom
          • Help
          • About
          • FAQ
          • TOS
          • Privacy
          • Source
          • Version
          • Contact

          GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.

          Creative Commons Attribution 3.0 All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.