![[link]](https://i.redd.it/ykae4ncsvrtg1.jpeg){kind=link}
Two Linux kernel APIs from 1999 that fix credential theft in ssh-agent, gpg-agent, and every Unix socket daemon
Built a credential broker for AI agents and found that ssh-agent, gpg-agent, and every UDS-based credential tool trusts the same boundary: the Unix UID. The assumption "if theyre running as you youve already lost" breaks when AI agents execute arbitrary code as your UID by design.
The Exploit
SO_PEERCRED records who called connect() but fds survive fork()+exec(). Attacker connects, forks, child execs the legit binary, parent sends on inherited fd. Daemon hashes the childs binary — matches. Token issued to the attacker.
Tried eight mitigations. All failed because attacker controls exec timing.
The Fix
1. 
Linux made my laptop last forever. When is it OK to buy a new one?
When my laptop was getting sluggish on windows I switched to debian. Honestly it's working pretty well, with a few hitches here and there, but I suspect this will lead to the laptop not dying ever. It's already 6 years old.
When am I allowed to buy a new one I want to play BG3
[link] [comments]
Lemonade 10.1 released for latest improvements for local LLMs on AMD GPUs & NPUs
If the Rust Coreutils can use the MIT license, does that mean that any open-source project can be rewritten with a different license?
I didn't know rewriting code was enough to allow you to change the license, but that seems to be the case for the coreutils. I understand there is more to it than just rewriting the code, and you need to be able to prove you didn't copy the existing code.
With how AI is progressing, having a team of developers rewriting code could become less of an obstacle.
I don't think anyone is just going to rewrite the Linux kernel, but it does seem as if it could become a problem for smaller projects, where a bad-faith actor wants to use the code with a different license.
What do you guys have against Zorin OS?
I mean it's a perfect newcomer distro and great for people who just want something non-exotic. Except that you guys don't like it. It's at the bottom of nearly every tierlist i saw. I'm seriously wondering why.
[link] [comments]
[Update] Mend v0.6.0: A personal recovery tool now supporting multiple distros
Hello all,
I have been working on a personal project called Mend, which is a modular Zsh plugin designed to help with system recovery. Instead of digging through wikis when a command fails, it uses fzf to help resolve package conflicts, map missing libraries, offers to refresh mirrors if needed, clearing orphans and clear database locks.
The main reason I have moved this to a cross-distro model is that I wanted users on other systems to be able to test it if they are interested. It now supports Arch, Fedora, openSUSE, and Debian-based systems. While it has been fully tested on my own Arch machine and within containers for the other distributions, I cannot simulate a real-world system that has months or years of personal tweaks and updates. Be
Trying to install Mech Arena on Ubuntu 26.04
Alright so Im trying to install Mech Arena on 26.04 which I was able to install it from the launcher in steam but whenever I try to run it it tries to load but then just quits the process. I would really appreciate some help
[link] [comments]
Is it the sign of total SSD hardware failure?
So I can't boot into ubuntu in my laptop anymore and I am dual booting with windows.I have two separate SSDs on my laptop.It boots fine into windows 11 from Bios.When I check disk management from control panel and run diskpart- list disk from CMD,they only shows Disk 0.Also in bios,there is windows SSD with 512 gb,but another one shows like this,"Generic loader name device" with (0.0 GB).It means the drive is completely bricked?I feel like something is wrong when there is complete session crashes that I can't do nothing but to hard restart with holding power buttons in past few weeks.
CESS — Cryptologically Enchanted Shamir's Secret , a open standard.
CESS was created to fix these issues:
GnuPG provides strong encryption and signing, but it does not support modern AEAD and Shamir's secret.
Autocrypt focuses on opportunistic mail encryption, threshold splitting of long-term secrets with PIN-wrapped shares is not supported.
SLIP-0039 standardises mnemonic encoding of Shamir shares but it does not support encrypted shares.
Shamir's secret sharing has been around since 1979.
CESS is an open cryptographic standard for threshold secret sharing. It also supports mixing of cryptographic chiphers.
One can as a example do:
BrainpoolP384r1 + Twofish-256-CTR + Poly1305.
That profile has the internal suite id 0x0004. So recipients of coded mess
My First Open-Source Fork Experience With Thunar
I've used linux for the last 3 years now. I started with Ubuntu, it had a lot of problems with my hardware, I switched to Mint, and my hardware worked. Most of it, at least. Enough to use for daily work and internet browsing. Before I committed to learning how to use this OS, I had been on Windows since 3.0 at home, and went to 8.1 with the exception of ME as I grew up and as a young adult.
to put this bluntly: I HATE. HATE. HATE. the Linux drive naming conventions. The way I have had this explained to me is that linux uses a single tree and all drives are theoretically a space on that single tree. This is bullshit. It was bullshit back then, and it is bullshit now. All linux boots off of a single drive, whether or not it is physical or networked, a
beautiful alternative to microsoft office
First, please avoid suggesting LibreOffice. I’m specifically looking for alternatives that closely resemble the design, interface, and user experience of Microsoft Office. Any suitable recommendations?
[link] [comments]
Seergdb v2.7 released for Linux.
A new version of Seergdb (frontend to gdb) has been released for linux.
https://github.com/epasveer/seer
https://github.com/epasveer/seer/wiki
https://github.com/epasveer/seer/releases/tag/v2.7
https://github.com/epasveer/seer/releases/download/flatpak-latest/seer.flatpak
https://flathub.org/en-GB/apps/io.github.epasveer.seer
Give it a try.
Thanks.
What search engine do you guys use or recommend?
Considering how google is pushing more closed source projects and surveillance. I was wondering what other alternatives do people use outside of Google.
I use brave search and ecosia (no clue if this one is helpful tbh).
[link] [comments]