Readit NewsDyslexicAtheist commented on Anna's Archive: An Update from the Team annas-archive.org/blog/an... · Posted by u/jerheinze
Please remain up. Libgen no longer works. I've used IRC for fiction and non-fiction but tech books needs Anna's Archive and Libgen. I buy the physical with company budget to pay the author but I need DRM free ebooks to read comfortably on my Tab S9 Ultra.
libgen is still there
DyslexicAtheist commented on SystemD Service Hardening roguesecurity.dev/blog/sy... · Posted by u/todsacerdoti
> this will not take off I'm afraid, because locking these unitfiles down is offloaded to the end-user
Maybe your point is that this isn't done by the vendor in practice. And I'm sure there's room for lots of improvement. However, one of the great things about how systemd units can be provided by the vendor and seamlessly tweaked by the administrator is that the vendor (i.e. packager and/or distro) can set these up easily.
There definitely are packages that ship with locked-down files. Tor and powerdns (pdns) are two off the top of my head.
→ Overall exposure level for pdns.service: 1.9 OK
→ Overall exposure level for tor.service: 7.1 MEDIUMI think it should be done by the maintainer of the software not by the distro. My concern is that these features are available since at least 5 years and it has not yet caught on (regardless of what this blog article recommends).
It would be great to see it implemented but for now at least on Debian/sid the situation is as follows:
UNIT EXPOSURE PREDICATE
ModemManager.service 6.3 MEDIUM
NetworkManager.service 7.8 EXPOSED
alsa-state.service 9.6 UNSAFE
anacron.service 9.6 UNSAFE
atop.service 9.6 UNSAFE
atopacct.service 9.6 UNSAFE
avahi-daemon.service 9.6 UNSAFE
blueman-mechanism.service 9.6 UNSAFE
bluetooth.service 6.0 MEDIUM
cron.service 9.6 UNSAFE
dbus.service 9.3 UNSAFE
dictd.service 9.6 UNSAFE
dm-event.service 9.5 UNSAFE
dnscrypt-proxy.service 8.1 EXPOSED
emergency.service 9.5 UNSAFE
exim4.service 6.9 MEDIUM
getty@tty1.service 9.6 UNSAFE
irqbalance.service 1.2 OK
lvm2-lvmpolld.service 9.5 UNSAFE
polkit.service 1.2 OK
rc-local.service 9.6 UNSAFE
rescue.service 9.5 UNSAFE
rtkit-daemon.service 7.2 MEDIUM
smartmontools.service 9.6 UNSAFE
systemd-ask-password-console.service 9.4 UNSAFE
systemd-ask-password-wall.service 9.4 UNSAFE
systemd-bsod.service 9.5 UNSAFE
systemd-hostnamed.service 1.7 OK
systemd-journald.service 4.9 OK
systemd-logind.service 2.8 OK
systemd-networkd.service 2.9 OK
systemd-timesyncd.service 2.1 OK
systemd-udevd.service 7.1 MEDIUM
tor@default.service 6.6 MEDIUM
udisks2.service 9.6 UNSAFE
upower.service 2.4 OK
user@1000.service 9.4 UNSAFE
wpa_supplicant.service 9.6 UNSAFEDyslexicAtheist commented on SystemD Service Hardening roguesecurity.dev/blog/sy... · Posted by u/todsacerdoti
> this will not take off I'm afraid, because locking these unitfiles down is offloaded to the end-user (I've yet to see maintainers embrace shipping locked down files).
https://fedoraproject.org/wiki/Changes/SystemdSecurityHarden...
thanks for the link, this is great news.
DyslexicAtheist commented on SystemD Service Hardening roguesecurity.dev/blog/sy... · Posted by u/todsacerdoti
these Hardening variables have been discussed some years back[1].
this will not take off I'm afraid, because locking these unitfiles down is offloaded to the end-user (I've yet to see maintainers embrace shipping locked down files). Maybe they will? But this same approach hasn't worked with apparmor so why should it work with systemd? Who will do the job?
If you consider apparmor maintainers provide skeleton-templates in many cases that will make the parser stop complaining. ("look I have a profile so apparmor shuts up, but don't take too close a look OK")
Then there is firejail, which some argue[2] is snake-oil considering the high level of administrative glue compared to its massive attack-surface (also it's a setuid binary).
I didn't mention SElinux since I don't know a single person who had the joy (or pain depending on perspective) of working with it. But again, seems the expectation to implement security with it is shifted to the user.
DyslexicAtheist commented on When did AI take over Hacker News? zachperk.com/blog/when-di... · Posted by u/zachperkel
Most people do not realize it, but the tech industry is largely predicated on a cult which many people belong to without ever realizing it, which is the cult of "scientism", or in the case of pro-AI types, a subset of that, which is accelerationism. Nietzsche and Jung jointly had the insight that in the wake of the enlightenment, God had been dethroned, yet humans remained in need of a God. For many, that God is simply material power - namely money. But for tech bros, it is power in the form of technology, and AI is the avatar of that.
So the emotional process which results in the knee-jerk reactions to even the slightest and most valid critiques of AI (and the value structure underpinning Silicon Valley's pursuit of AGI) comes from the same place that religous nuts come from when they perceive an infringement upon their own agenda (Christianity, Islam, pick your flavor -- the reactivity is the same).
your Nietzsche reference made me wonder about one of his other sayings that if you stare into the abyss for too long the abyss will stare into you. And that seems fitting with how AI responses are always phrased in a way that make you feel like you're the genius for even asking a specific question. And if we spend more time engaging with AI (which tricks us emotionally) will we also change our behavior and expect everyone else treating us like a genius in every interaction? What NLP does AI perform on humans that we haven't become aware of yet?
DyslexicAtheist commented on Streaming services are driving viewers back to piracy theguardian.com/film/2025... · Posted by u/nemoniac
> i for I, ... quit Netflix and Prime (and deleted AirBNB and UBER) because they are US companies
I have some unfortunate news about this website you find yourself on, my fellow HN user.
not paying here for anything, so totally cool with it
DyslexicAtheist commented on Streaming services are driving viewers back to piracy theguardian.com/film/2025... · Posted by u/nemoniac
i for I, ... quit Netflix and Prime (and deleted AirBNB and UBER) because they are US companies, and second ... all of what ryandrake said https://news.ycombinator.com/item?id=44906021
He is, but many heads of state already declared they are going to ignore that should Netanjahu fancy a visit.
The hypocrisy is stunning.
you say "many" but other than "fotzenfrize" Merz who declared this?