Seriously, I only have two DVD/CD drives, both are slot drive and choke on this. It's 2024 and I'm buying a tray-drive.

What am I supposed to do with this? Wrong answers only.

Tomorrow I'll be hosting a Linux Security Modules (LSM) BoF at LPC. If you have any LSM questions or a related topic to discuss, please join us!

https://lpc.events/event/18/contributions/1890/

#lpc #linux #lsm

Great write-up by @psychomario on a root privilege escalation toolchain which leverages DBus, CUPS, and WPA on Ubuntu: https://snyk.io/blog/abusing-ubuntu-root-privilege-escalation/

@ljs @vegard cardio? Is that a type of pasta?

Free livestream info is here: https://events.linuxfoundation.org/linux-security-summit-europe/attend/live-stream-information/#general

@ksaj the operations that a quantum computer are theorised to perform faster than a classical computer are well understood, so post-quantum cryptography chooses mathematical problems that are known to be hard even for a QC.

https://nap.nationalacademies.org/catalog/25196/quantum-computing-progress-and-prospects is a good and fairly comprehensive introduction to quantum computing for non-physicists :)

Please help us test OpenSSH ahead of the 9.9 release, due in a few weeks.

New features include a new post-quantum key exchange based on ML-KEM, improved controls to disallow unwanted connections and better performance for the existing PQ key exchange.

Full details at: https://marc.info/?l=openssh-unix-dev&m=172638834815257&w=2

@robpike @timbray wait until we have several generations of AI trained on AI generated material, and people have lost the ability to write on their own. Almost nobody will be able to discern AI vs. human.

Having worked on the kernel for decades, and imposing a lot of the same code/git hygiene for liburing, there can be a disconnect for contributors on what is expected of a commit and commit message, and what series of commits should look like. I attempted to provide a basic guideline here:

https://github.com/axboe/liburing/blob/master/CONTRIBUTING.md

and would appreciate feedback from folks on what I missed, what isn't clear, etc.

Four days to go!

RE: https://social.kernel.org/objects/d8ef1ebf-0dcc-4013-9590-8dfe13da27b3

Gonna be giving a talk "SLUB Internals for Exploit Developers" at @LinuxSecSummit next week.

Plan to cover the basics one needs to know before writing exploits for slab bugs; slides coming along 😁

Also gonna stay around for @linuxplumbersconf.

https://lsseu2024.sched.com/event/1ebVN

@josh after 15 years of TPMs and they becoming quite ubiquitious, I am still not seeing how they ever have been misused like this outside of theories and labs.

To me this appears to be mostly FUD from FSF/GNU.

I think if Linux OSes would actually start using TPMs properly, the net outcome for everyone would be *good*, and not bad. It would be much harder to gain persistence for an attacker, for example. And that's a massive benefit, for everyone.

@Catvalente I remember this from a previous decade. He is from a wealthy New England family, old-school Republican style. Also, he was responsible for linking Southern evangelicals to his father's campaign & the rest is history.

@mcc I think that's cocaine?

This is a real command that people type instead of grep:

Select-String -Path "C:\file\Path\*.txt" -Pattern "REGEX"

I've been using web-based email so much that I almost forgot how FAST a terminal client is, even Alpine, even over multiple SSH hops.

the debugging manifesto poster I've been talking about is finally available for sale! You can get it here for $20 US + shipping: https://store.wizardzines.com/products/poster-debugging-manifesto

it was redesigned and riso printed by Inner Loop Press and I'm SO delighted with how it turned out (https://www.innerloop.press/)

@olivvybee and the next available appointment for a DHCP lease is scheduled for November 2027?

TIL: Vimeo still exists.