Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
Lennart Poettering Profile picture
@pid_eins
Apr 4, 2019 5 tweets 2 min read Read on X
So, there appears to be a free software project called "suckless". As I understand it's a group of people who don't like systemd very much. Which is totally fine. What is a bit questionable though is that they keep spamming me with unsolicited invites to their confs, … 1/4
… but I guess that's their kind of humour, and I can certainly tune my spam filter to match this kind of spam, too. What totally isn't fine though, is that these mails originate from a host called "wolfsschanze" (paste.fedoraproject.org/paste/3udw8~w6…), which appears to be the laptop a … 2/4
certain Laslo Hunhold works from (their conf organizer?). Don't they understand that adopting such a form of Nazi symbolism just makes it easier to discount their work? (BTW, just to mention this in this context since it fits into the milieu: … 3/4
this kind of of stuff gets posted onto the Devuan mailing lists: lists.dyne.org/lurker/message…) 4/4
The message has since been deleted from the Devuan archives (aren't those people usually against any form of "censorship"?), but the Internet Archive doesn't forget:
web.archive.org/web/2019040415…

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Lennart Poettering

Lennart Poettering Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @pid_eins

Lennart Poettering Profile picture
May 16, 2022
@josefbacik To my knowledge none of btrfs/xfs/ext4 give any guarantees against rogue file systems. If you want to build an offline secure system its essential the storage is so simple and dumb that it has an absolutely minimal attack surface.
@josefbacik On fuchsia the bootloader already reads kernel+initrd from blobfs, and its straightforward, because the fs is so simple... I.e. it provides exactly what you need for an offline secure OS (i.e. storage of verifiably immutable blobs, referenceble by some short handle)
@josefbacik But not more. No file names, no complex allocations, and so on. On btrfs/xfs/ext4 otoh the attack surface is so big you'll have auch harder time to lock things down, so that an attacker cannot exploit the btrfs reader implementation. But of course, you are the btrfs guy, so my q:
Read 4 tweets
Lennart Poettering Profile picture
May 12, 2022
On Linux `struct sockaddr_un` only accepts an AF_UNIX file system path of max length 108ch. Which ends up to be quite limiting for apps building socket paths from `$XDG_RUNTIME_DIR` and similar. So, here's a work-around to avoid this limit, and enjoy your AF_UNIX sockets with…
…full Linux path length: open the socket node first with `open(…, O_PATH)`. And then use the path `/proc/self/fd/<fd>` (with `<fd>` replaced by the fd number you just got) in the `struct sockaddr_un` structure. This you can use directly in connect(). Yay! That's only half the…
…story though, after all we also want to bind() to such a path. The work-around for that is a bit more involved: determine the parent directory of the AF_UNIX node you want to create. Then create a symlink under a random name in /tmp/, pointing to it.
Read 6 tweets
Lennart Poettering Profile picture
Jun 30, 2021
What I find quite irritating about the whole TPM2 + Windows11 discussion, and the supposed advantage of Linux given that Linux generally doesn't use TPM2 is that that's hardly a good thing, but a big missed opportunity. The state of offline security on the…
…classic, traditional Linux distributions is sad. Even though we have all the building blocks for SecureBoot, TPM2, disk encryption, disk integrity checks in place, the way the typical Linux distributions use them is just sad. The only two facets typically deployed on typical…
…Linux installations are SecureBoot integrity checks covering the kernel image itself and then LUKS encryption covering the root fs. This leaves a major gap in between though: the initrd which is generated dynamically on the host and entirely unprotected, making it trivial to…
Read 12 tweets
Lennart Poettering Profile picture
Apr 19, 2021
Unbelievable, just lost 6h of my life to Linux fs API "misdesign". So let's say you have a disk image file with an ext4 fs, it's read-only, you want to mount it read-only. So you read-only attach it to a loopback device (i.e. O_RDONLY open + LO_FLAGS_READ_ONLY). Because you are…
…extra careful you even check with BLKROGET and yes, it tells you: this block device is read-only. So you go on, and mount it read-only, i.e. mount() with MS_RDONLY. One would assume because everything in this chain was explicitly done read-only frickin' ext4 wouldn't modify…
… the original file. Ha, you are so naive, of course it does! All these read-only flags don't matter a thing, ext4 writes whenever it wants to. Read-only access is for wussies, real kernel code doesn't care about explicitly specified flags on every level. ext4 doesn't, …
Read 6 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us!

Send Email!

:(