Armin Weigl @arminweigl@librem.one

@mjg59 sounds like someone carefully removed all the extra service files. *runs away*

#Caturday #cats

Ich hab jetzt endlich rausgefunden, was hocheffiziente Brenner sind! 🤓😆😄

https://youtu.be/FyUG3FQEHOE

ich finde die afd sollte den afd-hitler inhaltlich stellen und nicht aus der partei ausschließen

wenn man ein parteiausschlussverfahren einleitet und das dann scheitert stärkt ihn das nur noch mehr und es schafft einen peinlichen präzendenzfall der noch mehr leute zum abhitlern animiert

wenn man ihn jetzt sozial ausgrenzt hitlert er nur noch mehr

man sollte ihm sofort regierungsverantwortung übertragen um ihn zu entzaubern

@lerk

Könnte damit beginnen: Überall wo zum Schutz der Kinder kein Cannabis verkauft werden darf, sollte auch Tempo 30 gelten.

"Das ist das Denkmal, das für den Berliner Bürgermeister Kai Wegner (CDU) ,an Geschmacklosigkeit kaum zu überbieten‘ ist. Es ist das Denkmal für Walter Lübcke, der für seine christdemokratischen Überzeugungen von einem Rechtsextremisten ermordet wurde. Danke Zentrum für Politische Schönheit" - Anne Rabe (🟦)

This is your regular reminder that doas suffers from the exact same conception flaws as sudo.

It is a suid root binary.
It parses, as root, a text file that contains global instructions for what user is allowed to run what command as what other user. There is quoting involved. The syntax is not absolutely trivial (though simpler than sudo's).

Is doas better code? Probably. I trust that it's cleaner than sudo; its configuration file syntax certainly is. Has it been audited more, is it more trustworthy than sudo? Definitely, it comes from OpenBSD, and if there's one thing OpenBSD does well, it's that.

But does it solve the fundamental problem that causes the issues with sudo?

No. It does not.

If you use doas, you are not "choosing the more secure tool", at least not by its conception. You are simply trusting doas to do a better job of not being buggy while performing the exact same tasks as sudo in the exact same dangerous environment.

It is not a bad choice. You are probably right to do that. But you should know what you are doing exactly.

If you choose to use sudo-rs instead, you are still running a suid root binary that performs complex parsing, without the advantages of the simpler doas syntax or the experience of OpenBSD in hardening. You get the benefit of memory safety, but other kinds of bugs are still possible in Rust. You are basically trusting the sudo-rs authors to write a non-buggy sudo - and even with Rust's help, it is probably more difficult than writing a non-buggy doas.

It's a pick your poison situation.

If you want real security instead, you should reconsider your approach to privilege gain, study your use cases, and implement tailored specific solutions. Yes, it is a lot more work, but privilege gain is the single most dangerous thing you can do on Unix, so hardening it takes work.

Sometimes there is no why, only do

Sam Altman, 2015:

What comes first?

BREAKING: In Gießen herrscht komplett verkehrte AfD-Welt: Bürgermeister lässt die friedlichen Demonstrationen von Polizei mit barbarischer Gewalt zusammenschlagen. Warum werden die, die sich für Demokratie & Rechtsstaat einsetzen, zusammengeschlagen und nicht die, die beides zerstören wollen???

Die Polizei ist komplett entfesselt! Sie kennt keine Zivilisation mehr: Schädel-Hirn-Trauma, offene Brüche, sehr viele Krankenwagen danach. Die Polizei ENTZIEHT den friedlichen Demonstrierenden sogar den Schutz. So ist ein Auto in eine Menge gefahren! Das Ganze muss ein Nachspiel haben!

The next dominoes in the AI bubble that I expect to fall (if you’d excuse the mixed metaphor):

Insurance companies explicitly exclude coverage of any system using AI and any outputs of AI systems.
Lawyers in big companies issue advice that using AI systems is too high risk.
Big companies demand IT suppliers provide an enterprise-management system switch to disable all AI functionality in products, or provide an AI-free version.

The first is starting. A consortium of insurance companies has asked their regulator to approve this blanket exclusion. Their argument is that the risks of these systems are too unpredictable to be able to insure. They can’t reason about systemic or correlated risk if you add a bullshit generator anywhere in an operational flow.

The second has happened in a few places, but is not widespread. Some places are hedging. When I was at MS, the AI policy was basically: ‘look, we give you all of these shiny toys! Please use them! By the way, you accept all legal liability for their output! Have fun!’. One ruling that this kind of passing-the-blame-to-employees-for-correctly-using-company-provided-tools policy is unenforceable and the lawyers will get very nervous.

The third is a consequence of the first two. If your lawyers tell you something is high risk and you can’t buy insurance, you want to make sure it isn’t used.

Nikolas Stihl (65) ist Enkel des Gründers der Traditionsmarke (Weltmarktführer bei Motorsägen) & sitzt dem Beirat und dem Aufsichtsrat vor.

Im Interview mit der SZ sagte Stihl nun:

"Wenn die AfD an die Regierung käme, würde Deutschland sehr viel schneller an die Wand fahren, als wir es heute tun. Das ganze Wirtschaftsprogramm der AfD ist völliger Blödsinn, damit wäre Deutschland innerhalb kürzester Zeit ruiniert."

#noAfD

someone pls alt text this shit
edit: thanks @quinn!!

Die CDU/CSU ist ein Sicherheitsrisiko für Deutschland und Europa.

Die deutsche Presse und die Opposition hätte unter einem grünen Wirtschaftsministerium bei Füllständen von etwa 60% zu Beginn des Winters eine massive Kampagne geführt. Und auch nicht zu unrecht.

Das sagt so viel über die deutsche Presselandschaft aus.

Ein Anker und ....

On the 4th October, 1936, the British Union of Fascists had planned a march to the East End of London.

Despite the petition of East Londoners, with 100,000 signatures over two days, the Home Office declined to ban the march. Authorities refused to allow a counter-march by the Ex-Servicemen's Movement Against Fascism, because the fascists had organised their march first.

On the day, around 3,000 fascists turned up for the march, protected by more than double that number in police.

The fascists and police were resisted by over ONE HUNDRED THOUSAND anti-fascists who erected barricades, chanting "They Shall Not Pass". Police attempted to dismantle the barricades and clear a path for the fascists, and were pelted with rotten vegetables, and the contents of chamber-pots thrown from upstairs residents.

There's a damn good reason why fascism had a hard time establishing itself in the UK; I'm pretty sure it wasn't the government nor the police.

https://en.wikipedia.org/wiki/Battle_of_Cable_Street

#fascism #antifa

@kalisz79

https://x.com/RnaudBertrand/status/1991352574390227129

"In a normal world, this should be an immense scandal in Europe.

Le Monde has a long article (https://lemonde.fr/international/article/2025/11/19/nicolas-guillou-juge-francais-de-la-cpi-sanctionne-par-les-etats-unis-face-aux-attaques-les-magistrats-de-la-cour-tiendront_6654016_3210.html) describing the hellish life of Nicolas Guillou, a French judge at the ICC in The Hague, due to U.S. sanctions punishing him for authorizing arrest warrants against Netanyahu and Gallant for war crimes in Gaza.

Guillou's daily existence has been transformed into a Kafkaesque nightmare. He cannot: open or maintain accounts with Google, Amazon, Apple, or any US company; make hotel reservations (Expedia canceled his booking in France hours after he made it); conduct online commerce, since he can't know if the packaging is American; use any major credit card (Visa, Mastercard, Amex are all American); access normal banking services, even with non-American banks, as banks worldwide close sanctioned accounts; conduct virtually any financial transaction.

He describes it as being "economically banned across most of the planet," including in his own country, France, and where he works, the Netherlands.

That's the real shocking aspect of this: the Americans are:
- punishing a European citizen
- for doing his job in Europe
- applying laws Europe officially supports
- at an institution based in Europe
- that Europe helped create and fund

and Europe is not only doing essentially nothing to protect him, they're actively enforcing America's sanctions against their own citizen - European banks closing his accounts, European companies refusing him service, European institutions standing by while Washington destroys a European judge's life on European soil.

Again, in a normal world, European leaders and citizens should be absolutely outraged about this. But we've so normalized the hollowing out of European sovereignty that the sight of a European citizen being economically executed on European soil for upholding European law is treated, at best, as an unfortunate technical complication in transatlantic relations."

Warum sollte man „das Amt respektieren“?

Das ist ein Mensch und keine Statue. Der Bundeskanzler ist keine von Gott herbeigerufene Lösung von aller Problemen, sondern ein Mensch.

Und dieser Mensch speziell, #Merz, ist auch noch ziemlich unfähig und hat bisher nichts getan, dass mich als Bürger Respekt vor ihm oder dem Amt, was er ausfüllt, haben lassen könnte.

Die #CDU ist inzwischen so weit von der Realität entfernt, dass es für mich total einfach ist, diese Partei einfach in ihrer Gesamtheit für überflüssig zu empfinden

https://madeinbocholt.de/cdu-kritisiert-protest-von-integrationsstipendiaten-gegen-merz/

BINGO TIME! With CVE-2025-58034, Fortinet secures the crown in my Insecurity Appliance Bingo. This is technically a "high" severity vuln, but since it's being actively exploited and has landed a spot on CISA KEV, I'm admitting it.

https://cku.gt/appbingo25

Reaching a bingo took longer than expected, with FortiNet and Ivanti sitting at 5/6 vulns since about July. But now, there is a well-deserved winner.

I'm now taking new vuln class and vendor suggestions for next year's edition.