• 0 Posts
  • 42 Comments
Joined 2 years ago
cake
Cake day: June 11th, 2023

help-circle
rss





  • So if you don’t need to create an account, how do you know you’re talking to who you think you’re talking to?

    You use your email provider’s credentials to log into the app, which then creates an IMAP folder called delta-chat which houses all those conversations.

    You’d verify it’s your mom by starting a chat with “momoforollo@her.email” she’d verify it’s you by making sure it’s coming from “orollo@your.email”



  • From an EM perspective, patients are often stupid as fuck and wouldn’t know what was good for them if you beat them over the head with it. Sometimes their stupidity brings acute death if they leave my ward, and I don’t want that on my conscience, not to mention legal exposure. If I thought a patient was wanting to leave for some stupid reason and life and limb is on the line I would absolutely do everything short of directly lying to a patient to keep them under care until they are stabilized. Full stop. It is my ethical and legal obligation to treat patients, even if they are too ignorant or obtuse to understand that is the reason any of us are there. Call it mind games, manipulation, whatever; I do not want a sick patient leaving until I am sure that they won’t die from what they came to me with or be back within 24h for the same thing, and I will do whatever I can to keep a patient’s stupid ideas from getting them killed.










  • Here’s one I have saved in my shell aliases.

    nscript() {
        local name="${1:-nscript-$(printf '%s' $(echo "$RANDOM" | md5sum) | cut -c 1-10)}"
        echo -e "#!/usr/bin/env bash\n#set -Eeuxo pipefail\nset -e" > ./"$name".sh && chmod +x ./"$name".sh && hx ./"$name".sh
    }
    alias nsh='nscript'
    

    Admittedly much more complicated than necessary, but it’s pretty full featured. first line constructs a filename for the new script from a generated 10 character random hash and prepends “nscript” and a user provided name.

    The second line writes out the shebang and a few oft used bash flags, makes the file executable and opens in in my editor (Helix in my case).

    The third line is just a shortened alias for the function.




  • How does the xz incident impacts the average user ?

    It doesn’t.

    Average person:

    • not running Debian sid, Fedora nightly, Arch, OpenSUSE Tumbleweed, or tbh any flavour of Linux. (Arch reportedly unafffected)
    • ssh service not exposed publicly

    The malicious code was discovered within a day or two a month of upload iirc and presumably very few people were affected by this. There’s more to it but it’s technical and not directly relevant to your question.

    For the average person it has no practical impact. For those involved with or interested in software supply chain security, it’s a big deal.

    Edit:
    Corrections:

    • OpenSUSE Tumbleweed was affected; Arch received malicious package but due to how it is implemented did not result in compromised SSH service.
    • Affected package was out in the wild for about a month, suggesting many more affected systems before malicious package was discovered and rolled back.