Feddit.cl

This is an automated archive made by the Lemmit Bot.

The original was posted on /r/analog by /u/uaiu on 2024-11-28 02:59:10+00:00.

This is an automated archive made by the Lemmit Bot.

The original was posted on /r/analog by /u/jrklbc on 2024-11-28 02:49:24+00:00.

This is an automated archive made by the Lemmit Bot.

The original was posted on /r/analog by /u/Film_in_Idaho on 2024-11-28 00:37:45+00:00.

S4E5 "The Problem Solvers"

I have had this joke in mind for a long time, but thought it was much too similar to this post. Hopefully it has been long enough that this can be appreciated!

More than 500,000 Ukrainian soldiers have been killed or seriously wounded and will no longer be able to fight.

At least 100,000 Ukrainian soldiers died during the war with Russia, and another 400,000 were seriously wounded and can no longer fight

These figures only take into account military losses. The publication studied various sources in order to try to establish the losses of the Ukrainian Armed Forces, which are not officially disclosed.

Recall that Zelensky said in February that 30 thousand Ukrainian soldiers died at the front.

All those reports of troop shortages even after resorting to kidnapping men from the streets. Pretty clear indication losses are very high.

https://archive.ph/oXpCp

I'm proud to share a major development status update of XPipe, a new connection hub that allows you to access your entire server infrastructure from your local desktop. It works on top of your installed command-line programs and does not require any setup on your remote systems. XPipe integrates with your tools such as your favourite text/code editors, terminals, shells, command-line tools and more.

Here is how it looks like if you haven't seen it before:

VMs

• There is now support for KVM/QEMU virtual machines that can be accessed via the libvirt CLI tools virsh. This includes support for other driver URLs as well aside from KVM and QEMU. This integration is available starting from the homelab plan and can be used for free for two weeks after this release using the new release preview
• You can now override a VM IP if you're using an advanced networking setup where the default IP detection is not suitable. For example, if you are using a firewall like opnsense on your hypervisor
• Fix remote VM SSH connections not being able to use the keys and identities from the local system
• There is now a new restart button for containers and VMs

File browser

• There is now a new option in the context menu of a tab to pin it, allowing for having a split view with two different file systems
• The previous system history tab is now always shown
• You can now change the default download location for the move to downloads button

Other

• The application style has been reworked
• Improve license requirement handling for systems. You can now add all systems without a license and also search for available subconnections. Only establishing the actual connection in a terminal or in the file browser will show any license requirement notice. This allows you to check whether all systems and installed tools are correctly recognized before considering purchasing a license.
• Add download context menu action in file browser as an alternative to dragging files to the download box
• Fix proxmox detection not working when not using the PVE distro and not logging in as root
• The settings menu now shows a restart button when a setting has been changed that requires a restart to apply
• There is now an intro to scripts to provide some more information before using scripts
• Add ability to enable agent forwarding when using the SSH-Agent for identities
• Closing a terminal tab/window while the session is loading will now cancel the loading process in XPipe as well
• The .rpm releases are now signed

Shell sessions

Many improvements have been implemented for the reusability of shell sessions running in the background. Whenever you access a system or a parent system, XPipe will connect to it just as before but keep this session open in the background for some time. It does so under the assumption that you will typically perform multiple actions shortly afterward. This will improve the speed of many actions and also results in less authentication prompts when you are using something like 2FA.

Security updates

There's now a new mechanism in place for checking for security updates separately from the normal update check. This is important going forward, to be able to act quickly when any security patch is published. The goal is that all users have the possibility to get notified even if they don't follow announcements on the GitHub repo or on Discord. You can also disable this functionality in the settings if you want.

Fixes

• Fix Proxmox detection not working when not logging in as root
• Fix tunnels not closing properly when having to be closed forcefully
• Fix vmware integration failing when files other than .vmx were in the VM directories
• Fix SSH and docker issues with home assistant systems
• Fix git readme not showing connections in nested children categories

A note on the open-source model

Since it has come up a few times, in addition to the note in the git repository, I would like to clarify that XPipe is not fully FOSS software. The core that you can find on GitHub is Apache 2.0 licensed, but the distribution you download ships with closed-source extensions. There's also a licensing system in place as I am trying to make a living out of this. I understand that this is a deal-breaker for some, so I wanted to give a heads-up.

Outlook

If this project sounds interesting to you, you can check it out on GitHub or visit the Website for more information.

Enjoy!

cross-posted from: https://feddit.org/post/5167058

The Russian ruble plunged nearly 7% to trade at more than 110 per USD, the lowest on record excluding the short-lived selling immediately after Russia launched its invasion of Ukraine, as more sanctions against Russia dampened the outlook for inflows of foreign capital. The US sanctioned Gazprombank, the last major financial institution without penalties, to halt the transfer of payments from foreign markets to pay for Russian gas.

The ruble remained under pressure from Moscow relaxing capital controls as a weaker currency aids the Kremlin’s ability to finance its budget. Mandatory forex conversion for export revenues fell 25% from earlier in the year, significantly reducing demand for rubles.

Russian central bank intervenes to stop currency free fall

Russia's central bank said on Wednesday [27 November] it would stop foreign currency purchases in order to ease pressure on the financial markets after the rouble weakened beyond 110 to the U.S. dollar, 119 to the euro, down by one-third since early August.

The central bank said it had decided not to buy foreign currency on the domestic market from Nov. 28 until the end of the year, but to defer these purchases until 2025.

"The decision was made to reduce the volatility of financial markets," the regulator said in a statement. Since Russia was blocked from using the dollar and euro, it has made foreign exchange interventions using Chinese yuan.

Russia published new economic data on Wednesday highlighting the latest signs of overheating in an economy retooled for the purpose of fighting the war in Ukraine, which has sucked workers out of the labour force.

[Edit typo.]

Hi all, we are hiring a remote worker and will be supplying a laptop to them. The laptop will be running a Debian variant of Linux on it.

We are a small shop and this is the first time we have entrusted somebody outside of our small pool of trusted employees.

We have sensitive client data on the laptop that they need to access for their day-to-day work.

However, if something goes wrong, and they do the wrong thing, we want to be able to send out some kind of command or similar, that will completely lock, block, or wipe the sensitive data.

We don't want any form of spying or tracking. We are not interested in seeing how they use the computer, or any of the logs. We just want to be able to delete that data, or block access, if they don't return the laptop when they leave, or if they steal the laptop, or if they do the wrong thing.

What systems are in place in the world of Linux that could do this?

Any advice or suggestions are greatly appreciated? Thank you.

This is an automated archive made by the Lemmit Bot.

The original was posted on /r/unexpected by /u/SpeedFlux09 on 2024-11-28 06:37:28+00:00.

This is an automated archive made by the Lemmit Bot.

The original was posted on /r/unexpected by /u/TitusTesla117 on 2024-11-28 05:27:43+00:00.

This is an automated archive made by the Lemmit Bot.

The original was posted on /r/unexpected by /u/firequak on 2024-11-28 05:11:50+00:00.

This is an automated archive made by the Lemmit Bot.

The original was posted on /r/unexpected by /u/Elluminated on 2024-11-28 04:59:04+00:00.

This is an automated archive made by the Lemmit Bot.

The original was posted on /r/unexpected by /u/blushingbeauty_ on 2024-11-28 04:52:59+00:00.

This is an automated archive made by the Lemmit Bot.

The original was posted on /r/unexpected by /u/DisconnectedDays on 2024-11-28 04:19:41+00:00.

This is an automated archive made by the Lemmit Bot.

The original was posted on /r/unexpected by /u/VixenVista_ on 2024-11-28 03:15:52+00:00.

cross-posted from: https://lemm.ee/post/48398746

https://archive.ph/20241127093611/https://www.wsj.com/world/china-tech-poaching-job-offer-pay-raise-f8ceac5b

https://en.wikipedia.org/wiki/Dutch_(1991_film)

Lets try to keep this topic around a basic-intermediate level when you try to explain things.

What I mean in the most simple words is a way for me to know if my laptop or any of the accessories such as charger, mouse, keyboard, camera, mic, etc, have been tampered with while I left them in my hotel room while I went out on some tourist attractions.

Adversary could be a local gang with hackers hired as hotel maid, or the adversary could be a corrupt/over reaching authority/intel who thinks citizens and tourists shouldn't have privacy and if they put a lot of effort into privacy then that means they are extremists and must mean they have something to hide.

I know of 3 ways to check for tampering:

1. AEM or Trenchboot or Heads.
2. Glitter nail polish.
3. A device which monitors your room for intrusion.

If there is proof of tampering then the solution is to destroy the hardware and throw in the trash because it's practically impossible with 100% certainty remove any tampering that was done. Better to buy new hardware.

Now to elaborate on each of the 3 ways...

1, Trenchboot is better than AEM or at least it will become better when it supports TPM 2. The plan is for it to replace AEM completely. So to make this simpler we can keep this discussion about trenchboot vs Heads and leave out AEM.

TPM 2 is good and something we should want depending on how important this method of tamper proof is. Because TPM 1.2 is old and weak encryption.

But I've read so many arguments about Trenchboot vs Heads, it's very difficult to understand everything and requires very deep and advanced knowledge and I just don't know, maybe I just have to keep on reading and learning until I eventually begin to understand more of it.

Glitter nail polish is supposed to make it practically impossible to open up the laptop (removing screws) to access the ROM chip and any other hardware. That makes this method of tamper proof perfect and simple and works on all laptops. But there are vulnerabilities:

USB is not protected by glitter nail polish. And if any malware compromises your system it could flash the ROM.

I don't think the malware is much of a threat if we are using QubesOS because it's too unlikely for the malware to escape the Qube, it would mean a 0-day vulnerability in Xen hypervisor.

But an adversary could easily use a bad usb when they have physical access to the computer and glitter nail polish doesn't detect that. I guess that this is why nail polish isn't sufficient on its own and why we need also either trenchboor or Heads.

One downside of Heads is that it's Static Root of Trust for Measurement (SRTM) which means it only checks for tampering when you boot the computer. But I think if the only threat is a bad usb attack because glitter nail polish protects against everything else that can tamper with the hardware, then this Heads downside of being SRTM doesn't matter.

This could be an app on the smart phone which uses the sensors to check for sound, movement and light changes, vibrations. Or it could be a more professional device as a surveillance camera or motion detector.

This way of tamper proof solves all problems if you assume that someone entering the room means that the hardware has been tampered with. But unfortunately this is not a good assumption to make if you are traveling or sharing accommodation. There are plenty of dumb people who would enter your room even if you told them not to even if they have no malicious intentions and are not an adversary. That means this method would give a lot of false alarms.

But if you are using video surveillance the you would know exactly what they did while in your room and you can clearly see if they even touched your hardware. So, with video surveillance you maybe don't need trenchboot or Heads and glitter nail polish.

Another reason to have this tamper method is in case they put any camera in your room to watch what you're doing or watch your enter passwords. If you have for example a motion detector giving an alarm, you can spend some time looking for hidden cameras. There are cameras that are good for this, I think they are called infrared cameras, they can find the heat which a hidden camera would give.

Summary: You probably want all 3 methods because they complement each others weaknesses. Question remains regarding trenchboot vs Heads in the scenario I've explained here I suspect Heads is a better choice but I am mostly guessing. Maybe I'm not as lost in this rabbit hole as I feel like I am. I hope the more advanced and experienced people can give some comments and help.

Another point I almost forgot to make: This whole scenario is meant to be practical, a realistic lifestyle. For example, it's not realistic for most people to be able to bring all their hardware with them everywhere they go such as work. It also makes you a big target to be robbed if they get a hint of how much valuable equipment you have in your backpack. So this means we are leaving the hardware at home which could be a hotel room or a shared accommodation.

Also last point which I forgot to make as well: The accessories need to be tamper proof as well. I don't know if trenchboot or heads is capable of doing that, such as if they replace the charger or something. Maybe the only way to protect against this is one of two ways:

1. Bring the accessories with you but leave the computer at "home". This isn't great though because you might not be able to keep your eyes on your backpack at all time.
2. Have a box filled with lentils which you put the accessories inside when you leave your room. Then you can take before and after picture and compare them to see if the lentils have moved around or not. This would mean we actually have to use 4 methods to keep all hardware tamper proof. It's not so fun to have to pack all accessories into a lentils box every time you leave your room, and check pics of both glitter nail polish and lentils. It's a lot of work but maybe that's the only way?