This campaign is still ongoing. I just got an email that one of my old packages (which hasn't worked for years and was orphaned for a while) was adopted and immediately a malicious commit was pushed. They seem to be using bun instead of npm now, so any npm-based workaround likely isn't effective.
I'm wondering at this point if the idea of adopting orphaned packages is broken and should be removed.
Inconvenient, but perhaps instead of allowing adoption of someone else's abandoned package, the AUR forces a new submission instead and regularly purges orphaned packages older than a certain age?
Absolutely! Supply chain attacks are always going to be a problem, but just letting someone take over a package because it hasn’t been touched in a while seems like a really poor policy.
That would've been a cool PoC to work on as well, but seems a fair bit more complicated than the BadUSB-style attack I ended up doing. Would've had to do a lot more RE to figure out how to interact with the whole microphone subsystem, I think.
> A probe packet contains the MAC address as well as the list of all the past Wi-fi networks that your device has tried to join before, which can reveal a lot about you!
Generally, most modern devices send broadcast/wildcard probes precisely to avoid leaking the PNL. From what I know, directed probes are only sent for hidden APs.
Correct. All major OSes stopped broadcasting the preferred SSID list by 2017, with Android and Linux being the last. Apple stopped in 2014. Windows by 2009.
And most modern devices randomize MAC addresses ("Wi-Fi addresses" in Apple-ese, for probably obvious reasons) between networks, and even between broadcasts/connections to the same network.
In Linux changing the MAC address can be done simply on the command line, so I'd probably just write this functionality into a bash script that I'd call before ifup.
macOS rotates MAC addresses between networks by default, and between connections to the same network unless it's password-protected. (It's under System Settings -> "Details..." or three-dot menu by a network -> "Private Wi-Fi address.")
Windows also randomizes by default as long as your network controller supports it.
It sounds like Linux requires some textual configuration that depends on your distro.
From personal experience, there have been a few papercuts (mostly trying to figure out why runners aren't picking up jobs), but it isn't too hard to debug and the CI format is simple. When it works, it works well enough. It uses a similar workflow as GitHub actions. Some, but not all, actions are even interchangeable or at least portable from GitHub without much fuss.
Unfortunately there is no representative that would vote on every issue how I would want them to vote.
That means if only politicians that are savvy enough to get campaign donations, air time, etc; that claim to represent me on more important issues than cameras, are the only ones on the ballot for me to choose from, and they all like cameras, I don't get much of a say in cameras.
That's not unreasonable, but then by your definition are there actually any democracies in the world as of current?
From a practical standpoint, how would that even work? Would the politican call you and everyone in their district before each vote and record it? Or would every bill that comes up have a poll?
I wish my city only had a single case like that. Unfortunately, in Tallinn, it is extremely common that a bike path is suddenly routed onto the curb, and that's when you're lucky. For some paths, the path just... ends, and you suddenly find yourself right in the middle of car traffic. Unfortunately, the city leadership is anti-bike and pro-car, and it shows in the infrastructure.
Paths where pedestrians and bikers (and other light transportation vehicles) are mixed are overwhelmingly common.
According to the linked homepage, the memory usage seems decent (few hundred megs for most use cases when working with a 3.3G logfile). There's a screenshot with various tasks and what the peak memory usage is.
At some point you need to keep quite a large context in memory to have both decent performance and useful features (that aren't unbearably slow to use). lnav seems to land at a reasonable middle ground.
Good question! I wasn't too concerned about this, because the only way you could even interact with the OS where the server was running was via HTTP requests, which are fairly limited in nature. The OS or kernel itself wasn't directly exposed per se.
https://aur.archlinux.org/cgit/aur.git/commit/?h=toggldeskto...
reply