Skip Navigation

InitialsDiceBearhttps://github.com/dicebear/dicebearhttps://creativecommons.org/publicdomain/zero/1.0/„Initials” (https://github.com/dicebear/dicebear) by „DiceBear”, licensed under „CC0 1.0” (https://creativecommons.org/publicdomain/zero/1.0/)K

kristoff

@ kristoff @infosec.pub

Posts
10
Comments
68
Joined
3 yr. ago

  • basic UI programming in linux

    Jump

  • Hi,

    Just to put things into perspective.

    Well, this example dates from some years ago, before LLMs and ChatGPT. But I agree that the principle is the same. (an that was exactly my point).

    If you analyse this. The error the person made was that he assumed an arduino to be like a PC, .. while it is not. An arduino is a microcontroller. The difference is that a microcontroller has resources that are limited: pins, hardware interrups, timers, .. An addition, pins can be reconfigured for different functions (GPIO, UART, SPI, I2C, PWM, ...) Also, a microcontroller of the arduino-class does not run a RTOS, so is coded in "baremetal". And as there is no operating-system that does resource-management for you, you have to do it the application.

    And that was the problem: Although resource-management is responsability of the application-programmer, the arduino environment has largly pushed that off the libraries. The libraries configure the ports in the correct mode, set up timers and interrupts, configure I/O devices, ...And in the end, this is where things went wrong. So, in essence, what happened is the programmer made assumption based on the illusion created by the libraries: writing application on arduino is just like using a library on a unix-box. (which is not correct)

    That is why I have become carefull to promote tools that make things to easy, that are to good at hiding the complexity of things. Unless they are really dummy-proof after years and decades of use, you have to be very carefull not to create assumptions that are simply not true.

    I am not saying LLMs are by definition bad. I am just careful about the assumptions they can create.

  • basic UI programming in linux

    Jump

  • As a sidenote. This reminds me of a discussion I haver every so often on "tools that make things to easy".

    There is something I call "the arduino effect:. People who write code for things, based on example-code they find left and right, and all kind of libraries they mix together. It all works .. for as long as it works. The problem is what happens if things do not work.

    I once helped out somebody who had an issue with a simple project: he: "I don't understand it. I have this sensor, and this library.. and it works. Then I have this 433 MHz radio-module with that library and that also works. But when I use them together. It doesn't work"| me: what have you tried? he: well, looked at the libraries. They all are all. Reinstalled all the software. It's that neither me: could it be that these two boards use the same hardware interrupt or the same timer he: the what ???

    I see simular issues with other platforms. GNU Radio is a another nice example. People mix blocks without knowing what exactly they do.

    As said, this is all very nice, as long as it works

    I wonder if programming-code generated by LLMs will not result in the same kind of problems. people who do not have the background knowledge needed to troubleshoot issues once problems become more complex.

    (Just a thought / question .. not an assumpion)

  • basic UI programming in linux

    Jump

  • To be honest, I have no personal experience with LLM (kind of boring, if you ask me). I know do have two collegues at work who tried them. One -who has very basic coding skills (dixit himself) - is very happy. The other -who has much more coding experience- says that his test show they are only good at very basic problems. Once things become more complex, they fail very quickly.

    I just fear that, the result could be that -if LLMs can be used to provide same code of any project- open-source project will spend even less time writing documentation ("the boring work")

  • basic UI programming in linux

    Jump

  • Hmmm .. 🤔 The best way not to make friends with somebody with over 30 years of coding experience: suggest him to use ChatGPT to write a computerprogram 🤣🤣

  • basic UI programming in linux

    Jump

  • Wauw! So many answers in such a short time. Thanks all! 👍 (I will not spam the channel by sending a thank you to all but this is really greatly apriciated)

    Concerning ncurses. I did hear of it but never looked at it myself. What is not completely clear for me. I know you can use it for 'low-level' things, but does it also include 'high-level' concepts like windows, input fields and so?

    The blog mentioned in one of the other posts only shows low-level things.

  • CrowdStrike offers a $10 apology gift card to say sorry for outage

    Jump

  • No apps at all ???

    So it really is like a dumb terminal. Now I know why I never used a Chromebook😀

  • CrowdStrike offers a $10 apology gift card to say sorry for outage

    Jump

  • Sounds like a money laundering sceme!

  • CrowdStrike offers a $10 apology gift card to say sorry for outage

    Jump

  • As I mentioned earlier, I guess chrome is more like android where you have a much more strict seperation between the OS, applications and user data. (I remember reading about all the different partitions on android and what they are used for, but I should bruch up my knowledge on this).

    Thanks for the additional into on brtfs! 👍

  • CrowdStrike offers a $10 apology gift card to say sorry for outage

    Jump

  • Just watched some videos on btrfs. I start to understand the conceps. Perhaps I should also look into how exactly

    On windows and the "recovery partion". I guess what you say is that it should always be possiblity to boot in some kind of system, but it will not happen automatically as there is no way for a system to detect that the system completely hangs.

    Thinking about it. It kind of strange. Embedded systems have watchdog interrupts that get fired if the system hangs (i.e. if it does not provide a "yes, I still live" signal every "x" milliseconds). Does a PC not have something similar?

  • CrowdStrike offers a $10 apology gift card to say sorry for outage

    Jump

  • just watched some videos on btrfs. Looks interesting indeed. I will look into it and perhaps do a test-installation and see how it goes.

    Thanks for the info

  • CrowdStrike offers a $10 apology gift card to say sorry for outage

    Jump

  • OK. That makes a lot more sense.

    Thank you for correcting the original post. 👍

  • CrowdStrike offers a $10 apology gift card to say sorry for outage

    Jump

  • Yes, that was indeed the question.

    If I read it correct, you need a specialised distro for this. You cannot do this on a off-the-shelf Debian or Ubuntu?

    I'll do some searching on 'unmutable Linux'. Thanks for the (very quick) answer! 😀

  • CrowdStrike offers a $10 apology gift card to say sorry for outage

    Jump

  • Concerning linux, yesterday I was watching this video on computerphile on the crowdstrike incident. https://www.youtube.com/watch?v=rlaNMJeA1EA (*)

    What is interesting is the comment made in the video on how chromebooks do software upgrades with dual "OS" disk-partitions and the ability to rollback to the previous OS-partition.

    Question: is something like this also possible on one of the major linux distros? (debian, ubuntu, rocky, ...) What would be the procedure to do this kind of "dual partition" system-upgrade?

    (*) a great video that explained some of the technical details in a very clear way, including some very interesting 'lessons learned' and "what if"s If you ever need to explain crowdstrike to your manager, this video is a good start.

  • CrowdStrike offers a $10 apology gift card to say sorry for outage

    Jump

  • This is a typical mail a phishing campaign would send out, and we have already said to people "never believe this kind of messages. They are all fake.

    Now, if a genuine company sends out mails with a genuine gift-cards (what the article on techcrunch seems to indicate) .. this is NOT helpfull at all!!!

    And that comming from a cybersecurity company (rolling-eyes)

  • selfhosted service to share files to SSO-authenticated users ?

    Jump

  • Yes, that's a very useful idea. Thanks!

  • Self-hosted or personal email solutions?

    Jump

  • If you get your domain from OVH, you get one single mailbox (be it with a lot of aliases, like a different email-address for every service/website you use) for free.

  • Joplin alternative needed

    Jump

  • What is your 'deleted files' policy? How long do you keep them? I had a similar issue but then found out that the nextcloud cron-process wasn't running so files in the 'deleted files' folder where never really deleted.

  • what if your cloud=provider gets hacked ?

    Jump

  • Well, based on advice of Samsy, take a backup of home-server network to a NAS on your home-network. (I do home that your server-segment and your home-segment are two seperated networks, no?) Or better, set up your NAS at a friend's house (and require MFA or a hardware security-key to access it remotely)

  • what if your cloud=provider gets hacked ?

    Jump

  • What was that saying again?

    "the biggest thread to the safety and cybersecurity of the citizens of a country ... are managers who think that cybersecurity is just a number on an exellsheet"

    (I don't know where I read this, but I think it really hits the nail on the head)