mlfh
- 0 Posts
- 18 Comments
mlfh@lm.mlfh.orgto
Selfhosted@lemmy.world•Write-Up: My Multi-Purpose Travel ServerEnglish
16·5 days agoVery very cool! Would love to see it all in the case once you design and print it.
mlfh@lm.mlfh.orgto
homeassistant@lemmy.world•Pine64 has started shipping their smart speaker!English
1·5 days agoI’m working on this exact problem at home now, and finding 24GB of ddr4, a 6th-gen i7, and an old 8GB rx580 is more than enough to run pretty capable models up to ~35B parameters just fine, and equivalent MoE models shockingly fast. Not exactly cheap, with the price of everything so crazy right now, but certainly cheaper altogether than I’d imagined.
mlfh@lm.mlfh.orgto
Ask Lemmy@lemmy.world•Is there anywhere with a list of phone models and compatible OS?English
2·22 days ago735 is definitely just the number of devices that can boot postmarketos. The list of mature, well-supported devices (with enough working features to be considered as such) is much smaller, though still pretty great. Making phone calls seems to be especially spotty, unfortunately.
The full list, with matrices showing working features on each device, is here: https://wiki.postmarketos.org/wiki/Devices
mlfh@lm.mlfh.orgto
Asklemmy@lemmy.ml•Do you think your an uncle tom when you unironically defend establishment left wing American politics and all you do is ramble about whatever the other establishments side is doing ??English
1·29 days agoThis is a community for asking actual questions for discussion, not screaming personal rants into the void.
mlfh@lm.mlfh.orgto
Open Source@lemmy.ml•ratty: A GPU-rendered terminal emulator with inline 3D graphics 🐀🧀English
4·1 month agoThe demo video is the most ridiculous thing I’ve ever seen, I love it
The grub command line options at the beginning of this article might help get your system booted without the memory deadlock, and then you can make further adjustments as needed: https://tierhive.com/blog/tierhive-howto/debian-13-minimal-guide-reduce-ram-to-38mb-and-disk-to-275mb
Alpine is great for exactly this kind of thing, though, and I use it often in embedded environments where resources are at a premium. Just do some good reading up on it beforehand, since can be very different if you’re used to debian and systemd.
The ongoing maintenance for this would be a bit of a pain, since you’d need to recompile every update on a separate machine with enough memory to do so, package it up into a .deb, and distribute and install it everywhere.
I do this on a little raspberry pi cluster and it works, but it’s work.
But root can scrape that password as soon as you enter it, and has access to that encrypted data as soon as you decrypt it. That’s what I’m saying.
If you think anything on a *nix system is “safe” from root or a user that can elevate to root, you’re deluding yourself with wishful thinking.
Nothing at all is safe from the root account, or from any user that can elevate to root. Think of the root account as the system itself - the thing you’re trying to protect may be encrypted and safe at rest if you’ve brought it in from elsewhere, but as soon as you enter a password and decrypt it, you’re handing that password and decrypted data over to a system fully controlled by that root account.
mlfh@lm.mlfh.orgto
Linux@lemmy.ml•Looking for a tool to auto-sort files using INDEX.md as a mapEnglish
9·2 months agoUnless there’s more information on what kind of files and what kind or sorting needs to be done, this sounds like something that could be done with a simple shell script.
(I wouldn’t trust an ai agent to do it with accuracy, but I’m the kind of luddite that doesn’t trust an ai agent at all.)
mlfh@lm.mlfh.orgto
Asklemmy@lemmy.ml•Is there a psychotherapy session or series where you can be a fly on the wall for legit actual psychotherapy session(s) that have been released by the therapist+patient similar the IFS Live podcast?English
5·2 months agoWhere Should We Begin? is a podcast by the psychotherapist Esther Perel, where each episode is a full couple’s therapy session with an anonymous couple. It’s nice, and sounds like a match for your question.
mlfh@lm.mlfh.orgto
Privacy@lemmy.ml•I was a week away from buying a Pixel Pro 10 for GrapheneOSEnglish
61·2 months agoFrom the grapheneos faq section on device support, which details the kinds of hardware and firmware security features required and present on pixels (but may be missing on other devices):
Hardware, firmware and software specific to devices like drivers play a huge role in the overall security of a device. The goal of the project is not to slightly improve some aspects of insecure devices and supporting a broad set of devices would be directly counter to the values of the project. A lot of the low-level work also ends up being fairly tied to the hardware.
Non-exhaustive list of requirements for future devices, which are standards met or exceeded by current Pixel devices:- Support for using alternate operating systems including full hardware security functionality
- Complete monthly Android Security Bulletin patches without any regular delays longer than a week for device support code (firmware, drivers and HALs)
- At least 5 years of updates from launch for device support code with phones (Pixels now have 7) and 7 years with tablets
- Device support code updated to new monthly, quarterly and yearly releases of AOSP within several months to provide new security improvements (Pixels receive these in the month they’re released)
- Linux 6.1, 6.6 or 6.12 Generic Kernel Image (GKI) support
- Hardware accelerated virtualization usable by GrapheneOS (ideally pKVM to match Pixels but another usable implementation may be acceptable)
- Hardware memory tagging (ARM MTE or equivalent)
- Hardware-based coarse grained Control Flow Integrity (CFI) for baseline coverage where type-based CFI isn’t used or can’t be deployed (BTI/PAC, CET IBT or equivalent)
- PXN, SMEP or equivalent
- PAN, SMAP or equivalent
- Isolated radios (cellular, Wi-Fi, Bluetooth, NFC, etc.), GPU, SSD, media encode and decode, image processor and other components
- Support for A/B updates of both the firmware and OS images with automatic rollback if the initial boot fails one or more times
- Verified boot with rollback protection for firmware
- Verified boot with rollback protection for the OS (Android Verified Boot)
- Verified boot key fingerprint for yellow boot state displayed with a secure hash (non-truncated SHA-256 or better)
- StrongBox keystore provided by secure element
- Hardware key attestation support for the StrongBox keystore
- Attest key support for hardware key attestation to provide pinning support
- Weaver disk encryption key derivation throttling provided by secure element
- Insider attack resistance for updates to the secure element (Owner user authentication required before updates are accepted)
- Inline disk encryption acceleration with wrapped key support
- 64-bit-only device support code
- Wi-Fi anonymity support including MAC address randomization, probe sequence number randomization and no other leaked identifiers
- Support for disabling USB data and also USB as a whole at a hardware level in the USB controller
- Reset attack mitigation for firmware-based boot modes such as fastboot mode zeroing memory left over from the OS and delaying opening up attack surface such as USB functionality until that’s completed
- Debugging features such as JTAG or serial debugging must be inaccessible while the device is locked
mlfh@lm.mlfh.orgto
Linux@lemmy.ml•Dirty Frag: Universal Linux LPE - allows any unprivileged local user to gain root access on a vulnerable Linux system - no patch availableEnglish
3·2 months agoHahaha no I’m just an idiot and accidentally swapped the url and text, thanks for catching that - fixed now
mlfh@lm.mlfh.orgto
Linux@lemmy.ml•Dirty Frag: Universal Linux LPE - allows any unprivileged local user to gain root access on a vulnerable Linux system - no patch availableEnglish
26·2 months agomodprobed-db can create a profile of the kernel modules that get loaded by your system over time. You can feed that directly into
make localmodconfigto build a kernel that only includes those modules, or use the data to build a modprobe whitelist.
mlfh@lm.mlfh.orgto
Linux@lemmy.ml•Ubuntu 26.04 Allows "sudo apt install rocm" But It's Months Out-Of-DateEnglish
1·3 months agodeleted by creator
mlfh@lm.mlfh.orgto
Open Source@lemmy.ml•Stop New York's Attack on 3D Printing - EFFEnglish
831·3 months agoMore laws written by people who have zero fucking idea what they’re writing laws about.
mlfh@lm.mlfh.orgto
Selfhosted@lemmy.world•How Do you keep your services updated?English
1·3 months agoEverything I run, I deploy and manage with ansible.
When I’m building out the role/playbook for a new service, I make sure to build in any special upgrade tasks it might have and tag them. When it’s time to run infrastructure-wide updates, I can run my single upgrade playbook and pull in the upgrade tasks for everything everywhere - new packages, container images, git releases, and all the service restart steps to load them.
It’s more work at the beginning to set the role/playbook up properly, but it makes maintaining everything so much nicer (which I think is vital to keep it all fun and manageable).

I think the existence of a chain linking arbitrary whatsapp input to arbitrary host code execution using a fucking LLM as the intermediary is the real flaw here, not just the wonky openclaw guardrails…