• 2 Posts
  • 33 Comments
Joined 1 year ago
cake
Cake day: August 27th, 2023

help-circle
  • Yup. You can only add the nopax flag as root, so if your system is already hosed, not much else you can protect. Root has access to ring 0 so anything goes with access like that. Stuff like pax would slow them down for sure and stop script kiddies, but root access is root access.

    No privileged accounts can’t do anything with the nopax flag. That’s why you should configure your system to not run things as root as much as possible. Personally; on desktops, I don’t even use a sudoer natively. I have to su into my sudoer account in order to run root commands.


  • GrSecurity adds so many layers of protections to the kernel. They are literally decades ahead of the vanilla Linux kernel in terms of security. With all of the hardened GrSec settings checked/configured correctly, it stops the majority of 0 ring exploits (at least when I was running it before they went full GPLv2).

    PaX is an awesome part of GrSec. Mprotect stops any read and write and execute access to memory in both user and kernel lands (only rx or wx). Stuff like web browsers won’t work unless you have a program to mark it in elf to not use pax. However, this kills a lot of exploits with that turned on by itself (though there are probably work arounds if you are developing exploits which the other features would hopefully catch). That’s why people installed 3rd party unmainlined security patches, but that’s just me maybe idk.

    I hope this venture will be more fruitful than the copy paste code that people kept trying to push to the hardened Linux kernel project (despite the maintainers best intentions and countless efforts to stop that)




  • I got a onexplayer for like $600 and it has the 7840u in it. No matter how you slice it, the 7840u is much more powerful than the steam deck. However, it doesn’t do well in low tdp. That’s what the steam deck is best at - low tdp gaming and battery life.

    But so long as I’m near an outlet, I can play more AAA games and on much higher resolution and graphics than the steam deck for however long I’d like. On battery, only about 3-4 hours vs 6-8 hours on a steam deck.







  • For me, its the way they used procedural generation. Like its literally the same exact points of interests on every planet.

    I remember going to a planet full of high level fauna and discovering a cave where you find a dead pirate that says these things are everywhere ahhhh. I thought it was cool. Next planet I went to had no fauna, and sure enough that same cave and dead pirate was in there saying the same thing with absolutely no fauna or enemy NPCs in there.

    Its like they made 20 unique assets for the procedural generation tool to pick from. This is the exact laziness I found and drove me away from ESO. Just the same experience, with maybe a different faction here and there but the same points of interest over and over.

    Other than that, I liked it. Basically skyrim in space. But very empty and they forced you complete like a 2 -3 hour mission before stuff opened up to you. And another 20 or so hours before a mission locked skillset is introduced. Huge waste of time IMO.

    Its an alright game if you have a lot of time to kill.










  • In the realm of firewall applications, i use the following: ° Ipfire is easy to use, but lacks ipv6 support and it doesn’t have otp. It has lots of packages though.

    ° Alpine is good, if you don’t want a GUI or want to spend time figuring out how to build a web ui (really good for beginners as its mostly xml)

    ° openwrt is good fit for low end hardware (SPARC or arm processors mostly) but also works on x86.

    ° opnsense - like pfsense, but more up to date. Has some quirks in it (like if you block both incoming and outgoing, but just want to allow 80/443, the rules look weird…like the direction you have to allow is in, but destination is 80/443. Very strange bug that isn’t in pfsense).

    ° hardenedbsd firewall - literally just opnsense but with hbsd’s fully patched kernel. No repo though.

    That being said, you can make any distro a firewall, just use iptables/pf/ipfw/ipfilter rules through command line, and you can add anything in that distros repo you can think of.