• 1 Post
  • 58 Comments
Joined 3 years ago
Cake day: July 3rd, 2023
  • qqq@lemmy.worldtoSelfhosted@lemmy.worldHow to manage docker compose apps?English
    2·
    3 months ago

    For loops with find are evil for a lot of reasons, one of which is spaces:

    $ tree
.
├── arent good with find loops
│   ├── a
│   └── innerdira
│       └── docker-compose.yml
└── dirs with spaces
    ├── b
    └── innerdirb
        └── docker-compose.yml

3 directories, 2 files
$ for y in $(find .); do echo $y; done
.
./are
t good with fi
d loops
./are
t good with fi
d loops/i

erdira
./are
t good with fi
d loops/i

erdira/docker-compose.yml
./are
t good with fi
d loops/a
./dirs with spaces
./dirs with spaces/i

erdirb
./dirs with spaces/i

erdirb/docker-compose.yml
./dirs with spaces/b

    You can kinda fix that with IFS (this breaks if newlines are in the filename which would probably only happen in a malicious context):

    $ OIFS=$IFS
$ IFS=$'\n'
$ for y in $(find .); do echo "$y"; done
.
./arent good with find loops
./arent good with find loops/innerdira
./arent good with find loops/innerdira/docker-compose.yml
./arent good with find loops/a
./dirs with spaces
./dirs with spaces/innerdirb
./dirs with spaces/innerdirb/docker-compose.yml
./dirs with spaces/b
$ IFS=$OIFS

    But you can also use something like:

    find . -name 'docker-compose.yml' -printf '%h\0' | while read -r -d $'\0' dir; do
      ....
done

    or in your case this could all be done from find alone:

    find . -name 'docker-compose.yml' -execdir ...

    -execdir in this case is basically replacing your cd $(dirname $y), which is also brittle when it comes to spaces and should be quoted: cd "$(dirname "$y")".

  • qqq@lemmy.worldtolinuxmemes@lemmy.worldWhich stage are you at?
    2·
    4 months ago

    I love nix and NixOS, but yes the documentation is incredibly insufficient. I’d recommend a normal distro + the nix package manager first for a personal laptop. You have be ok occasionally taking a detour to learn how to build some random program from source in a sandbox with no networking every once in a while so it’s kinda clunky as a daily use OS imo. It shines on servers though

  • qqq@lemmy.worldtolinuxmemes@lemmy.worldWhich stage are you at?
    2·
    4 months ago

    NixOS is fun but requires tinkering for a desktop/laptop. You can use the nix package manager on any other distro though. At work I use Fedora and still use the nix package manager a ton when I want to, but I’m not locked into it when something needs to just work quickly. I have NixOS on my personal laptop and I kinda wish I didn’t. I have it on my home server and I’m very happy I did that.

  • qqq@lemmy.worldtoProgrammer Humor@programming.devI wonder if this was made by AI or a shit programmer
    3·
    6 months ago

    Yes social engineering can be incredibly effective. I completely agree, but there is a bit of an obsession with it these days and imo it’s over indexed, because at the end of the day the type of social engineering detailed in that report typically just provides access.

    In some cases, the target is important enough and has enough organizational power that accessing the network as them is sufficient, but that’s not often the case. What that means is that in those other cases social engineering (which in that report you cited is often just phishing) is providing, typically, internal network access. An attacker will have to move through the network and exploit software typically to continue their attack. There are many points in this chain that the weakness lies in software or configuration. If effort was placed on making those systems better it would likely see better results than hyper focusing on the social engineering, which is significantly more difficult to stop, especially with all of the things you mentioned on the horizon.

    My point is then that even if it is a part of 74% of breaches, according to Verizon, it’s not necessarily sufficient and is often paired with software level exploits.

    And I know this because my company does plenty of red teaming, and we use social engineering but at the end of the day the more interesting result comes from a software exploit or just abusing a weak configuration.

  • qqq@lemmy.worldtoProgrammer Humor@programming.devI wonder if this was made by AI or a shit programmer
    413·
    6 months ago

    Not a big fan of the wording here. Plenty of skilled programmers make dumb mistakes. There should always be systems in place to ensure these dumb mistakes don’t make it to production. Especially when related to sensitive information. Where was the threat model and the system in place to enforce it? The idea that these problems are caused by “shit programmers” misses the real issue: there was either no system or an insufficient system to test features and define security requirements.

  • qqq@lemmy.worldtoProgrammer Humor@programming.devI wonder if this was made by AI or a shit programmer
    225·
    6 months ago

    I work in security and I kinda doubt this. There are plenty of issues just like what is outlined here that would be much easier to exploit than social engineering. Social engineering costs a lot more than GET /secrets.json.

    There is good reason to be concerned about both, but 95% sounds way off and makes it sound like companies should allocate significantly more time to defend against social engineering, when they should first try to ensure social engineering is the easiest way to exploit their system. I can tell you from about a decade of experience that it typically isn’t.

  • qqq@lemmy.worldtomemes@lemmy.worldadhd
    24·
    7 months ago

    I don’t really find it infuriating and I don’t think that makes me part of a problem. Self diagnosis can sometimes trivialize the people actually suffering from the problem, and there van be real harm there. So I definitely agree with you to some extent. But some people are so hungry for community that self diagnosing some problem like ADHD makes them part of something else. That’s sad to me, but not infuriating.

    I do understand that mislabeling normal things as a mental health issue can be problematic. I wish you didn’t assume I thought otherwise from our small exchange. My point of responding was that I find it really annoying when people say “well everyone does or feels X so there’s nothing wrong with you”. I think that also does a lot of damage to people.

    I’d say that the person on display in the comic doesn’t seem to be showing “normal” or “healthy” procrastination to me, but there is room for disagreement I guess.

  • qqq@lemmy.worldtomemes@lemmy.worldadhd
    64·
    7 months ago

    Wow, people are so extreme on the Internet. One comment saying maybe take a step back and we’re already at “fucking stupid”.

    This comic is relevant to general human experience and ADHD, both are true and valid. The comic didn’t tell people to self diagnose and no one here has told anyone to self diagnose.

  • qqq@lemmy.worldtomemes@lemmy.worldadhd
    54·
    7 months ago

    Normal people feel sad. Feeling sad consistently and having it harm your life and not knowing how to fix it is called depression. People with these problems aren’t aliens showing weird never been seen before behaviors or emotions, but their lives are consistently disrupted by these normal things. It’s a problem of how often and how much the person can control it.