So I want to be clear. This work is very much in the "fantasy" stage. I haven't ran this at scale, and there is a lot I would do before I blindly rolled something like this out. As far performance impact, it obviously would depend on how it's implemented however I think a reasonable amount of "tracer packets" being sent out every 15 seconds or so to each hop shouldn't be too disruptive to the network, or to the host machine issuing the request. In other words if you take the `ptrace(2)` concern out of the equation (this is the big one in my mind) its going to be negligible.
> And, the rootkit question, how would eBPF notice you doing this?
I suppose it would depend on what your strategy with eBPF is and where you were looking. Reminding yourself that the pidfd_getfd and pidfd_open functions are system calls, I think any modern Linux auditing system would see something like this "a mile away".
In other words, I don't see somebody using this tactic to steal FDs in production without quickly alerting most security systems. I suspect there would be ways of hiding this however... https://github.com/krisnova/boopkit...
I often attribute the vast majority of my happiness and success back to psychedelics, trauma, and my experience living an unconventional and eccentric life.
I could fill pages with the anecdotes, specific examples, and my personal speculation on why this is but i can just gloss over the details and skip to the takeaway: LSD has made my life net better.
Another point I am trying to drive home is that this is what I would consider an “incomplete” or “immature” take. For example the authors anxiety is likely stemming from some organic experiences either traumatic, economic, physiological, or psychological — getting to the bottom of those and surfacing the patterns themselves is one of the great benefits of this chemical. I’d love to see this author examine their experience and ask where the anxiety is coming from.
You have to face your fears and anxiety before you can understand them — before you can conquer them.
I’m just glad this forum is finally talking about this topic. More psychedelics here please.
This only works if you’re a bro who is chummy with leadership. Honestly this is one of the worst pieces of advice for a marginalized person. If you show any indication of leaving as a marginalized person you are extremely likely to be pegged as “a flight risk” or “unstable” or “frantic” and your job will likely be eliminated before you actually are ready to roll.
In the U.S. this likely means losing your healthcare and missing your children’s tuition payments — and even your housing. Your visa if you’re immigrating, etc.
The only people who have enough psychological security to do this are the ones who don’t actually depend on their jobs for maintaining their current standard of living.
In a perfect world this would be great advice for everyone, however given the political and economic culture of the U.S. this is pretty horrible advice for a marginalized person. Our labor laws don’t support this behavior for a reason — and if “push comes to shove” every corporation in Silicon Valley will air on the side of modern labor laws (or lack there of).
Wow. I thought this was going to be a big rant piece on why we should all go back to dynamic linking again and I was so ready to start my Monday off with a spicy take.
But yes we should all also be adding links in our writing and publishing on our own platforms.
This is how I was using Twitter as well, as a network of people sharing interesting and often niche content (which is why algorithmic timelines are useless to me because the human curation was the entire value).
My memory is hazy but here's how I remember it: After Red Hat acquired CoreOS they announced their intent to rebase the entire thing around rpm-ostree, which is the CoreOS people know today: https://coreos.github.io/rpm-ostree/
At the time there was some anxiety in the community as to what would happen, as there was no direct upgrade path from old CoreOS to new CoreOS. Theoretically if we all believed the kool-aid we were drinking it's just a redeploy, no pets!
Kinvolk came along, forked it, and made Flatcar Linux, which kept the A/B partitioning system, and more crucially, let you just change a config file and all your old CoreOS nodes would just move to Flatcar and then you were good to go. So now if you wanted to stay on the system you were comfortable with you could just use Flatcar. If the composability of rpm-ostree attracted you then new CoreOS have you covered. Red Hat deserves a hat tip here because in their documentation/blog they explicitly mentioned Flatcar as an option for people who wanted to stick with what they know, which I thought was cool and how I discovered it!
Later on Microsoft acquired Kinvolk and and then people raised eyebrows. I have not checked in a while but the folks involved continued to do their thing and run it like a good OSS project, hold public meetings, all that stuff. Microsoft gets a good hat tip here.
The entire directory is really weird. Looks like some sort of directory of assets for automated testing the data from scanners (like, physical document scanners) returning properly? Built in macOS md5 hash reports the PDF's hash as d56d71ecadf2137be09d8b1d35c6c042
Women and marginalized people who change jobs: Flakey and incapable. Unable to handle a job. Something must be wrong. Clearly a sign of caution to be taken as a reason not to work with them.
Men who change jobs: literally articles inventing new vernacular stemming from the mental gymnastics required to justify the hypocrisy — men aren’t incapable because they change jobs — they are prodigy — men aren’t untrustworthy for changing jobs — they are taking nonlinear career paths because of the uncertainty in the market
Money is one of the most powerful tools for enabling cooperation ever devised, perhaps only rivaled by spoken and written language.
Like all tools, mass cooperation through money is a double edged sword. It's behind every war, every genocide, every enslavement. It's also behind every medical treatment, every piece of food in the grocery store, every act of emergency aid.
Without money, yes, we wouldn't have large scale devastation and consciously inflicted suffering. But we would also all still be living in huts and caves regularly dying of dysentery and starvation and would be lucky to see 2-3 of our 12 children make it to adulthood.
> It's behind every war, every genocide, every enslavement.
There are examples of war and enslavement that pre-date minted currency. Non-barter forms of exchange probably allowed for a specialist warrior class to develop though.
Excuse me, are you disparaging our lord and saviour SQLite? I'll have you know that SQLite works perfectly for all use cases. If you use it in production you don't even need SLAs because it literally works 100% of the time.
Fortunately, I know I can always trust the charming comments on this enchanting website to let me know how the general public is feeling about my systems neurosis.
What are other good non-video resources ought we to go to for an introduction?
"Workload Isolation with Aurae Cells" is the only previous submission with Aurae in the name[2]. It's been a while since I checked in. Are there notable direction changes or ideas that have arisen since inception?
So I want to be clear. This work is very much in the "fantasy" stage. I haven't ran this at scale, and there is a lot I would do before I blindly rolled something like this out. As far performance impact, it obviously would depend on how it's implemented however I think a reasonable amount of "tracer packets" being sent out every 15 seconds or so to each hop shouldn't be too disruptive to the network, or to the host machine issuing the request. In other words if you take the `ptrace(2)` concern out of the equation (this is the big one in my mind) its going to be negligible.
> And, the rootkit question, how would eBPF notice you doing this?
I suppose it would depend on what your strategy with eBPF is and where you were looking. Reminding yourself that the pidfd_getfd and pidfd_open functions are system calls, I think any modern Linux auditing system would see something like this "a mile away".
In other words, I don't see somebody using this tactic to steal FDs in production without quickly alerting most security systems. I suspect there would be ways of hiding this however... https://github.com/krisnova/boopkit...