https://security-tracker.debian.org/tracker/CVE-2024-47176, archive

As of 10/1/24 3:52 UTC time, Trixie/Debian testing does not have a fix for the severe cupsd security vulnerability that was recently announced, despite Debian Stable and Unstable having a fix.

Debian Testing is intended for testing, and not really for production usage.

https://tracker.debian.org/pkg/cups-filters, archive

So the way Debian Unstable/Testing works is that packages go into unstable/ for a bit, and then are migrated into testing/trixie.

Issues preventing migration: ∙ ∙ Too young, only 3 of 5 days old

Basically, security vulnerabilities are not really a priority in testing, and everything waits for a bit before it updates.

I recently saw some people recommending Trixie for a "debian but not as unstable as sid and newer packages than stable", which is a pretty bad idea. Trixie/testing is not really intended for production use.

If you want newer, but still stable packages from the same repositories, then I recommend (not an exhaustive list, of course).:

• Opensuse Leap (Tumbleweed works too but secure boot was borked when I used it)
• Fedora

If you are willing to mix and match sources for packages:

• Flatpaks
• distrobox — run other distros in docker/podman containers and use apps through those
• Nix

Can get you newer packages on a more stable distros safely.

cross-posted from: https://programming.dev/post/18069168

I couldn't get any of the OS images to load on any of the browsers I tested, but they loaded for other people I tested it with. I think I'm just unlucky. > > Linux emulation isn't too polished.

I couldn't get any of the OS images to load on any of the browsers I tested, but they loaded for other people I tested it with. I think I'm just unlucky.

Linux emulation isn't too polished.

According to the archwiki article on a swapfile on btrfs: https://wiki.archlinux.org/title/Btrfs#Swap_file

Tip: Consider creating the subvolume directly below the top-level subvolume, e.g. @swap. Then, make sure the subvolume is mounted to /swap (or any other accessible location).

But... why? I've been researching for a bit now, and I still don't understand the benefit of a subvolume directly below the top level subvolume, as opposed to a nested subvolume.

At first I thought this might be because nested subvolumes are included in snapshots, but that doesn't seem to be the case, according to a reddit post... but I can't find anything about this on the arch wiki, gentoo wiki, or the btrfs readthedocs page.

Any ideas? I feel like the tip wouldn't just be there just because.

I've recently done some talks for my schools cybersecurity club, and now I want to edit them.

My actual video editing needs are very simple, I just need to clip parts of the video out, which basically every editor can do, as per my understanding.

However, my videos were recorded from my phone, and I don't have a presentation mic or anything of the sort, meaning background noise, including people talking has slipped in. From my understanding, it's trivial to filter out general noise from audio, as human voices have a specific frequency, even "live", like during recording or during a game, but filtering voices is harder.

However, it seems that AI can do this:

https://scribe.rip/axinc-ai/voicefilter-targeted-voice-separation-model-6fe6f85309ea

Although, it seems to only work on .wav audio files, meaning I would need to separate out the audio track first, convert it to wav, and then re merge it back in.

Before I go learning how to do this, I'm wondering if there is already an existing FOSS video editor, or plugin to an editor that lets me filter the video itself, or a similar software that works on the audio of videos.

cross-posted from: https://programming.dev/post/6822168

I was watching a twitch streamer play the game pogostuck (A game similar in frustration and difficulty to Getting over it with Bennett Foddy — Don't Fall!).

They were also reading chat at the same time (usually out loud, as well). Multitasking.

Lots of sources (here's one) say that true multitasking is impossible. Rather, it's very fast switching, where there is a degradation of performance.

Knowing this, I naturally made it my mission to trip the streamer up with seemingly benign messages.

I was sharing some actual information about another streamer who beat another game, but a made a typo something like:

I remember a streamer beat the game a game ...

And I noticed how much more the streamer struggled to read this compared to previous, accidental typos (missing spaces, extra spaces, etc.). He spent a good 5 seconds on this message, and during the process, he fell really far. 😈

So I decided to do some testing. Inserting words, swapping them around, and whatnot, to see what tripped him up the most. Most typos didn't affect him.

There was one typo that tripped him again, where I said something like:

If it wasn't for a for

So it seems to be repetition? But I couldn't always replicate this with other forms of repetition.

Later on, I copied the two guards riddle, with an alteration:

One of the guards always lies and the other always lies as wekk. You don't know which one is the truth-teller or the liar either. However both guards know each other

Sadly, I didn't cut the part about "don't know which is truth teller or liar" out.

The streamer spent a good 5 minutes interpreting this puzzle, and eventually interpreting it as the original puzzle. Then, he was trying to solve a riddle, game, and read chat all at once.

He was stuck on the bottom until he gave up on the riddle (I revealed that I meant what I said when I said both guards lie). 😈

Anyway, that was a bit off topic but still relevant.

I'm wondering if any studies have been done on this? I know studies have been done on human's ability to read words with the letters partially scrambled, but what about typos?

How can I improve my distraction game (with plausible deniability of course)?

I was watching a twitch streamer play the game pogostuck (A game similar in frustration and difficulty to Getting over it with Bennett Foddy — Don't Fall!).

They were also reading chat at the same time (usually out loud, as well). Multitasking.

Lots of sources (here's one) say that true multitasking is impossible. Rather, it's very fast switching, where there is a degradation of performance.

Knowing this, I naturally made it my mission to trip the streamer up with seemingly benign messages.

I was sharing some actual information about another streamer who beat another game, but a made a typo something like:

I remember a streamer beat the game a game ...

And I noticed how much more the streamer struggled to read this compared to previous, accidental typos (missing spaces, extra spaces, etc.). He spent a good 5 seconds on this message, and during the process, he fell really far. 😈

So I decided to do some testing. Inserting words, swapping them around, and whatnot, to see what tripped him up the most. Most typos didn't affect him.

There was one typo that tripped him again, where I said something like:

If it wasn't for a for

So it seems to be repetition? But I couldn't always replicate this with other forms of repetition.

Later on, I copied the two guards riddle, with an alteration:

One of the guards always lies and the other always lies as wekk. You don't know which one is the truth-teller or the liar either. However both guards know each other

Sadly, I didn't cut the part about "don't know which is truth teller or liar" out.

The streamer spent a good 5 minutes interpreting this puzzle, and eventually interpreting it as the original puzzle. Then, he was trying to solve a riddle, game, and read chat all at once.

He was stuck on the bottom until he gave up on the riddle (I revealed that I meant what I said when I said both guards lie). 😈

Anyway, that was a bit off topic but still relevant.

I'm wondering if any studies have been done on this? I know studies have been done on human's ability to read words with the letters partially scrambled, but what about typos?

How can I improve my distraction game (with plausible deniability of course)?

cross-posted from: https://programming.dev/post/5669401

docker-tcp-switchboard is pretty good, but it has two problems for me:

• Doesn't support non-ssh connections
• Containers, not virtual machines

I am setting up a simple CTF for my college's cybersecurity club, and I want each competitor to be isolated to their own virtual machine. Normally I'd use containers, but they don't really work for this, because it's a container escape ctf...

My idea is to deploy linuxserver/webtop, as the entry point for the CTF, (with the insecure option enabled, if you know what I mean), but but it only supports one user at a time, if multiple users attempt to connect, they all see the same X session.

I don't have too much time, so I don't want to write a custom solution. If worst comes to worst, then I will just put a virtual machine on each of the desktops in the shared lab.

Any ideas?

docker-tcp-switchboard is pretty good, but it has two problems for me:

• Doesn't support non-ssh connections
• Containers, not virtual machines

I am setting up a simple CTF for my college's cybersecurity club, and I want each competitor to be isolated to their own virtual machine. Normally I'd use containers, but they don't really work for this, because it's a container escape ctf...

My idea is to deploy linuxserver/webtop, as the entry point for the CTF, (with the insecure option enabled, if you know what I mean), but but it only supports one user at a time, if multiple users attempt to connect, they all see the same X session.

I don't have too much time, so I don't want to write a custom solution. If worst comes to worst, then I will just put a virtual machine on each of the desktops in the shared lab.

Any ideas?

So basically, my setup has everything encrypted except /boot/efi. This means that /boot/grub is encrypted, along with my kernels.

I am now attempting to get secure boot setup, to lock some stuff, down, but I encountered this issue: https://bbs.archlinux.org/viewtopic.php?id=282076

Now I could sign the font files... but I don't want to. Font files and grub config are located under /boot/grub, and therefore encrypted. An attacker doing something like removing my hard drive would not be able to modify them.

I don't want to go through the effort of encrypting font files, does anyone know if there is a version of grub that doesn't do this?

Actually, preferably, I would like a version of grub that doesn't verify ANYTHING. Since everything but grub's efi file is encrypted, it would be so much simpler to only do secure boot for that.

And yes, I do understand there are security benefits to being able to prevent an attacker that has gained some level of running access to do something like replacing your kernel. But I'm less concerned about that vector of attack, I would simply like to make it so that my laptops aren't affected by evil maid attacks, without losing benefits from timeshift or whatnot.

I found the specific commit where grub enforces verification of font files: https://github.com/rhboot/grub2/commit/539662956ad787fffa662720a67c98c217d78128

But I don't really feel interested in creating and maintaining my own fork of grub, and I am wondering if someone has already done that.

I'm having trouble with networking on linux. I am renting a vps with only one NIC, one ipv4 address, and a /64 range of ipv6 ones. I want to deploy openstack neutron to this vps, but openstack neutron is designed to be ran on machines with two NIC's, one for normal network access, and entirely dedicated to virtualized networking, like in my case, giving an openstack virtual machine a public ipv6 address. I want to create a virtual NIC, which can get it's own public ipv6 addresses, for the vm's, without losing functionality of the main NIC, and I also want the vm's to have ipv4 connectivity. I know this setup is possible, as the openstack docs say so, but they didnt' cover how to do so.

Docs: https://docs.openstack.org/kolla-ansible/latest/reference/networking/neutron.html#example-shared-interface

There is an overview of what you need to do here, but I don't understand how to turn this into a usable setup. In addition to that, it seems you would need to give vm's public ipv4 addresses, in order for them to have internet connectivity. I would need to create a NAT type network that routes through the main working interface, and then put the neutron interface partially behind that, in order for ipv4 connectivity to happen.

I've been searching around for a bit, so I know this exact setup is possible: https://jamielinux.com/docs/libvirt-networking-handbook/multiple-networks.html#example-2 (last updated in 2016, outdated)

But I haven't found an updated guide on how to do it.