wtf

An unprivileged local user can write 4 controlled bytes into the page cache of any readable file on a Linux system, and use that to gain root.

If your kernel was built between 2017 and the patch — which covers essentially every mainstream Linux distribution — you’re in scope.

how does that only get a CVE score of 7.8

I use https://marp.app/

ok, to start with, if you need a POSIX interface to the filesystem, you already have an SSH connection to that server, and don’t need much stability across multiple clients, SSHFS may do just fine. For a homelab, that is likely the case.

now, if you’re hosting a web server that needs data distributed across drives/nodes, data redundancy, and the usage is primarily programmatic, closer to a CDN’s or machine learning pipeline than a single user browsing files; then you want an S3-compatible solution. The S3 API makes it easier to plug it into your application, while allowing you to migrate to a different one - which I’m actually currently doing for a MinIO deployment at work.

SSHFS is a hack and has nothing to do with the proposal of S3 compatible backends

“Native installs are trash. Always have issues resolving dependencies and compiling from source. I’ve tried it for a while but at some point you want to get work done instead of having to resolve why libxcomposite is not available”

yeah, about twice a year I use the CLI to backup my vault, and I’ve never felt comfortable installing an npm package to handle my vault. Now I’m definitely sandboxing it in a rootless container without internet next time. And installing a week old version, or older.

containers

reposting the tl;dr I wrote from another community…

Yesterday, for about 1h30min (starting at 5:57pm ET / 21:57 UTC) anyone installing the latest version of the command line interface of bitwarden was installing malware.

The malware steals GitHub/npm tokens, .ssh, .env, shell history, GitHub Actions and cloud secrets, then exfiltrates the data to private domains and as GitHub commits and doesn’t seem to be targeting Bitwarden specifically, or user vaults.

There’s no evidence that end user vault data was accessed or at risk, or that production data or production systems were compromised, according to their official statement.

It seems there were 334 bitwarden CLI downloads in this time period, some or many of which might have been from bots, so this is a higher bound to the number of affected users.

framework as in the laptop brand, or…?

Because if so, I think you can also install arch/arch-based and have bleeding edge

Each screen can now switch between any of the system’s virtual desktops independently!

no way, I thought this would never be a thing! Been wanting this for over 3 years now.

ctrl is more useful

I don’t think you can have both

yeah, I think the whole “water” argument really dilutes the case against data centers.

On a serious note, the argument works for areas that already struggle to supply enough water for consumers. Otherwise, we should be focusing more on the power stress to the grid, and the domino effect on supply chain of hardware cost increases that it’s happening across many industries. It started with GPUs, now it’s CPU, storage, networking equipment, and other components.

If these prices are too high for a couple of years, we’ll start seeing generalized price increases as companies need to pass along the costs to consumers.

It’s not, I read the code. It’s not merely asking the LLM for recommendations, it’s using embeddings to compute scores based on similarities.

It’s a lot closer to a more traditional natural language processing than to how my dad would use GPT to discuss philosophy.

No, it doesn’t do that. It gets embeddings from an LLM and uses that to rank candidates.

no one is saying everyone has to ask an LLM for movie recommendations

chill, this is extracting text embeddings from a local model, not generating feature-length films

that’s like saying “no jet use is benign” meant for comparing a private jet to a jet-ski

the generative aspect is not even used here

There’s no training, the LLM embeddings are used to compare the plots via a cosine similarity, then a simple weighted score with other data sources is used to rank the candidates. There’s no training, evaluation, or ground-truth, it’s just a simple tool to start using.

that’s pretty cool, this is just the wrong crowd, don’t worry about the downvotes

tmpfs is a memory filesystem, they all do

https://man7.org/linux/man-pages/man5/tmpfs.5.html

one-liner to get the total used size

/usr/bin/df --type=tmpfs | awk 'NR>1 {sum+=$3} END {print "tmpfs used (MiB): " sum / 1024}'