I am afraid you are still a bit misled; WireGuard is exactly what they use for the demo video. In general the underlying protocol does not matter, since the vulnerability is about telling the system to direct the packages to the attacker, completely bypassing the VPN.
My understanding is that all issues are patched in the mentioned releases, the config flag is not needed for that.
The config flag has been added because supporting clients with different endianness is undertested and most people will never use it. So if it is going to generate vulnerabilities, it makes sense to be able to disable it easily, and to disable it by default on next major release. Indeed XWayland had it disabled by default already, so only the fourth issue (ProcRenderAddGlyphs) is relevant there if that default is not changed.
I got curious and decided to check this out. This value was set to the current one in 2009: https://github.com/torvalds/linux/commit/341c87bf346f57748230628c5ad6ee69219250e8 The reasoning makes sense, but I guess is not really relevant to our situation, and according to the newest version of the comment 2^16 is not a hard limit anymore.
Regarding /etc/skel being an empty directory, note that it is one of the few places outside /home where you can actually expect hidden files :) On my Arch it contains Bash dotfiles, for example.
Phoenotopia: Awakening – an amazing metroidvania-related game. Relatively more popular than the other games I list, but is honestly one of my favorite games of all time.
Vision: Soft Reset – a metroidvania, but you can travel backwards and forwards in time and this really matters for gameplay.
Bombe – Minesweeper, but instead of solving the puzzles manually, you create rules (“if there is a cell with the number N and there are N empty cells around it, mark them all as mines”) which the game applies automatically.
SOLAS 128 – a puzzle game where you redirect signals in a huge machine, just a great experience if you like puzzle games.
As a data point, I have a Green Cell battery in my X220. I have bought the battery on July 24, 2022 and I have been using my X220 regularly but lightly. The battery was marketed as 6600 mAh at 10.8 V. As of writing, the OS reports design capacity of 73.26 Wh and current capacity of 60.6 Wh:
POWER_SUPPLY_NAME=BAT0
POWER_SUPPLY_TYPE=Battery
POWER_SUPPLY_STATUS=Discharging
POWER_SUPPLY_PRESENT=1
POWER_SUPPLY_TECHNOLOGY=Li-ion
POWER_SUPPLY_CYCLE_COUNT=0
POWER_SUPPLY_VOLTAGE_MIN_DESIGN=11100000
POWER_SUPPLY_VOLTAGE_NOW=11783000
POWER_SUPPLY_POWER_NOW=28726000
POWER_SUPPLY_ENERGY_FULL_DESIGN=73260000
POWER_SUPPLY_ENERGY_FULL=60600000
POWER_SUPPLY_ENERGY_NOW=54960000
POWER_SUPPLY_CAPACITY=90
POWER_SUPPLY_CAPACITY_LEVEL=Normal
POWER_SUPPLY_MODEL_NAME=45N1023
POWER_SUPPLY_MANUFACTURER=SANYO
POWER_SUPPLY_SERIAL_NUMBER= 9001
The bootloader is stored unencrypted on your disk. Therefore it is trivial to modify, the other person just needs to power down your PC, take the hard drive out, mount it on their own PC and modify stuff. This is the Evil Maid attack the other person talked about.
Edit: Actually, I thought about it, and I don’t think clang’s behavior is wrong in the examples he cites. Basically, you’re using an uninitialized variable, and choosing to use compiler settings which make that legal, and the compiler is saying “Okay, you didn’t give me a value for this variable, so I’m just going to pick one that’s convenient for me and do my optimizations according to the value I picked.” Is that the best thing for it to do? Maybe not; it certainly violates the principle of least surprise. But, it’s hard for me to say it’s the compiler’s fault that you constructed a program that does something surprising when uninitialized variables you’re using happen to have certain values.
You got it correct in this edit. But the important part is that gcc will also do this, and they both are kinda expected to do so. The article cites some standard committee discussions: somebody suggested ensuring that signed integer overflow in C++20 will not UB, and the committee decided against it. Also, somebody suggested not allowing to optimize out the infinite loops like 13 years ago, and then the committee decided that it should be allowed. Therefore, these optimisations are clearly seen as features.
And these are not theoretical issues by any means, there has been this vulnerability in the kernel for instance: https://lwn.net/Articles/342330/ which happened because the compiler just removed a null pointer check.
You could make an argument that not using banking apps decreases your security, since most banks use either SMS or those apps as the second factor while confirming the operations. It is true that the apps are of varying quality, but SMS is not really a serious alternative. Some banks do have apps that are limited to confirming operations, and one bank where I live did recently start accepting U2F, which is amazing news.
Isn’t this the point though? Like, if you spot that (let’s concretize) the trash is starting to overflow, you can either take it out right now which will take you 2 minutes and (hopefully) barely interrupt your day, or you can add it to your list of things to do. And so you get that list of 59 things by ignoring the 2-minute rule, not by applying it.
That’s because all the audio drama focused on PulseAudio.
Same for Polish. One funny thing I’ve noticed is that in one of the examples, the person tries to stay at a hotel, and the price is clearly in the old currency, which has not been used since 1997.
I like btdu which is essentially ncdu, but works in a way that is useful even if advanced btrfs features (CoW, compression etc.) are used.