Huevember Day 21: Shouting in the Evening by Pet Shop Boys

Adore Nova’s design omg! Wondering, what would their Pokemon battle quotes be? Things like victory, defeat, their Pokemon landing a super effective hit, their Pokemon taking a super effective hit, Pokemon on low HP, Pokemon fainting, low HP victory, stuff like that?

i guess now would be a good time to mention nova has a condition called Knows She's In A Video Game. it's a whole thing dont worry about it

she actually used to be a really high-level Trainer back when she was still participating in the League, but now she has to compete with a disguise or she'll immediately get clocked as a criminal and arrested LMAO

(she has some NPC disguises and also some fake Trainer cards that she uses depending on what region she's in) (she also straight up stole the identity of one of her friends but that's no biggie)

probably for the best she doesn't battle much in the League anymore because she had a real bad attitude

event flyers in 2 sizes for glamer ☆*:・ ❤ design by me + renders by userlands ❤

do you have a use case in mind for the machine? also how acquainted are you with Linux overall?

if you're new to Linux i suggest going with Debian + a graphical environment of your choosing (except gnome...), if you've like, never used linux i suggest trying out KDE5 / MATE / LXDE, probably not KDE as you're going for an older machine; if you've some experience and want to try something new you can try i3wm or fluxbox, and see if you can configure them in a way most unique to you

if you're already decently experienced you can try getting Gentoo running on the machine, i've not tried it myself but according to my friends the process of figuring it out can take over half a week the first time :P, though i don't know why

i first wanted to write this out in comments, but figured i should reblog cause i've mutuals who are Linux users

this is mostly a shower of suggestions cause really i don't know anything about you,,,, covering multiple bases

have an old laptop I want to install Linux onto... not sure what distro though

F1 Fic Recs

Oscar Piastri

Love is tough, u make it easy @httpiastri

table for 2 @foreveralbon

U turn @norrizzandpia

lets have a baby

oscar's car

when is it my turn

she wears the pants, right

call me ur fool @userland

munchkin @lewisvinga

a little slow

my mistake

don't go there @uglyducklingofthe2000s

a piece of us

breaking fingers

a brothers friend of a friend

in a world of boys

falling for u @arieslost

flowers for her @alltoowelltom

make it real @formulafics

snooze @eatingaburrito

the enemy of my brother @sxcretricciardo

purity ring @piastrification

eye catching @nouvellevqgue

curiosity kills a cat

who told him to get jack'ed @httpsserene

self care @the-offside-rule

destiny @forzarma

fav nepo baby @starkwlkr

best big brother @faithshouseofchaos

always w u @gentlyweeps-world

Lando x Oscar

bad influence @planete777

slow and gentle @norrizzandpia

one each @changetyre

take care @scuderiahoney

3some @c0eu4

papaya sunrise @fxrmuladaydreams

masterlist @vivwritesfics

Lando Norris

caught @norrizzandpia

used

she doesnt know who i am

what r u doing up

flowers on ur hair @thisismeracing

papaya @vivwritesfics

reluctant cupid @astonmartinii

possessive @norrisleclercf1

strawberry @uglyducklingofthe2000s

ur teeth in my neck @ivyppoison

F1 Grid

look after u @disneyprincemuke

bitch im a mother @starkwlkr

Charles Leclerc

some extra goodies @chrisevansonly

koala

all the girls u loved before @uglyducklingofthe2000s

if u leave me, ur'e out of ur mind

vanilla ice cream

do something abt it

perfect strangers

numb

u make it too easy

sexy speed god bf

saw ur mom at the grocery store @love-belle

just kidding @sincerlyleclerc

i wasted half my summer trying to hold ur hand

remember

cant get u out of my head

whodunnit @hamiltvns

interview @hemmingsleclerc

sleepyhead @pucksandpower

here comes the bride @starkwlkr

i love my wife

if he wanted to

safety first

finance bro girlie @juleswrites223

time zones @drunkfrogg

possessive @vivwritesfics

4some

all for nothing @loonylupinblack3

Max x Charles

u are not the world champion @starkwlkr

masterlist @verstappen-cult

full of surprises @va1entinesg4l

just curious - why the choice to not include gnu packages? really interesting project !

The reason is pretty simple, we don’t like that one copypasta. But we also believe that it’s a good idea to give GNU some form of competition. Also, we want to improve the portability of the Linux userland by reducing the dependency on GNU software.

Read more about us: https://iglunix.org/

(If the site is down, check our discord: https://discord.gg/NCwg7gZnGT)

New Mockingjay Process Injection Technique Could Let Malware Evade Detection

Source: https://thehackernews.com/2023/06/new-mockingjay-process-injection.html

More info: https://www.securityjoes.com/post/process-mockingjay-echoing-rwx-in-userland-to-achieve-code-execution

Chimera Linux

Dodane do bazy: niezależna dystrybucja Chimera Linux. Chimera Linux to niezależna dystrybucja, która wykorzystuje kombinację technologii w tle, narzędzia wiersza poleceń BSD userland, zestaw narzędzi kompilatora Clang/LLVM… https://linuxiarze.pl/distro-chimera-linux/

Die Anzahl an Malware für Linux-Systeme steigt stetig. Gerade haben die Experten von Elastic die Linux-Malware PUMAKIT entdeckt. Sie verfügt sogar über einen Tarnmodus, während sie mit ihrem C2-Server kommuniziert. Eine erste Analyse. Elastic Security Labs hat PUMAKIT entdeckt, eine raffinierte Linux-Malware. PUMAKIT nutzt fortschrittliche Stealth-Mechanismen, um ihre Präsenz zu verbergen und um die Kommunikation mit Command-and-Control-Servern aufrechtzuerhalten - und ist damit nur sehr schwer zu entdecken. PUMAKIT ist ein hochentwickeltes Schadprogramm, das ursprünglich bei der routinemäßigen Bedrohungssuche auf VirusTotal entdeckt wurde und nach den vom Entwickler eingebetteten Zeichenfolgen benannt ist, die in seiner Binärdatei gefunden wurden. Seine mehrstufige Architektur besteht aus einem Dropper ( cron), zwei speicherresidenten ausführbaren Dateien ( /memfd:tgtund /memfd:wpn), einem LKM-Rootkit-Modul und einem Shared Object (SO)-Userland-Rootkit. Wichtigste Details der Linux-Malware - Multi-Stage-Architektur: Die Malware kombiniert einen Dropper, zwei memory-residente ausführbare Dateien, ein LKM-Rootkit und ein SO-Userland-Rootkit und wird nur unter bestimmten Bedingungen aktiviert. - Erweiterte Stealth-Mechanismen: Hängt sich mit ftrace() in 18 Syscalls und mehrere Kernel-Funktionen ein, um Dateien, Verzeichnisse und das Rootkit selbst zu verstecken und gleichzeitig Debugging-Versuche zu umgehen. - Einzigartige Privilegien-Eskalation: Nutzt unkonventionelle Hooking-Methoden wie den Syscall rmdir() zur Eskalation von Privilegien und zur Interaktion mit dem Rootkit. - Kritische Funktionalitäten: Umfasst Privilegienerweiterung, C2-Kommunikation, Anti-Debugging und Systemmanipulation, um Persistenz und Kontrolle zu erhalten. Eine detailliertere Analyse der Linux-Malware und seiner kompletten Funktion haben die Experten der Elastic Security Labs in einem Blog-Beitrag vorgestellt.     Passende Artikel zum Thema Read the full article

Rooting an Android device (commonly referred to as "jailbreaking" on iPhones) is essentially gaining full control over the operating system, including system files, settings, and functions that are otherwise restricted by default. You're right that Android is based on the Linux kernel, but it’s highly customized by Google and device manufacturers, so it’s not the same as a typical Linux distribution you'd find on a desktop. Here's a step-by-step guide on how to root an Android and get shell access, but first, a couple of notes:

Important considerations:

Rooting voids warranties: Rooting will void your device warranty, and it may even brick (render unusable) the device if not done properly.

Security risks: Once rooted, your device becomes more vulnerable to malware and hacking if precautions aren't taken.

Backup data: Rooting could erase all data on your device, so it’s important to back everything up beforehand.

Steps to Root Your Android and Access the Shell

1. Check the Bootloader Status:

The bootloader is what controls what software runs when the device is powered on. Most Android devices have a locked bootloader by default.

Some manufacturers provide a way to unlock the bootloader officially (Google, OnePlus), while others do not (Samsung in the U.S.). Check if your phone has an official way to unlock it. You might need to enable developer options on your device.

Go to Settings → About phone and tap Build number seven times. This unlocks Developer options.

Go to Settings → Developer options and enable OEM unlocking and USB debugging.

2. Unlock the Bootloader:

With OEM unlocking enabled, you can now unlock the bootloader using your computer:

Connect your phone to your computer.

Install ADB and Fastboot on your computer (these tools are part of the Android SDK).

Open a terminal on your PC and run:bashCopy codeadb devices adb reboot bootloader fastboot oem unlock

Your device will prompt you with a confirmation. Use the volume buttons to navigate and the power button to confirm.

Note: Unlocking the bootloader will likely erase all data on your device.

3. Find a Suitable Rooting Method:

Rooting methods depend on your device’s manufacturer and version of Android.

Here are some popular options:

Magisk (most recommended): It allows you to gain root access without modifying the system partition. It also passes Google's SafetyNet checks, which means you can still use apps like Google Pay and Netflix. You'll need a custom recovery to flash Magisk.

SuperSU: An older method that directly modifies system files. It's less safe and can break OTA updates and certain apps.

Flashing Magisk (if you go with Magisk):

Download the Magisk zip file to your phone from Magisk GitHub.

Boot into your custom recovery (like TWRP) using ADB:bashCopy codeadb reboot recovery

In TWRP, go to the Install section and flash the Magisk ZIP file.

Reboot your phone.

4. Install a Terminal Emulator:

Once rooted, you can install a terminal emulator from the Google Play Store (e.g., Termux or Terminal Emulator for Android).

These apps give you direct shell access on the device. Since Android is Linux-based, many typical Linux commands will work out of the box (e.g., ls, cd, cat, etc.).

5. Access the Shell via ADB:

You can also connect to your Android's shell from your computer using ADB:

Open a terminal on your computer:bashCopy codeadb shell

This will give you a shell directly on the device. If you’ve rooted the phone, you can also get root access within the shell:bashCopy codesu

This will elevate your privileges to superuser (root).

Are All Androids Just Linux?

In essence, yes, Android is based on Linux, but it is heavily modified and optimized for mobile devices. Here’s how they compare:

Kernel: Android runs on the Linux kernel, which handles hardware communication, process management, and memory management. But the rest of the operating system is built differently from traditional desktop Linux.

Userland: Android does not use the GNU C Library (glibc) or GNU core utilities by default, which are standard on Linux distributions like Ubuntu. Instead, Android uses Bionic, a lightweight C library designed for mobile use.

File Structure: While Android’s filesystem is similar to Linux’s (you'll see directories like /system, /data, /proc), it is organized differently to support mobile devices and the Android app structure.

Security: Android uses additional security measures like SELinux and a permission-based app model that separates apps from each other and restricts access to system components.

Next Steps for Using Your Android as a "Gizmo"

Once rooted and you have shell access, there are countless projects you could try, such as:

Turning your Android into a Raspberry Pi-like development platform for IoT.

Using it as a network monitoring tool or personal server (with apps like Kali Nethunter).

Repurposing it as a dedicated media player or smart home controller.

If you’re looking to customize and expand the functionality even more, consider looking into custom ROMs (like LineageOS) or building Linux distros specifically for Android devices, like PostmarketOS.

Why OpenBSD?

If you hadn't noticed, I daily drive OpenBSD.

But why? What does it do that Linux doesn't? admittedly, not much. This is a highly subjective opinion post, after all.

I'll list my reasons in no specific order:

The Ports System

I really liked the power that portage gave me with gentoo, which is what I came from before moving to OpenBSD. But- frankly, portage was too much of a headache to configure. I want the flexibility of making my own packages, without being burdened by compiling everything. I really liked the power that gentoo's package system has, but at a certain point my frustration surpasses my fascination level. At the end of the day, all I want is flexibility that isn't, what feels to me, needlessly complex for my purposes.

While yes, I lack the power of portages's USE flags on the OpenBSD ports system, I see this as a minor loss. I seldom used this feature.

Also- for those uninitiated, building from the ports system is entirely optional and actually discouraged for average use. You should be using the binaries if you can for reliability and trust reasons. The only reason I keep the ports tree on my system despite not being a core contributor of the base system is that I maintain a few ports myself. https://izder456.neocities.org/ports

Sound System

I really like how low latency sndiod is. It's honestly incredible. Configuring it is painless compared to pulse/pipewire on linux. Its all just userland subcommands of sndioctl. Beautifully simple.

I also abuse it's MIDI capabilities to make my music with LMMS. I would probably be using JACK + Pipewire if on Linux to do the same thing. This is already configured to work as-is out of the box. It works so well that I released a few albums using OpenBSD's sndio and LMMS: https://izder456.bandcamp.com/

the tozok album was made in a combo of audacity & audiotool in late 2020 on gentoo Linux, I believe

But isnt sndio on Linux?

Good question. It is.

One of the reasons that I find OpenBSD as good as it is with sndio is that many programs are patched specifically for use with sndiod in the ports tree. Not many programs come unpatched with support for sndiod unfortunately (part of the "standardized" nature of gnu/linux, I guess). If on linux with the desire to use sndiod as my main audio subsystem, I would have to go out of my way to upstream these patches myself, and I only have so much time in my day.

I would love to be able to use linux with a nice simple uncrufted audio system- but for my purposes, that seems like a complete pipedream. I moved to OpenBSD cos it made these (imho) unnecessary trivialities of basic software less of a pain in my ass.

Wi-Fi

Wi-Fi? Isn't that supposed to suck on the *BSDs?

Eh, kinda? Honestly, it depends. You need to have a supported chipset. And there is in fact less support for chipsets on the *BSDs than on Linux. But if you buy hardware with this in mind, OpenBSD's Wi-Fi capabilities is so damn simplistic, its honestly a far better experience than any other *NIX I have used.

(side note, of all of the *BSDs, OpenBSD is the only to support Wi-Fi 5)

Here how you connect to WPA2 Wi-Fi on OpenBSD:

# ifconfig [interface] scan

# ifconfig [interface] nwid [your SSID] wpakey [your network passphrase]

# ifconfig [interface] inet autoconf

but what if i want that to autoconf?

simple. put this in /etc/hostname.[interface name] (with hostname literally typed):

join [your 1st SSID] wpakey [your 1st network passphrase]

join [your 2nd SSID] wpakey [your 2nd network passphrase]

join [your 3rd SSID] # this has no password, so dont specify

inet autoconf # set up automatic ipv4 dhcp

inet6 autoconf # optionally, set up ipv6 dhcp

Whats beautiful is that these are just arguments to the ifconfig command. yes, you read that right: the full WPA stack is in ifconfig.

Wonderful, right? No tinkering with wpa_supplicant, no annoying NetworkManager setup if you borked it, no connmand, just pure simplicity. Working out of the box (provided you have firmware and chipset support).

Simplistic system is good.

I don't need to heavily configure my system if I don't want to. The things like backlight, volume keys, brightness keys, sound system, suspend/resume on laptops, etc are all fully functional OOTB from my experience. I have yet to have serious issues with this on any system I threw OpenBSD on.

Documentation.

It is a BSD system. The documentation on this side of the pond is well known to be some of the best ever. 9 times out of 10, my question is answered by a simple man or apropos command. This is very different than how you normally get docs on, say, Linux, where you usually do an online search for whatever you need, then usually find the answer. That sorta annoyance isn't the case here. Yeah- there is less online resources on OpenBSD outside of say, the FAQ pages, but you have some of the best documentation already available on your system for you for use OFFLINE! Crazy right?

I had to break some "default search engine" habits I'll admit, but it's nothing to adjust to if you are already familiar with a *NIX command line. I promise.

The community.

While much smaller of a community, I have had really good experience with OpenBSD people, both on the mailing lists, and in IRC. Generally really level headed people with a technical and pragmatic mindset, much like myself.

Stability, as well as design.

Everything that is required for basic functionality is centralized, so you know damn well stability will be a primary focus. I also like how the packages are kept completely separate from the base system, usually on a different partition, so a faulty package, or some bug in some software installed from packages, is easily revertible. Unlike linux where the only truly centralized piece of software is the kernel itself, and basic system software is hung in this tightrope dance of dependencies. Less need for stuff like ZFS or BTRFS, or even declarative package managers like Nix or Guix, for this reason (although OpenBSD supports neither ZFS or BTRFS, and idk about Nix or Guix).

So what gives?:

I daily drive OpenBSD, and I don't even use it for the security features! While those features are nice, I really just like it's simplicity and stable nature. I more prefer the largely politics free, and technically minded userbase. We don't really concern ourselves with many ways to do things. Things are consistent and predictable, which stubborn me appreciates heavily.

Huevember Day 11: Fame by Corvad, Lady N

alsoooo random nova stuff. felt like drawing her bag contents and spent entirely too much time designing the layout of her lumaledger. so shiny

In a recent cyber attack, over 400,000 Linux servers have been compromised by hackers for cryptotheft and financial gain. This massive breach has raised concerns about the security of online transactions and personal data. Experts are advising users to take necessary precautions and update their security measures to protect themselves from similar attacks in the future. Click to Claim Latest Airdrop for FREE Claim in 15 seconds Scroll Down to End of This Post const downloadBtn = document.getElementById('download-btn'); const timerBtn = document.getElementById('timer-btn'); const downloadLinkBtn = document.getElementById('download-link-btn'); downloadBtn.addEventListener('click', () => downloadBtn.style.display = 'none'; timerBtn.style.display = 'block'; let timeLeft = 15; const timerInterval = setInterval(() => if (timeLeft === 0) clearInterval(timerInterval); timerBtn.style.display = 'none'; downloadLinkBtn.style.display = 'inline-block'; // Add your download functionality here console.log('Download started!'); else timerBtn.textContent = `Claim in $timeLeft seconds`; timeLeft--; , 1000); ); Win Up To 93% Of Your Trades With The World's #1 Most Profitable Trading Indicators [ad_1] A recent report from ESET Research sheds light on a sophisticated server-side malware campaign that continues to grow, compromising hundreds of thousands of servers. What started as the Operation Windigo campaign ten years ago, focusing on Linux malware for financial gain, has now evolved into a multifaceted operation targeting credit card and cryptocurrency theft. Despite efforts to combat Ebury, the main malware used in this campaign, its operators have shown resilience and adaptability. The arrest of one perpetrator did not deter the botnet's expansion, with Ebury being consistently updated over the years. ESET's honeypots have been crucial in tracking new samples and indicators, even though the malware has become increasingly complex and challenging to detect. Working closely with the Dutch National High Tech Crime Unit (NHTCU), ESET uncovered new methods used by the Ebury gang to compromise servers, including leveraging hosting providers' infrastructure and intercepting SSH traffic within data centers. Their tactics have resulted in the compromise of over 400,000 servers since 2009, with more than 100,000 still being compromised as of late 2023. Aside from Ebury, the gang has deployed multiple malware families to exploit the compromised servers further, targeting financial details and cryptocurrency wallets. Updates to the Ebury malware itself, including new obfuscation techniques and a userland rootkit for hiding, make detection even more challenging. For those concerned about potential compromise, ESET's latest paper provides in-depth technical details and indicators of compromise. Additionally, ESET Research offers private APT intelligence reports and data feeds for organizations seeking advanced threat intelligence. To learn more about Ebury's ongoing threat and how to protect against it, access the full report from ESET Research or reach out to [email protected] for further inquiries. Stay informed and stay vigilant against evolving cyber threats. Win Up To 93% Of Your Trades With The World's #1 Most Profitable Trading Indicators [ad_2] 1. What is cryptotheft and how does it affect Linux servers? Cryptotheft is when hackers steal cryptocurrency from servers, compromising their security and potentially causing financial losses. 2. How many Linux servers were compromised for cryptotheft recently? Approximately 400,000 Linux servers were compromised for cryptotheft and financial gain. 3. What steps can be taken to protect Linux servers from cryptotheft? Some steps to protect Linux servers from cryptotheft include updating software, using strong passwords, and implementing security measures like firewalls.

4. What kind of financial gain do hackers typically aim for when compromising Linux servers for cryptotheft? Hackers aim to steal cryptocurrency and other valuable assets from compromised Linux servers, which they can then sell or use for financial gain. 5. Who is responsible for investigating and preventing incidents of cryptotheft on Linux servers? IT security teams and cybersecurity experts are responsible for investigating and preventing incidents of cryptotheft on Linux servers, working to secure systems and mitigate risks. Win Up To 93% Of Your Trades With The World's #1 Most Profitable Trading Indicators [ad_1] Win Up To 93% Of Your Trades With The World's #1 Most Profitable Trading Indicators Claim Airdrop now Searching FREE Airdrops 20 seconds Sorry There is No FREE Airdrops Available now. Please visit Later function claimAirdrop() document.getElementById('claim-button').style.display = 'none'; document.getElementById('timer-container').style.display = 'block'; let countdownTimer = 20; const countdownInterval = setInterval(function() document.getElementById('countdown').textContent = countdownTimer; countdownTimer--; if (countdownTimer < 0) clearInterval(countdownInterval); document.getElementById('timer-container').style.display = 'none'; document.getElementById('sorry-button').style.display = 'block'; , 1000);

Monogon: A Linux userland in pure Go

https://github.com/monogon-dev/monogon