The Stoned Hacker

Just passin’ through

  • 1 Post
  • 34 Comments
Joined 3 years ago
cake
Cake day: June 24th, 2023

help-circle

  • This is a bit unnecessarily mean. OP made a post about themselves and how they react to a very personal and intimate act being “publicized”. While OP might need therapy, they aren’t shoving jack shit in anyones face. Instead you’re going out of your way to say things that you think would make OP uncomfortable.

    In bird culture that’s considered a dick move.







  • im not a marxist-leninist but this is a pretty braindead take

    > be me
    > advocating for system that is egalitarian and focused on communal ownership of resources to reduce exploitation
    > every example of such system, even if incomplete, expoused ideals of radical equity and inclusiveness in multiple facets of life
    > the people who believe in the future of such systems point out that those ideals were not met and point out ways to improve on that
    > "but why gay"
    > no one wants me around
    > mfw.jpg
    





  • The systems that begot America have existed for centuries at least throughout much of Europe and the Global North. This horror and absolute denigration of human dignity that defines the US was brought by colonizers who began developing these institutions of terror on their own soil. I argue that the assimilation and oppression of indigenous historically non-white European groups (such as the Celts) are the direct idealogical ancestors of the atrocities that Europeans have committed across the world. Without the enslavement and oppression of Ireland, as an example, I do not believe that the holocaust of the indigenous American peoples would’ve looked the same or even existed to begin with. This issue has existed long before the US has existed and until Europeans reckon with the harm they have wreaked across the planet this will continue.

    Many non-Americans in the global north will point to US atrocities and say “only in America” without even questioning their country’s involvement in the current state of things, or the fact that their country likely perpetuates similar oppression in the global south in order to maintain their “social democracy”. Until we stop relying on exploitation to drive progress (i.e. capitalism) this will not change. “This wouldn’t happen in xyz European country” thats because they historically and likely presently externalize their oppression to provide the surplus necessary for a socially democratic capitalist country. The bourgeoisie still steals from the worker, so to maintain a level of comfort for the worker they also steal from a country the European does not care about to provide the surplus without having to give up anything themselves.

    Until Europe does the work to remove the parasitic owner class and end their exploitation of the global south they are only marginally better than the US in my eyes. And realistically they should pay reparations for all the harm they have done to the global south as well.




  • I do this for my containers. I have a completely domain-managed network, so my docker/podman host mounts an NFS share that contains all the data volumes for my services. Each one only has read permissions for the service account that runs it (and has nogroup). Each OCI container mounts their data volume(s) from their respective directory as well as a kerberos user TGT and credentials cache. Each OCI container runs as the service account, which uses the kerberized credentials to access the mounted data volumes (this is necessary), and thus I acheive separation. Even if a threat actor were to compromiee a service they would still be locked down to that service account and only able to access/modify the data of this service. This is still be very bad for services like keycloak, but for other trivial services it almost guarantees more than adequate segregation. This does fall apart a little bit with the recent copyfail and dirtyfrag exploits which allow for easy privilege escalation, but I don’t allow root squash so the data volumes on the NFS share are still service_account:nogroup even when accessing as root. Now an attacler could go through and use the KRBTGTs that are stored for each service account to access the data, but at that point I am dealing with a dedicated threat actor. Defending against someone explicitly seeking to compromise me is a different situation altogether, and still requires initial access through a vulnerable application that is sitting behind an SSL termination proxy and an NGFW with IPS capabilities.


  • It seems they literally meant what commands are your favorite. Bash is a shell but it is just as much a command (bash -c 'wall poop'), and ssh and man are some of the most widely used commands on linux (if you end up working with LXC containers many of them do not come with manpages preinstalled. I highly recommend installing them if you’re going to spend any of amount of time on thr LXC)