Barbarian

Barbarian , 3 days ago

Every software project, without exception, has a testing environment.

Some even have a separate production environment too.

Barbarian , 2 days ago

https://sh.itjust.works/pictrs/image/6eb244b5-8f00-4121-9399-8ffe148c08e1.jpeg

Barbarian , 2 days ago

I agree with everything you say here, but I thought the setup-payoff joke structure and the fact I intentionally swapped testing and production for comedic effect made it obvious enough. I guess Poe's law strikes again.

Barbarian , 10 days ago

If you want something useful, maybe some more info on what you use your computer for? Advice for a glorified web terminal would be "Click the Firefox icon". Advice for learning bash would be a massive rabbithole.

App suggestions are also very dependent on what you use your computer for.

Barbarian , 10 days ago (edited 10 days ago)

So on the gaming front, pretty much any mainstream Linux distro would work for that. Proton is pretty damn stable and great on any distro that supports Steam. If you like Bazzite though, you do you.

For pen testing, must-have skills are nmap, bash, sqlmap, wireshark and the burp suite. If you know how to use all those, you've got basic coverage of most common attack vectors (password cracking is also covered by bash, there's 101 different password cracking algorithms in various CLI spps).

I'm a lazy ass who doesn't care much about customization, hopefully someone else can help you with that :))

A quick Google shows that someone got sharex working on Linux: https://github.com/ShareX/ShareX/issues/6531

Might take some effort and learning bash and WINE + winetricks to get that running, but hey, you're gonna need to do that anyways for the pentest stuff :)

Barbarian , 14 days ago

Should be an option to allow/disallow non-instance users to vote. That'd be really useful here in sh.itjust.works for the Agora.

Barbarian , 1 month ago

It's not easy, but it's really not worth the massive gaping security vulnerability you are giving your users. One disgruntled employee giving out the keys to the castle or one programmer plugging in an infected USB, and every user now has a persistent malicious rootkit. The only way to fix an issue that deep after it gets exploited is to literally throw away your hard drive.

Barbarian , 1 month ago

I'm sorry to disappoint, but with rootkits, that is very real. With that level of permissions, it can rewrite HDD/SSD drivers to install malware on boot.

There's even malware that can rewrite BIOS/UEFI, in which case the whole motherboard has to go in the bin. That's much less likely due to the complexity though, but it does exist.

Barbarian , 1 month ago

Outside of monitoring individual packets outside of your computer (as in, man in the middle yourself with a spare computer and hoping the malware phones home right when you're looking) there's no way of knowing.

Once ring 0 is compromised, nothing your computer says can be trusted. A compromised OS can lie to anti-malware scanners, hide things from the installed software list and process manager, and just generally not show you what it doesnt want to show you. "Just remediate" does not work with rootkits.

Barbarian , 1 month ago

Please don't walk away from this feeling dumb. Most IT professionals aren't aware of the scale of the issue outside of sysadmin and cybersecurity. I've met programmers who shrug at the most egregious vulnerabilities, and vendors who want us to put dangerous stuff on our servers. Security just isn't taken as seriously as it should be.

Unrelated, but I wish you the best of luck with your studies!

Barbarian , 1 month ago (edited 1 month ago)

Glad to hear it!

Just as another thing to add to your notes, in ordinary circumstances, it's practically impossible for non-government actors to get rootkits on modern machines with the latest security patches (EDIT: I'm talking remotely. Physical access is a whole other thing). To work your way up from ring 3 (untrusted programs) all the way to ring 0 (kernel), you'd need to chain together multiple zero day vulnerabilities which take incredibly talented cybersec researchers years to discover, keep hidden and then exploit. And all that is basically one-use, because those vulnerabilities will be patched afterwards.

This is why anti-cheat rootkits are so dangerous. If you can exploit the anti-cheat software, you can skip all that incredibly difficult work and go straight to ring 0.

EDIT: Oh, and as an added note, generally speaking if you have physical access to the machine, you own the machine. There is no defence possible against somebody physically being able to plug a USB stick in and boot from whatever OS they want and bypass any defences they want.

Barbarian , 1 month ago

Ph'nglui mglw'nafh Cthulhu R'lyeh wgah'nagl fhtagn.

Barbarian , 1 month ago

The best use case for purchasing FOSS software is contractor work, specific modules for existing platforms and/or FOSS projects. I've done that myself in the past. The client pays for the custom software, it's written, and then they gets to do absolutely whatever they want with it. If the client wants to publish it, they're well within their rights. Most of the time it's too entangled with their internal company workflow to be useful to anyone else though.

Barbarian , 1 month ago

Only if the users on that server treat it like a death sentence.

Barbarian , 1 month ago

According to a quick Google search (I'm no expert on copyright law), a sufficiently original email is automatically copyrighted. What constitutes "sufficiently original" seems to be pretty arbitrary.

So I guess if you post a short story, that's automatically copyrighted. Commenting "this" is not. And then there's a huge grey zone in the middle.

Barbarian , 4 months ago

Master Foo discourses on the GUI

Barbarian , 5 months ago

I actually disagree on what the biggest difference is. For the average everyday user, the biggest difference is the desktop environment. Having a desktop environment that the user finds intuitive, easy, and is stable is by far the most important thing.

Barbarian , 5 months ago

Completely agree that these kinds of threads end up being more a popularity poll than anything more actionable and usable. Everyone has their own opinions and preferences (which is great!), but that can end up being extremely overwhelming for a newbie.

Barbarian , 5 months ago

I’d add tech support to that list. Cut my teeth there fresh out of school and it really taught me empathy towards service workers of all types. The crazy bullshit that people threw at me due to being stressed and irritated that their stuff isn’t working was very eye-opening.

Barbarian , 5 months ago

When it comes to distros, I am a boring man with a boring POV: I just want the thing to work with as little fuss as possible. Consequently, I’m on Kubuntu. KDE is rock solid, and Ubuntu is what I’m used to.

If/when my OS ever breaks down hard enough to reinstall, I’ll probably install Fedora Workstation.

Barbarian , 7 months ago

One thing that I hope becomes more common is open source game code + proprietary art, sound and narrative. Game devs, artists, writers, etc deserve to get paid for their work, and we deserve to know what’s running on our computers. The more game devs use open source engines, the closer we get.

Barbarian , 7 months ago

I’m sure you agree with this, just wanted to add:

It’s also true that the ease with which a program can interact with kernel level drivers in Windows opens up a whole host of potential exploits including but not limited to recording all internet traffic, all keystrokes, listing all files & programs, accessing memory of other programs and more. AAA client-side anticheats require some pretty incredible trust in the vendor to not be either evil or incompetent.

Barbarian , 7 months ago (edited 7 months ago)

The context is that the guy running fast (Captain America) is running so fast he’s overtaken the other guy (War Machine Falcon, eventually) like 4 times. He’s getting more and more frustrated with being outdone in raw athleticism.

Barbarian , 7 months ago

Thanks for the correction

Barbarian , 7 months ago

This is specifically a UK problem. The Tories have been trying to do absolutely retarded things with banning encryption for a long time now.

Barbarian , 7 months ago

There’s also the fact that he was extremely worried about Microsoft trying to go the Apple route and restrict program installs to their store, including games. That would have killed Steam overnight. That’s when the investment into Linux really started ramping up.

That’s not evil or anything, but it is identifying a potential company-killing vulnerability and trying to reduce the impact somewhat.

Barbarian , 8 months ago (edited 8 months ago)

The Shadow of the Demon lord system is different and interesting. You don’t track individual arrows, you track quivers (which are quite expensive). A character might have like 3 quivers.

You lose a quiver on a critical fail, otherwise you don’t track ammo. This means on average you have 20 arrows per quiver, which works out about right without any of the paperwork.

Barbarian , 8 months ago

The way my gm does it is basically “Drawing and rapidly firing, you reach into your quiver and find it empty”. This works because we’ve never had multiple crit fails in a row.

Barbarian , 8 months ago

I actually like snaps. For a few big well-maintained projects, they make a lot of sense and can provide some serious benefits.

Forcing everything to be a snap? That is insane.

Barbarian , 8 months ago

Not really. Default drivers should work just fine. If you want to make sure they’re installed and running, run the following in a terminal:

<span style="color:#323232;">glxinfo | grep Mesa
</span>

If you have any output, you have Mesa. It’ll tell you what version you have as well.

Barbarian , 8 months ago

I’ve personally never heard of or used any driver control panels for mesa. It just works with 0 fuss for me. If you mean graphical settings, your desktop environment’s control panel should have some knobs and buttons.

Barbarian , 8 months ago

Installing the AMD Vulkan libraries, if they aren’t installed out of the box

They said they were on Pop_OS, I’m 99% sure they’re preinstalled

Barbarian , 8 months ago

That’s also a core rulebook perk for Vampires: the Masquerade

Barbarian , 8 months ago

they merely want to play pf2e without admitting it

In my case, I wanted to play pf2e without knowing it. I’ve been running a DnD curse of Strahd campaign, and I’ve been getting more and and more irritated at long rests, challenge ratings being meaningless, and martial vs spellcaster balance. Pf2e solves all those issues, and I didn’t even realize till I sat down to do prep for a campaign.

Barbarian , 8 months ago

Don’t fucking nerf the core of a character’s mechanics midgame

Happened to me once. Built a monk specifically for cool grapple movement interactions because I hate the standard “I attack. You attack me back.” attritional gameplay that DnD normally has.

Stunned a guy, used my 2nd attack as a grapple, started running up a wall, which both me and the grappled target will fall off at the end of the turn (but I have slow fall, he doesn’t). The GM says:

“You’re running up the wall with the guy still grappled?”

“Yes. Perfectly legal according to the rules”

“You’re grappling an orc fighter”

“Yes. And?”

“He’s pretty heavy… Roll me a strength check”

Cleared it up after the game, but come on man. I explained how my character would work in combat beforehand, don’t nerf me midgame.

Barbarian , 8 months ago

Starting a pathfinder 2e campaign in a few weeks. It really is astonishing how good Ranger is in this system, and how effortless it seems to be compared to DnD 5e.

Pf2e rangers have no magic at all. They’re a martial class vaguely on par with a fighter, with excellent survival skills. They have a unique ability to pick a target they can see or are tracking as their prey, and they get huge bonuses against their prey.

That’s it. It’s an excellent class, doesn’t need these 50 different attempts and houserules to fix it.

Barbarian , 9 months ago

I can understand strongly limiting long rests. Letting players long rest between every encounter makes difficulty non-existent. Short rests though… classes that get resources back on short rests are balanced around the fact that they’ll likely get them frequently.

Barbarian , 9 months ago

I don’t think I’ve heard very often that “Nvidia doesn’t work right on Linux”. It’s more that it’s missing features compared to Windows and because it’s a closed source binary blob you have to wait for Nvidia to release a new driver every time a new kernel comes out.

Barbarian , 10 months ago

give yourself a check for what those things do

To add, don’t kick yourself for forgetting and needing to double-check something. For example, even as a Linux vet, I still sometimes need to double-check whether it’s -r or -R for recursive on whatever command I’m using sometimes.

Barbarian , 10 months ago

Second this, really great site.

Barbarian , 10 months ago

Nope, no regrets here.