Notices by Daniel Taylor (randomdamage@mastodon.technology)

@gudenau
UIDs need to match up for permissions.

NFS problems are almost always UID mismatches between the systems.

@gudenau @fribbledom it would be, but I do it anyway because I am already in git.

@Miredly people to give him a pass because he's important.

@strypey @tao most labor reform was attained non-violently, despite the troubles around the initial formation of labor unions.

@lain there's more than one kind of dangerous asshole in the world, and they don't all like each other.

If only we could get them to leave everyone else alone, we'd probably be OK.

@mdszy use tiled xterms covering multiple monitors in a Windows shop.

@mdszy @gudenau neat unless malicious, anyway.

/e runs off to count his HIDs.

@gudenau you can make all the gates with what's in there, the only thing various additions do is let you make them more compact.

@kornel if you can be sure that all the files you are getting are indeed hosted on the same server, and that the server hasn't been compromised.

You can change a few characters in a "trusted" installation script to point the download to a completely different server, and if nobody is even bothering to checksum it you don't have to try too hard to get a malicious payload downloaded.

Or you can redirect the DNS so that what gets downloaded isn't even the original script at all.

Who would notice?

@kornel they'll hack you in any file you download if they are going to, but you can do things like verify checksums if you are patient enough to take a breath between downloading the file and running it.

*That's* the threat model, not the nature of the downloaded file, but whether the user is patient enough to make sure they got what they thought they were getting before running it.

@kornel it's low hanging fruit for a compromise, and you aren't even verifying a signature or checksum.

If you can't see a threat model in that, you won't see a threat model.

@ITsecJ obviously he never needs to carry more than fits in a briefcase.

@mdszy stay hydrated, it's only temporary.

@codesections there are character columns for 1B length, 2B length text columns, and 4B length long text.

@codesections there are different types if SQL strings depending on the length of the length. There is also metadata to say what length category they are.

That might push them more over to Rust style, I suppose it depends on the implementation.

@codesections I'm honestly torn, but Pascal style is also SQL style, and it does have distinct advantages over null terminated.

It allows optimizations and checks that null terminated doesn't, and also allows you to prevent string buffer overflows by the simple expedient of *stopping the read when you hit the length of the buffer*.

@kornel @codesections @rain most projects that do this aren't the Linux kernel, X11, or systemd.

Besides, those first 200 lines will often tell me if I *should* trust the rest. "chmod 777 $install_directory"? look for another package.

@mdhughes @rain people don't stop between steps to make sure they finished properly?

Even without the security reasons, there are so many practical reasons why you might not want to do that as an unsupervised chain.

Steps can fail to give the expected result without throwing an error code (typo in the package name, for instance, or wrong branch).