jean_dupont (u/jean_dupont)

jean_dupont commented on Show HN: Boulette - Protect you from yourself (even as root). github.com/pipelight/boul... · Posted by u/jean_dupont

hn92726819 · a year ago

Isn't this a little over engineered? You can accomplish the same thing with a 5-line bash script. put protect.sh somewhere in your path:

    #!/bin/bash
    if [[ $SSH_TTY ]]; then
        read -p 'You are in SSH. Are you sure (enter hostname for yes)? '
        [[ $REPLY == $(hostname) ]] || exit 2
    fi
    exec "$@"

Then in your bashrc or zshrc:

    alias shutdown='protect.sh shutdown'
    alias reboot='protect.sh'
    alias sudo='sudo ' # Don't allow sudo to bypass the protection. Can do the same with doas

jean_dupont · a year ago

Unfortunately we have to detect nested sessions too! When doing sudo -i, the $SSH env var can't be retrieve and we have to browse through the process tree and look for sshd. And we need fancy printing with colors too!

jean_dupont commented on Show HN: Boulette - Protect you from yourself (even as root). github.com/pipelight/boul... · Posted by u/jean_dupont

rafram · a year ago

Why does it take the command as a single string argument? Seems like it would make more sense to take it as an argument list, like other "wrapper" commands like sudo, nohup, etc., do.

jean_dupont · a year ago

It just didn't cross my mind! You've got a point here! I'll rethink the argument parsing.

jean_dupont commented on Show HN: Boulette - Protect you from yourself (even as root). github.com/pipelight/boul... · Posted by u/jean_dupont

oslem · a year ago

I’ve tried using iTerm2’s automatic profile switching feature to adjust the theme depending on the connection, but I’ve never been able to get it to work reliably.

jean_dupont · a year ago

I think such a thing can be achieved easily with the starship prompt!

jean_dupont commented on Show HN: Boulette - Protect you from yourself (even as root). github.com/pipelight/boul... · Posted by u/jean_dupont

bityard · a year ago

This says it's inspired by molly-guard (which I love and install everywhere and has saved my bacon countless times) but I don't see what's different about it? Molly-guard is a single `apt install` away with no further config needed.

Also, the problem with a Y/N question is that when you are bored and/or in a hurry, you only skim the question and muscle memory takes over, and you hit Y and then you realise a few seconds later that you rebooted the wrong machine. This is why molly-guard makes you enter the hostname of the host you want to shut down.

jean_dupont · a year ago

You can set the challenge type to hostname as well and some others. The only pb with Molly-guard is that I can't have it working properly on my system.

jean_dupont commented on Show HN: Boulette - Protect you from yourself (even as root). github.com/pipelight/boul... · Posted by u/jean_dupont

ale42 · a year ago

I'm using molly-guard (htps://salsa.debian.org/debian/molly-guard, mentioned on Boulette's github btw as inspiration) since years for this after I've remotely shut down our file server thinking I was on another tmux pane. It saved me once or twice since. Btw, molly-guard doesn't require setting up aliases.

jean_dupont · a year ago

Yes! Molly guard is genius! Unfortunately I couldn't get it to work on nixos which is not FHS-complient!

jean_dupont commented on Show HN: Boulette - Protect you from yourself (even as root). github.com/pipelight/boul... · Posted by u/jean_dupont

frizlab · a year ago

It’s the “Do you want to share XXX” popup all over again. Once you get used to see it, it will be a part of the shutdown command (to take the example in the readme).

jean_dupont · a year ago

Hahaha, yes I thought of it while writting it! This is a crazy annoying terminal popup! But it can maybe be useful if used correctly and with parsimony

jean_dupont commented on Show HN: Boulette - Protect you from yourself (even as root). github.com/pipelight/boul... · Posted by u/jean_dupont

frizlab · a year ago

This for the case where you think you type it locally but are actually typing it remotely. But I’d personally never type this locally so this use case is not convincing at all for me.

jean_dupont · a year ago

This! Another use case: I use it on nixos-rebuild to update the system, when I don't want to rebuild from tiny hosts but rather from a powerfull machine and then send binaries,because it would take to much time to compile otherwise.

jean_dupont commented on Show HN: Boulette - Protect you from yourself (even as root). github.com/pipelight/boul... · Posted by u/jean_dupont

tln · a year ago

Running "shutdown" on remote hosts isn't something I have ever needed to do routinely.

Is this for ephemeral dev boxes? Does shutdown suspend billing on AWS/cloud type hosts?

jean_dupont · a year ago

Boulette isn't only for safeguarding "shutdown", it is for safeguarding what needs to be. This is to prevent yourself from some harmeful reflexes.

I my case, I use atuin a lot and automatically retype long commands and sometimes as root.

The regularity of this actions tend to lower my attention, but the fact that many users depend on what I do on big machines and with lots of priviledges isn't less true.

Danger comes from getting used to it.

Posted by u/jean_dupont a year ago

Show HN: Boulette - Protect you from yourself (even as root).github.com/pipelight/boul...

Posted by u/jean_dupont a year ago

Show HN: Pipelight triggers – My Git hooks in a single file pipelight.dev/guide/trigg...

u/jean_dupont

KarmaCake day41November 24, 2023

About

A great power lays in developers hands. One should bend the metal to its will to shape a better future for the generations to come.

View Original