- 0 Posts
- 30 Comments
maybe try to find a linux user group near where you live. if there is one, usually you get help there, but its usually kinda different sort of help, you don’t get “the solution” to get your personal whishes come true ready prepared in bite-sized piezes for easy consumption but just the help by advices or suggestions that those there can give you or directly would try out.
open source is about sharing knowledge and todays mainstream OS distributions are way more complicated than long ago so the learning curve to adjust things in ways the distribution didn’t prepare (which is often a lot) might be high but always worth a try at least for the learning.
for a lightweight desktop environment that is somehow similar to the old windows98, i’ld say give XFCE a try. i think on debian/ubuntu trying out could be as easy as installing the xfce (or xfce4?) package (or maybe an xfce4-desktop-environment paclage) i don’t remember the exact package name but there is one meta package that depends on all needed stuff, i did it like 4 years ago… when installed you could try it by logging in and (your distro should have a login manager that allows this, or you’ld have to change that too) choosing xfce as desktop environment at login time, thus if you don’t like it, logout again and login with the other again.
i am using xfce because it is clean, lightweight, it does its job, does not invent new unneeded features every few month (like it felt when i used kde long ago) and is adjustable enough for me. i removed the lower task bar and put the open windows components into the bar above adjustedbthat a bit, thats basically what i changed and i think it is quite similar to what win98 was (but thats not the reason for me to have it that way)
also, it is possible to change the window manager (that handles how windows are placed), the desktop manager (like task bar, application menu, maybe widges, logout buttons) and of course also one could change x.org to wayland and back without changing the other components. the login window could come from gnome project but after login one could use a complete different projects toolset.
“can” does not mean that every distro makes that an easy task. also mixing things will likely end in a fuller disk for lots of “needed” components that are maybe mostly unused. (i think i once used gnome but installed kde only for their printing dialog *lol)
when using the big distributions it is likely that no 3rd party downloads are needed to try other window managers or desktop environments, maybe search for such keywords in aptitude , apt search, or such. but new fancy stuff also often first comes from unknown 3rd party websites (or git*.com which is the same security risk as 3rd party websites) before it gets into main repositories after years (or maybe even never)
Closest thing I found was TwisterOS. […] and the fan in my case stops working. Aye-yi-yi!
maybe “TwisterOS” tries to invent air movement by software? it might be a random unrelated incident and the fan is simply broken, it might also be that it enabled some fan control and the fan would start if you only heat up the system enough which might not happen with a lightweight distro and the maybe not cpu consuming programs you use (?). “stress” is a program that could artificially create such cpu consumption for testing (but with a broken fan it might be not a good idea to actively and unnecesarily heat up the cpu, but also cpus usually have failsafe shutdown mechanisms so they dont overheat but that might be like a sudden power down so maybe expect unsaved work to just vanish) another test could be to just give the fan another power source and see what happens, and put abother fan that works in place to see if that changes something
You can use
also there is:
./configure && make && make install
just to mention ;-)
16·1 month agoi am from the west and perceive the west as an ever-ongoing aggressor and war driver full of poisonous lies and false promises even against their own people. some of those war driver regimes even have monuments that publicly show-off their inner and outer brutish lawlessness to never give back to their rightful owner a once stolen land.
i perceive countries that took land by force and did’t give it back to their rightful owners for decades as invadors, no matter how much they like to see themselves as the “help” against “other” invadors. in fact just wanting to be seen as the good ones for things they do worse in other places actually makes them even worse again.
i don’t see russia to ‘like’ to invade, in fact they have left countries before, something other invaders don’t do. in fact russia sometimes even sells countries for cheap amount of money to nations that still lack civilisation and need to develop themselves to become civilised (like to actually abolishing slavery or such), i guess that selling that country to a slavery-liking nation was russia’s biggest crime until today.
also if russia really 'like’s to invade, they’ld already have done it way earlier in ukraine, and in general way more often, maybe as often as the us does and maybe then finding the same foul excuses like the us always does, but what i perceive instead is a LOT of propaganda in the west, so that i genuinely cannot really tell lots about russia these days but only about the crimes the regime here obviously commits inside as well as outside.
getting their asses handed to them
Are you talking about hawaii? that was not “handing” to the us, that was afaik forced by terror from the US against the hawaiian nation to surrender to the biggest threat to them and since then.
unfortunately all historical facts do not help that easily against false narrative imprinted opinions in brainwashed slaves.
92·2 months agoads with install buttons always are traps. and traps are always bad (except snmp traps, those are good but unreliable)
same way ads at download pages stating “proceed to download” are traps.
also ads at search result pages stating " 1 2 3 4 … next" are traps too.
for the “sponsored” note: there is no boundary here that makes it really clear for what that ‘sponsored’ is meant for. without any boundary it could be for something above it, below it, on the side or maybe even something that opens when you click on “sponsored” itself (seen it this way once). it could be for an ad that just failed to load (noticed the free space above that “sponsored” text? maybe the ad loads a bit later just to shift the real contents down so you “accidently” click on the ad that loads intentionally late for this very accident to be likely to happen?) if you use adblockers - which you should do for security reasons anyway - then you’ll see “sponsored” or “advertising” often even without the ad it was meant for after full load of the page. so a single “sponsored” without a clear boundary showing what would be that sponsored content, does not state anything to be an ad, it is purely meaningless and the lack of such boundary always is intentional to distract the user from what he wanted and trap him somehow.
a clear thumbs-down for ‘zoho assist’ from me here just for paying for (or trying out for free or such) such an advertising type.
And in most cases ads simply beeing ads are traps too. by the very concept of ads.
around 80 % of all things i actually still wanted after i bought them were recommendations by people i met in person. 15 % are things recommended by real persons i met on the internet. around 5% are things i bought without it beeing recommded by anyone (not even an ad) things i still wanted after i bought it due to an ad are nearly not existant. ok, i have stopped viewing television in 1997, have a sticker at my postbox that forbids to throw ads in (works where i live), use dns entries to remove most ads in my network, use browsers/extension that remove most crapjunkwastelitterrubbishads and skip webpages that still show too many ads or too offensive cookieterrorbanners. i use google search only sometimes for comparison of results, but near to zero for actual searching. i feel safe to say i am not that much distracted by ads. (however open source projects and authors do get money from me on a monthly basis, where i want to support them, either direct lly sent from my bank account or indirect).
for me personally an ad just saying “you might like this” drives me away from that product, if it needs or wants an ad, i don’t want it, even more so the more it states how difficult and horrible my life would be without the product or how easy it’ll be with it, go away ad-needing products, get recommended personally by those who actually use it, not by those who want to sell it. period. there is no better ad than true recommendation and its also free, no marketing monkey needs to get payed for bs, only an actually good product is needed… and there we go what types of products actually need ads…
once in my life i discovered a product that i first explicitly not bought for a decade because of the awful ad for it, but bought it another decade later by an absentminded accident and found it to be a good product despite its awful ad. then they increased packaging/reduced the product within to cover up a price increase in trade of more waste production, so i abandoned that product again and found something cheaper more eco friendly instead, yes, the cheaper one is really not as good, but i feel better with it and especially less betrayed by the vendor, so the eco one is the better one alltogether. and also i think its better to buy products where you don’t see ads for cause this behaviour could actually fix this advertising storm in the long run, so in this way its the better choice to buy products that don’t have ads for it.
again:
An ad with an install button is always a trap, even more so when the real install follows a single misclick on it. il’d say it would be quite fair to downvote/zerostars an app for how foulish-sneaky it was positioned in the search results if it is shown like an actual result with a f’ing install button. as its advertising type is always also part of the brand and the product itself. maybe make a sports out of that, klick the clickbait install buttons only to downvote the app for beeing intrusive and deinstall it again without even starting the app once, just to train advertisers to do it right instead of wrong next time. maybe. but for security reasons better don’t do that (at least not with a device with sensitive data on it)
please do not blame users to fall for ads. advertising industry now had centuries to learn to trap users and literally thousands or millions of marketing guys, designers, psycologists, neurologists or whatever only to learn and establish new abusive ways to distract and trap users. but a user only has his own lifespan to counteract that and learn to avoid those manipulations, and he also has to do other important stuff in his life too.
please don’t blame users for beeing humans. blame the industry where they are intentionally abusive, inhumane and/or counterproductive.
maybe there was a mixup of individual datapoints and individual persons.
lets see if that could fit.
as far as i read things in this thread, the whole security is based on exactly these datapoints: Full Name, Date of Birth and SSN (three datapoints) plus username and password for 3 sites (six datapoints) makes 3+6= 9 datapoints per person.
2.9 billion (us) should be 2.900.000.000 (correct me if i’m wrong, but where i live one “billion” is actually “1.000.000.000.000” thus a “bit” more)
divided by 9 those 2.9billion would be ~ 320 million.
on wikipedia they say the us had 331 million people in 2020…
that would fit like an ass on a bucket! lol just to mention that.
have a nice day!
i once heared something like this:
“the idea of having more than those who have nothing is the very only reason shareholders can ever imagine someone would work for at all, thus they also falsely believe they would do something good when enforcing this by removing everything from those who already are vulnerable and thus create a living example of how you would end when you don’t help them rob even more.”
at least no one ever returning from a forest said a mushroom had killed him.
a public room is public. anyone could and should be able to enter it at any moment start recording and uploading everything to $terrorist@/or$three-letter-agency or such. The idea that someone else could also get the same already public data later is not threatening, as that data is already considered public as in “everyone in the world could have it a second after the data came into existance”. and also as removing from the public is not considered possible, uploading that already intentionally published data again does not pose a greater threat than its first publication, but uses just a bit of bandwidth, not more. if you are very sensitive about visibility of who you talk with, maybe don’t enter “public” rooms in the first place.
if you join a private room, you already want to share with the other participants that you are f***ing talking to them, including when and who you exactly encrypted the data for, when, and to which servers they have to be forwarded. i expect the server of all participants to forward messages to the recipients. for this the server needs to know this type of information. Of course awareness, which data is used to make i.e. routing decisions is a good thing, but a “nightmare” would be teams zoom icq, whatsapp and similar. i am sure that messengers exist that could be less traceable for participants, but full anonymity to who you are communicating with so that even the servers know nothing about what happens in a room is imho not even a goal of matrix for the future.
Not a “nightmare”, but what a nightmare it must be to find out that a system that looked so promising did not fulfill “every” dreamexpectation one had with options that are even the opposite of ones dreamexpectation like “public rooms”. that are meant to be public! how horrible!!!(lol)
by the way -as it seems possibly noteworthy here - if you exchange emails with someones @gmail address, then google has all of your mail histories metadata, as well as the server of your provider has. just to mention, do not send emails to @gmail.com if you dislike google knowing about it. and if you share a document with edit history, then the edit history is likely also shared ;-) As “rooms” in matrix are meant to have a state that changes from the beginning sometimes possibly with every message and one can answer to a message which would reveal the existance of that message later when answered on, including at least a hint of what it was about, such information is imho meant to to be rather complete than hidden. maybe 1:1 chat solves this issue for you, as every chat with a new other person would start empty.
i might be wrong, but matrix already is one of the most robust systems when it comes to “compromised servers”. so very far away from a nightmare. that is unless you are either a true criminal bastard or a true world saving hero, then every leaked byte might be the deadly one, that is true.
So in case you are a true world saving hero: Maybe use a self build raspberry pi mesh proxy chain mounted on rooftops delivered by drones at night to proxy the signal of an in-memory-only-tasks-raspi to a free wifi, where the raspi that has its orders is using battery (like the rooftop proxy chain) but is hidden in a public transport to reach the proxy mesh by the transportations timetable. just to give a paranoic one some ideas and some work to do ;-) If you’ve build everything, then upload the code to github and designs to thingiverse so that “anyone” could have placed the proxy mesh to a free wifi on the rooftops, so you be more secure from beeing suspected ;-) lol btw a mesh system to accomplish this already exists, i think they named it b.a.t.m.a.n. (no joke) protocol, so the main struggle should be handling of solar power vs wifi signal strength, distances, humidity and windproof mount design beeing able to be deployed by manually controlled quadrocopters. good luck!
that a moderately clever human can talk them into doing pretty much anything.
besides that LLMs are good enough to let moderately clever humans believe that they actually got an answer that was more than guessing and probabilities based on millions of trolls messages, advertising lies, fantasy books, scammer webpages, fake news, astroturfing, propaganda of the past centuries including the current made up narratives and a quite long prompt invisible to that human.
cheerio!
it might take ages for her to choose the right boots for rebooting ;-)
if your wife wasn’t vi-impressed, maybe she already is vi-improved ;-)
hm you have a point that it might not have been removed completely, but the problem with that point that i personally have is that this reached me too late to just believe it was really never removed. For some reasons i would not believe blindly in “evidences” that are in control of the one that is in question and could manipulate it later for such claims and also was experienced to not be trustworthy for what they say…
saying that, there are ways to check if something was there at a time or not. the one source i know that could help here only seems to store records from 29th jun 2023 18:44:33 onwards which is too late for this.
https://web.archive.org/web/20240000000000*/https://abc.xyz/investor/google-code-of-conduct/
you are right, it does not make a difference in if they can be trusted, but it makes a difference in why not and what to expect if you do so despite the red flags or -as a gov- just let things go on. A person who by accident was speeding should maybe be treated differenrly than a person who intentionally(!) does so while risking others lifes. and what would be more proof of intention than a written statement or removed canary? thus such a statement does make a difference in terms of they just cannot handle their stuff, don’t care at all or maybe even have evil intentions.
examples:
some kids making a fire in the forest cause they don’t know the risks
vs.
some young adults making a fire in the woods cause they just don’t care despite knowing the risks
vs.
a company making fire in the woods because its cheaper to do stuff there and they lack the resouces to do it safe and someone else will pay the firefighters anyway.
vs.
a company stating to want to do so cause they like it despite they could afford doing it secure but just no one could or would sue them anyway.
while i don’t want to say google is like no.4 here, to me these examples all make huge differences, no matter if the woods actually cought fire or not.
my idea currently is to finish some projects that have priority and afterwards then look for lineage os on raspberry pi, combined with gsm modem and maybe a gps module, all powered by a slim powerbank. might make up a huge bulky phone but i almost want to start building it now. On the other hand if i wait until my other projects are finished, the whole thing might be ready made available for self assembly…
12·6 months agoafter looking at the ticket myself i think the relevant things IMHO are:
- a person filed a bug report due to not seeing what changes in the new version caused a different behaviour
- that person seemed pushy, first telling the dev where patches should be sent to (is this normal? i guess not, better let the dev decide where patches go or -in this case- if patches are needed at all), then coming up with ceo style wordings (highly visible, customer experience of untested but nevertheless released to live product is bad due to this (implicitly “your”) bug)
- pushiness is counterparted by “please help”
- free-of-charge consulting was given by the one pointing to changes likely beeing visible in changelog (i did not look though) but nevertheless it was pointed out to the parameter which assumes RTFM (if docs were indeed updated) that a default value had changed and its behavior could be adjusted by using that given parameter.
up to there that person -belonging to M$ or not (don’t know and don’t care) - behaved IMHO rather correctly, submitting a bug report for something that looked like it, beeing a bit pushy, wanting priority, trying to command, but still formally at least “asking” for help. but at that point the “bug” seemed to have been resolved to me, it looks like the person was either not reading the manual and changelog, or maybe manual or changelog lacks that information, but that was not stated later so i guess that person just did not read neither changelog nor manual.
instead - so it seems to me - that person demanded immediate and free-of-charge consulting of how exactly the switch should be used to work in that specific use case which would imply the dev looks into the example files, maybe try and error for himself just so that that person does not need to neither invest the time to learn use the software the company depends on, nor hire a consultant to do the work.
i think (intentional or not) abusing a bug tracker for demanding free-of-charge enduser consulting by a dev is a bad idea unless one wants(!) to actively waste the precious time of the dev (that high priority ticket for the highly visible already live released product relies on) or has even worse intentions like:
- uploading example files with exploits in them, pointing to the exact versions that include the RCE vulnerability that sample file would abuse and the “bug” was just reported cause it fits the version needed for exploitation and pressure was made by naming big companies to maybe make the dev run a vulnerable version on it on his workstation before someone finds out, so that an upstream attack could take place directly on the devs workstation. but thats just creating a fictive worst case scenario.
to me this clearly looks like a “different culture” problem. in companies where all are paid from basically the same employer, abusing an internal bug tracker for quick internal consulting would probably be seen as just normal and best practice because the dev who knows and is actually working on the code is likely to have the solution right at hand without thinking much while the other person, who is in charge of quick fixing an untested but already live to customers released product, does not have sufficient knowledge of how the thing works and neither is given the time to learn or at least read changelogs and manual nor the time to learn the basics of general upstream software culture.
in companies the https://en.m.wikipedia.org/wiki/Peter_principle could be a problem that imho likely leads to such situations, but this is a guess as i know nobody working there and i am not convinced that that person is in fact working for the named company, instead in that ticket shows up a name that i would assume to be a reason to not rely too much about names in the tickes system always be realnames.
the behaviour that causes the bad postings here in this lemmy thread is to me likely “just” a culture problem and that person would be advised well if told to learn to know the open source culture, netiquette etc and learn to behave differently depending on to who, where and how they communicate with, what to expect and how to interact productively to the benefit of their upstream too, which is the “real price” all so often in open source. it could be that in the company that rolled out the untested product it is seen to be best practice to immediately grab the dev who knows a software and let him help you with whatever you can’t on your own (for whatever reason) whenever you manage to encounter one =]
i assume the pushyness could likely come from their hierarchy. it is not uncommon that so called leaders just create pressure to below because they maybe have no clue of the thing and not want to gain that clue, but that i cannot know, its just a picture in my head. but in a company that seems to put pressure on releasing an untested product to customers i guess i am not too wrong with the direction of that assumption. what the company maybe should learn is that releasing untested and/or unfinished products to live is a bad habit. but i also assume that if they wanted to learn that, they maybe would have started to learn it like roundabout 2 decades ago. again, i do not know for what company that person works -or worked- for, could be just a subcontractor of the named one too. and also could be that the pushyness (telling its for m$, that its live, has impact to customers etc) was really decided by someone up the latter who would have literally no experience at all on how to handle upstream in such situations. hierarchies can be very dysfunctional sometimes and in companies saying “impact to customers” sometimes is likely the same as saying “boss says asap”.
what i would suggest their customers (those who were given a beta version as production ready) should learn is that when someone (maybe) continously delivers differently than advertised, that after some few times of experiencing this, the customer would be insane when assuming that that bad behaviour would vanish by pure hope + throwing money into hands where money maybe already didn’t help improving their habits for assumingly decades. And when feeding everhungry with money does not resolve the problems, that maybe looking towards those who do have a non-money-dependant grown-up culture could actually provide more really usable products. Evaluation of new solutions (which one would really be best for a specific usecase i.e.) or testing new versions before really rolling them out to live might be costly especially when done throughout, but can provide a lot of really high valueable stability otherwise unreachable by those who only throw money at shareholders of brands and maybe rely on pure hope for all of the rest. Especially when that brand maybe even officially anounced to remove their testing department ;+) what should a sane and educated customer expect then ? but again to note, i do not know which companies really are involved and how exactly. from the ticket i do not see which company that person directly works for, nor if the claim that m$ is involved is a fact or just a false claim in hope for quicker help (companies already too desperate to test products before live could be desperate again in need for even more help when their bad habits piled up too long and begin falling on their heads)
the xz vulnerability was done through a superflous dependency to systemd, xz was only the library that was abused to use systemd’s superflous dependency hell. sshd does not use xz, but systemd does depend on it. sshd does not need systemd, but it was attacked through its library dependency.
we should remove any pointless dependencies that can be found on a system to prevent such attacks in future by reducing dependency based attack vectors to a minimum.
also we should increase the overall level of privilege separation where systemd is a good bad example, just look at the init binary and its capability zoo.
The company who hired “the” systemd developer should IMHO start to really fix these issues !
so please hold your “$they have fixed it” back until the the root cause that made the xz dependency level attack possible in the first place has been really fixed =)
Of course pointing it out was good, but now the root cause should be fixed, not just a random symptom that happened to be the first visible atrack that used this attack vector introduced by systemd.
All who could have an idea of what to do with it could seek a way to get that data out of every company or gov that have it for their specific reasons, no matter if data was collected lawful or not, or if access to the data is then lawful or not.
- search for source of evidences on crime scenes: if one of your relatives happened to have been (related to crime or just bad luck) at a place where later on some evidence was collected, you might cause trouble for them bcs your data is very similar to theirs and that is obvious to laboratories. depending on the the “later on” current state of technology it could affect relatives more than two or three steps away from you. if you live in a country where law enforcement gives a shit about truth and just seeks for one argument to punish just anyone they can point a finger at, that could become a huge problem for the whole family then just because there was data that could have been abused.
- illegal organ traders could - once they have access to your data - think you or your relatives could be a source of nice income if a client of theirs happen to pay enough. however you will probably never know as the illegal organ traders are unlikely to ring the doorbell to ask nicely for a contract. How much do you think would a richie in personal needs pay for “spare parts” if those who deliver them wants him to just never ask where it came from ? does it matter if such organ teaders could know a “compatible match” by data only? maybe not because they might know tomorrow or someone might put up an AI to do the matching (does it matter if that matching by AI is correct then? i guess such traders don’t really care and their customers probably, but wouldn’t that be possibly too late then?)
For me the latter is actually enough to not willingly give my DNA data to anyone. for no reason. gov might already have it (covid probes had been collected and frozen at least) but actively pushing your data out inzo the world would be insane IMHO.
Laboratories often use Microsoft Windows, Microsoft Active Directory and Microsoft Exchange, thus i personally see no reason to NOT believe that any data they have received once in time would - sooner or later - end up rotating uncontrolled in the hands of uncountable criminals waiting for any chance to make quick or huge money out of it.
sometimes the cat chooses you, sometimes you get choosen by the cat?