krylon (u/krylon) - Readit News

krylon commented on SystemD Service Hardening roguesecurity.dev/blog/sy... · Posted by u/todsacerdoti

these Hardening variables have been discussed some years back[1].

this will not take off I'm afraid, because locking these unitfiles down is offloaded to the end-user (I've yet to see maintainers embrace shipping locked down files). Maybe they will? But this same approach hasn't worked with apparmor so why should it work with systemd? Who will do the job?

If you consider apparmor maintainers provide skeleton-templates in many cases that will make the parser stop complaining. ("look I have a profile so apparmor shuts up, but don't take too close a look OK")

Then there is firejail, which some argue[2] is snake-oil considering the high level of administrative glue compared to its massive attack-surface (also it's a setuid binary).

I didn't mention SElinux since I don't know a single person who had the joy (or pain depending on perspective) of working with it. But again, seems the expectation to implement security with it is shifted to the user.

[1] https://news.ycombinator.com/item?id=22993304

[2] https://github.com/netblue30/firejail/issues/3046

krylon · 10 days ago

I vaguely recall looking at the slides from a talk on OpenBSD's approach to this topic, which came down to (paraphrasing from hazy memory) "if it can be disabled, people will disable it; if it needs to be configured, people won't configure it".

krylon commented on Debian 13 “Trixie” debian.org/News/2025/2025... · Posted by u/ducktective

thiht · 19 days ago

Curious, why not use your phone for both these use cases? Seems like it would be even more convenient

krylon · 18 days ago

I do use the phone for audible, but I started both uses before I had a smart phone (I was very late to the game), and I am a creature of habit. Plus the netbook has a bigger display, more storage, and a real keyboard (again, creature of habit).

krylon commented on Debian 13 “Trixie” debian.org/News/2025/2025... · Posted by u/ducktective

anthk · 19 days ago

OpenBSD runs perfectly fine. Atom netbook, n270, 1GB of RAM, cwm+git dillo (plus DPI plugins), mpv+yt-dlp.

My ~/.config/mpv/config:

    #inicio

    ytdl-format=bestvideo[height<=?480][fps<=?30]+bestaudio/best

    vo=gl

    audio-pitch-correction=no

    quiet=yes

    pause=no

    vd-lavc-skiploopfilter=all

    demuxer-cache-wait=yes

    demuxer-max-bytes=4MiB

    #fin

My ~/yt-dlp.conf

    #inicio de fichero
    
    --format=bestvideo[height<=?480][fps<=?30]+bestaudio/best
    
    #fin de fichero

For the rest, I use streamlink from virtualenv (I do the same with yt-dlp) with a wrapper at $HOME/bin:

yt-dlp wrapper

    #!/bin/sh
 
    . $HOME/src/yt-dlp/bin/activate
    
    $HOME/src/yt-dlp/bin/yt-dlp "$@"

streamlink wrapper

    #!/bin/sh
    
   . $HOME/src/streamlink/bin/activate
   
    $HOME/src/streamlink/bin/yt-dlp "$@"

To install streamlink

       mkdir -p ~/src/streamlink

       cd ~/src/streamlink

       virtualenv .

       . bin/activate

       pip3 install -U streamlink

The same with yt-dlp:

      mkdir -p ~/src/yt-dlp

      cd ~/src/yt-dlp

       virtualenv .

      . bin/activate

      pip3 install -U yt-dlp

On the rest, I use mutt+msmtp+mbsync, slrn, sfeed, lynx/links, mocp, mupdf for PDF/CBZ/EPUB, nsxiv for images, tut for Mastodon and Emacs just for Telegram (I installed tdlib from OpenBSD packages and then I installed Telega from MELPA).

Overall it's a really fast machine. CWM+XTerm+Tmux it's my main environment. I have some SSH connection open to somewhere else at the 3rd tag (virtual desktop), and the 2nd one for Dillo.

krylon · 19 days ago

Thank you very much!

krylon commented on Debian 13 “Trixie” debian.org/News/2025/2025... · Posted by u/ducktective

dschuessler · 19 days ago

Out of curiosity, what do you use these netbooks for?

krylon · 19 days ago

One sits in my bathroom so I can browse random Wikipedia articles while I'm, uh, busy. The other one sits on my nightstand and plays audiobooks/podcasts when I'm going to sleep.

So nothing critical. But something they are still good at, and being very small makes them a natural fit for these use cases.

krylon commented on Debian 13 “Trixie” debian.org/News/2025/2025... · Posted by u/ducktective

krylon · 19 days ago

As an owner of two i386 systems (both netbooks built around Intel's Atom N270), that run Debian, I am a little sad. I understand the reasoning, and I won't deny it is a very niche platform by now. But I had hoped Debian, with a history of supporting a wide range of platforms, would keep i386 going for a while longer.

Fortunately, bookworm will continue to receive updates for almost 3 years, so I am not in a hurry to look for a new OS for these relics. OpenBSD looks like the natural successor, but I am not sure if the wifi chips are supported. (And who knows how long these netbooks will continue to work, they were built in 2008 and 2009, so they've had a long life already.)

EDIT: Hooray, thanks to everyone who made this possible, is what I meant to say.

krylon commented on Stdio(3) change: FILE is now opaque undeadly.org/cgi?action=a... · Posted by u/gslin

brokencode · a month ago

Yes, it would not be sane to depend on implementation details of something like this.

But the sad reality is that many developers (myself included earlier in my career) will do insane things to fix a critical bug or performance problem when faced with a tight deadline.

krylon · a month ago

Such is life, yes.

krylon commented on Stdio(3) change: FILE is now opaque undeadly.org/cgi?action=a... · Posted by u/gslin

bitwize · a month ago

Hyrum's Law applies: the API of any software component is the entire exposed surface, not just what you've documented. Hence, if you have FILE well-defined somewhere in a programmer-accessible header, somebody somewhere can and will poke at the internal bits in order to achieve some hack or optimization.

krylon · a month ago

OTOH, yes.

OTOH, when coding, I consider FILE to be effectively opaque in the sense that it probably is not portable, and that the implementers might change it at any time.

I am reminded of this fine article by Raymond Chen, which covers a similar situation on Windows way back when: https://devblogs.microsoft.com/oldnewthing/20031015-00/?p=42...

krylon commented on Ask HN: Any active COBOL devs here? What are you working on? · Posted by u/_false

TechDebtDevin · a month ago

<16-colors IBM z/OS host terminal

This hasn't been virtualized?

krylon · a month ago

They're probably using a 3270 emulator on a PC, but that emulator will still display 16 colors.

krylon commented on Wttr: Console-oriented weather forecast service github.com/chubin/wttr.in... · Posted by u/saikatsg

krylon · a month ago

I really appreciate this service.

Worth pointing out, maybe, that there is an emacs package, too - more than one, actually, the one I am using (occasionally, at least) is https://github.com/cjennings/emacs-wttrin which is available from melpa.

krylon commented on Show HN: Goldbach Conjecture up to 4*10^18+7*10^13 medium.com/@jay_gridbach/... · Posted by u/jay_gridbach

jay_gridbach · 4 months ago

I respect you have learnt a lot of programming languages throughout of your career.

krylon · 4 months ago

My knowledge of most of these is superficial or seriously outdated. Particularly OCaml, Haskell, and Rust (AND C++!!!) are not languages I would claim to really "know". When I was younger, I tried to get to know as many languages as possible, at least in passing, but I have not used many of these in a professional context.