A Gray
Home
Send me feedback about this section
Due to my strict browser security - DNS blocking and uMatrix and uBlockOrigin and disabled Canvas and other Firefox settings - websites often believe that I am a robot.
Sometimes Facebook will force me to repeat a captcha. Sometimes Google will force me to go through five levels of captchas - no exaggeration!
But worst of all is Cloudflare, who block me outright. There are only two ways to avoid it:
Cloudflare now oversees ingress for a large chunk of the internet - maybe a fifth of all major websites - and they are probably most famous for their DDoS protection and thus their bot detection abilities.
This was worst around 2022, when I was blocked even by some relatively big tech companies such as OpenAI, but it continues today with many smaller websites (such as regional newspapers).
Cloudflare can see, block or tamper with the plaintext of any communications on sites it 'protects'. Most often this is used to escape or block forum posts containing snippets of code. I believe it is enabled by default, leading to much greater difficulty publishing code anywhere, even on programming-oriented forums such as Hacker News.
Besides all this, there's an argument that Cloudflare is the reason why DDoS attacks returned to the internet (hackers used to DDoS each other, but Cloudflare offered hackers DDoS protection, basically stopping their 'civil war' and renewing the war against non-hackers outside Cloudflare's protection).
Years ago, my main Reddit account was permanently banned by Reddit, because they thought I had been hacked - but I had simply been using a Python script that intercepted all my browser traffic. Totally understandable for them to do this, except they don't respond to appeals and creating a new account violates their ToS.
It used to be that Google would force me to complete captchas every few minutes if I went beyond the 2nd page of results. And Google captchas used to be awful - multiple pages of captchas of slow-fading image blocks.
This is despite my IP address not being in the main IP blacklists that companies tend to share.
Send me feedback about this section
Tech companies such as Twitter and Microsoft will lock new accounts, supposedly for 'suspicious activity that breaks the user agreement', but ask for a phone number, upon which they will unlock them immediately. Then, upon unlocking them, they tell you to check a list of recent activity (to imply it might have been caused by a hacker), to imply asking for a phone number is justified for 'security reasons'.
After updating LinkedIn after a long time of not using it, they suddenly restricted my account and demanded I send my passport photo to a third party authentication service I've never heard of before. Great, no more LinkedIn for me I guess.
Microsoft pulled this on me within 10 hours of registering my second Office365 account. Before you ask the obvious - I registered the first account almost 10 years ago, using completely different credentials, and haven't logged into it for several months (both the IP address and the device changed in this time).
All I did was try to create a blank Excel file. It blocked me 5 times, then threw up this screen, demanding my phone number. Once I gave them my number, and verified it was mine, they allowed me back into my account and allowed me to create the file.
Since I already enabled 2FA via an authenticator app - instead of SMS - Microsoft had no security reason to harvest my phone number. I guess tech companies are just addicted to harvesting data.
Google pulled this on me too - they wouldn't allow me to enable 2FA unless I gave them my phone number. This is despite me registering an authenticator app for OTPs.
Send me feedback about this section
And it's not even enough to demand my phone number - JavaScript code-monkeys mess up phone number validation, and their managers presumably avoided hiring quality-testers.
A leading Chinese LLM wouldn't let me sign up without a phone number, but wouldn't accept my phone number, because numbers from Britain fall outside of whatever range they consider to be 'expected'. American phone numbers worked for other people.
Send me feedback about this section
To register a Microsoft account, I had to pass 10 levels of human verification
I spend a minute doing the audio version, then go back to doing the visual version. I somehow fail twice, but succeed at the 3rd try (i.e. after 30 of these logic puzzles).
It's so annoying, I wish I could pay some Indonesian guy $1 to do it for me. Oh wait, that's what all the bad guys already do.
Then the connection fails!
My account was successfully created, but they redirect to so many different domains that my firewall might have acted up.
Every Microsoft page takes forever to load on my browser, because the browser isolates each domain into different contexts. So it's not a surprise for this to happen.
Send me feedback about this section
My phone often does not receive SMS texts immediately - sometimes only in batches. Is someone intercepting them? Regardless, this causes a cascade of problems.
For example, Amazon has a limit to how many times I can ask it to resend the OTP code (which my bank only sends over SMS). And when I exceeded that limit, I refreshed the page to try again. Turns out that completely breaks their website, making me unable to complete payment for that order.
Send me feedback about this section
Send me feedback about this section
Amazon said they would required a One Time Password to deliver my package. They said the package would come tomorrow and that I would get the OTP on the day of delivery.
The package came today and there was never a OTP sent by email.
I have a OTP on my authenticator app for logging into Amazon. But this is a different OTP.
The delivery driver clicked something on his app that would resent the code to me, twice, and told me the code would come to my Amazon-linked email. But no emails came from Amazon. I have never changed my Amazon email address.
Nowhere in my emails did it give me the OTP or tell me how to find the OTP. The instructions only came in the email they sent after an unsuccessful delivery:
And where is the OTP? Turns out, not by email at all! It is in the Message Centre:
The order's tracking show any place to see the OTP, despite this latest email claiming it would be found there too.
So what went wrong? I suspect that Amazon re-uses login OTP code for its delivery OTP - and I use an authentication app for my login OTPs, which is very rare, so its delivery OTP code falsely assumed it could deliver the delivery OTP through the same way that login OTPs are delivered (but my login OTPs are not delivered, they are generated on my device).
They told me I could contact the carrier, and give me a list of dozens of different carriers' phone numbers - but they don't tell me which carrier to contact. They claim I can find the carrier details in my order's tracking page, but the tracking page directs me back to the previous page.
Send me feedback about this section
Sometimes I just feel insane. Why is it the default setting to disable SysRQ Keys on Ubuntu?
The default setting:
# cat /proc/sys/kernel/sysrq
176
is 128 | 32 | 16 - reboot, read-only remount, and sync.
But by far the most useful command is enabled by bit 64 - process signalling. With it enabled, I can force kill whatever the most CPU-intensive process is. This has saved me so many times from Firefox - until I finally decided to enable resource limits for it.
But when I am running a recovery boot session, it is an Ubuntu USB installation drive, which means it has these things disabled by default. So when I open up too many resource-intense websites on Firefox (Twitch and Youtube are the main culprits - some tabs can accumulate over 1GB of memory usage), it causes my computer to freeze while Firefox desperately keeps respawning background processes which die immediately to OOM - and the default configuration of Ubuntu prevents me from breaking out of this.
I'm just curious what the purpose of this restriction is. If it is to safeguard normal users from doing something stupid, why is the reboot command allowed? Isn't a force-kill-biggest-process command a tiny subset of a reboot?
The only reason I can think of is security - because this allows you to interrupt or kill root processes. But wow, it's something that has caused me a bunch of headaches, and for an installation USB it doesn't seem like there's much point having this kind of security restriction when the root password is literally empty.
Send me feedback about this section
Excel allows me to embed my Excel spreadsheets in this website. But when I tried doing that, I was shocked at how slow it was - it made every page load take about 10 seconds.
Opening the iframe in its own tab, it only took about 2 seconds to load.
Here was my initial guess:
It loads a total of 65 tiny JavaScript files from 7 different domains. That is 7 DNS requests, 7 SSL handshakes, and - because we are getting 53 JavaScript files fromres-1.cdn.office.netin addition to 9 CSS+images from the same domain - enormous queues where we sequentially request a file and wait to receive it.Why is this slow in an iframe, but not quite so slow as its own tab?
Perhaps the browser limits the number of connections for iframes
- Normally, a browser tab might normally establish 3 parallel TCP connections to a single domain, so that it can request resources in parallel. This means that the queue for
res-1.cdn.office.netwould only be 21 files long, but across 3 parallel connections.- Maybe iframes are restricted to fewer parallel connections per domain.
But then I noticed that the requests were served through HTTP/2 (for most domains) and HTTP/3 (for res-1.cdn.office.net). I don't think these have the same restrictions as HTTP/1.1 - for example, HTTP/3 allows servers to push resources to the client in anticipation of the client's needs, before waiting for a request.
In fact splitting the code into 53 different files should be no slower than the old practice of bundling them into one big file, because HTTP/2 and higher allows for multiplexing.
iframes have more security restrictions than normal pages, because they are within an additional security context. This would slow things down, but I'm not convinced it would account for a 800% slowdown:
iframe exploits can exfiltrate data from the containing web page by using CSS - so presumably CSS has additional restrictions that impact performanceNow, to complain about Office 365 dropping support for custom domains... Only business licenses allow this feature,
Send me feedback about this section
While an early adult, I was able to set up a pfSense for my parents' home, and have total control over the network - blocking all network traffic from the 'smart projector' except for the absolutely necessary domains, sending their DNS to an advert-blocking PiHole, my DNS to a stricter PiHole and then onto a rotating set of DNS resolvers, assigning static IPs to my crypto-currency miners, automatically assigning traffic to different OpenVPN connections based on domain name, etc.
But since moving out, and into shared housing, I can't install a custom router/firewall in front of everyone else's devices - then I'd get blamed for any network outage. I'm limited to the ISP-provided router. There's a lot less you can do with it - including no ability to backup/restore configurations.
At first, I actually couldn't see any options for port forwarding on my router's admin dashboard, so I used wireshark (a command-line utility on my laptop) to sniff web packets to identify my smartphone's DNS requests - essentially to verify that my installed apps weren't spyware. NetGuard is an alternative that I've recently heard good things about.
But then I stumbled upon these settings when exploring the 'Security' tab of the router dashboard. So I could at least apply DNS filtering for my smartphone - sending its DNS through my laptop's DNS resolver, thereby allowing me to filter most of my smartphone's traffic based on domain name:
The other features, alas, are still unavailable - DNS-level filtering is the most advanced Virgin Media will let households do, at least on this tier of broadband.
To be honest, I don't think I need the other features any more. I don't use VPNs - I've stopped pirating, because now I can afford to buy things legitimately.
My other main use of VPNs - web scraping - is much more difficult now that websites are increasingly blocking bots. Essentially, for web scraping, you have to rent proxies (residential IP addresses) to carry your requests for you, to minimise how often you are asked to verify that you are human. But guess where those residential IP addresses are from? Sometimes, not very ethical sources - some VPN software sells their customers' bandwidth to their 'data services' businesses (i.e. a big bot net to proxy requests from residential IP addresses) - which is a kind of dubious thing to do, and something I've stopped doing.
All of this being said - pfSense, and software routers in general, have the advantage that they receive frequent updates. ISP-provided routers are notorious for being insecure, due to how infrequently they are updated and how they have 'backdoors' (for the ISP to diagnose, update or reset the admin configuration remotely). For that reason itself, it would be worth - if you can - buying a router that your ISP does not control, and in that case, pfSense (or its cousin, opnSense) is sensible.
Send me feedback about this section
When I was 9, I began my habit of enjoying modifying video games more than playing them.
When I was 12, I was making short cartoons and games in Flash. I think I used the official Flash program both before and after it was bought out by Adobe.
When I was 13, I enjoyed watching Lego 'movies' on Youtube. Most were made by taking photographs and stitching them together into a movie, but some were so smooth that I tried to find out how they were made. They were rendered in Blender, which is why I started learning that.
By 2016, I was apparently editing the Windows Registry, because I've got backups of my Registry from this era. I can't remember what I was doing.
By mid-2017, I was playing The Witcher 3. My C: drive (an SSD) was too small to handle many installed games, but I had an external D: drive (HDD). Thus I decided there must be a way to move my large C: files onto D: - including C:<Users><User>AppDataRoaming and C:Program Files<Program>. I discovered that I could use 'junctions' - the Windows equivalent of soft-links - for exactly this purpose.
Around this time I think I was watching Linus Tech Tips, and I played around with things like 'God Mode' (ED7BA470-8E54-465E-825C-99712043E01C), translucent taskbar, and a multi-tab file explorer (from a 3rd-party program that I wouldn't trust).
Looking through my backups from this era, I see that I had a file called shutdown_properly - Copy - Copy (2) - Copy.bat whose content was merely shutdown /s, so I'm not sure exactly why I had this here, but I'm guessing that this forced a quick Windows shutdown (i.e. bypassing the installation of updates), and I'm guessing I had eight copies of the script on my Desktop because the screen would sometimes be unrendered (black) but still clickable.
In December 2017, I got into image style transfer - here's an example image - mainly using Van Gogh's 'starry night' painting on our pet chickens.
In 2019, I was a happy Windows user. Even my cryptocurrency mining adventures, CPU undervolting, GPU overclocking, were all on Windows.
But I wanted to have a video wallpaper. So I downloaded Rainmeter, and got it to play a GIF from Interstellar (this scene - the part where the 'alien' shakes his hand as they go through the wormhole). It had to be a GIF, because it's technically an image, and Windows only allows image backgrounds.
But this used up a ridiculous amount of CPU, so I reluctantly turned it off. The alternative - using a VLC (or ffmpeg?) play-as-background mode - was also CPU-intensive, so I abandoned that too.
I looked around at other Rainmeter packages, and I saw 'FalloutTerminal'. I downloaded it, and modified it so that when I hovered over a different desktop icon (Google Chrome, or File Explorer, or Word, or Excel, or a video game, or specific website shortcuts) it would temporarily change the desktop background and play a few seconds of music.
Windows allowed you to change the cursor icon depending on which icon you hovered over. Here's some of the ones I made:
After several months of researcing how to 'rice' my Windows setup, I occasionally came across Reddit threads where Linux users were posting their cool setups. Everything that required so much setup in Rainmeter, they could set up so easily - they didn't have to fight the OS at every turn.
So at the back of my head there was an appreciation for Linux.
Then, a while later, I tried to delete a folder in Windows, so that I could re-install a video game (I think it was Warhammer II?). Windows refused, with an absurd error - it said I wasn't the owner of the folder, or something like that. I was listed as the owner, I retried as admin, I retried using the command line, I tried renaming it, I tried changing drives around (it was on an external HDD), and nothing worked.
The only solution was to download Linux onto a USB, boot into Linux, and delete the folder. So that's what I did. And that broke the 'cordon sanitaire' or whatever you want to call it - now that I had realised how easy Linux was to use, I wasn't too scared to try it.
So shortly later, after researching how to dual-boot Linux, and researching which was the best distro, I installed Kubuntu onto a partition on my SSD. I think my SSD already had a partition for some reason, but maybe I altered the partition in-place (which is a bit dangerous).
After mid-2020 I stopped playing video games, and formerly Windows-only tools were gradually becoming web apps, so I had no need to use Windows any more.
Send me feedback about this section
In the real world, even though 90% of servers are running Linux, 90% of businesses are running Windows - that means Active Directory and maybe Kerberos.
When I first started learning Active Directory, I was shocked at how simple and smooth it was. The Linux admin tools I'm used to are awful to work with - ufw, resolved, dnsmasq, maybe AppArmor is alright - because they're completely command-line based, and to troubleshoot these you either have to guess the correct config (text files) or go to ArchWiki and adapt their examples to fit your situation.
Look at my tools - I'm a visual learner. I don't memorise a bunch of commands, but most Linux tools expect you to exclusively use short and sometimes-ambiguous commands. Just look at git for example - I've shot myself in the foot a few times by deleting a repository's history just by trying to use a new git command, so now I just use a git GUI app for anything more complicated than a git commit. So I'd never be able to be a Linux system administrator, no matter how much I enjoy customising my own Linux system, because it's too memory-intensive.
Send me feedback about this section
Each generation is now getting worse at tech than previous generations.
I don't have any data to back this up, only anecdotes. The most technologically-capable generation seems to be ages 30 through 50. Even some programmers my age are wedded to the cloud and haven't tried setting up their own systems (despite these being cheaper in the long run).
I think part of the blame is from tech-capable fathers fixing all the tech problems in the household, instead of letting their children encounter and troubleshoot some of their own problems.
Then of course there's the never-ending trend of simplifying software - from Windows removing debugging information from 'blue screens of death' to apps simply displaying 'whoops, an error occurred'.
Friction is how people learn. Educators have the problem of motivating students to care about something - but children would have limitless motivation to learn tech (to watch a movie, play a game, or use an app) if only tech were hard.
When I have children, I will occasionally corrupt their game files, or loosen SATA connections, just so they encounter problems and thereby learn how computers work.
But even that doesn't explain it.
I remember when I was 9 or 10 years old, Flash was so easy to make web games with. Now, Flash is replaced with WebGL - and as a 20-year I struggled for hours to learn WebGL before I could draw anything more complex than a triangle, because to get anywhere at all, you have to understand shaders, GL versioning, vertex attributes, frame buffers, and so many other things.
So user-oriented software has got more simple, reducing friction, but developer frameworks have got far more complex. What used to be done in raw JavaScript is now done in NodeJS/Angular/etc DreamWeaver replaced with WordPress - even though raw HTML/CSS/JavaScript is now so much more powerful/intuitive/easier today than it was 10 years ago.
There's another thing - people in their 20s, and younger, use their real names everywhere on the internet!
They are like the 'boomers' who proudly post incredibly nasty things on their Facebook pages or on online news comment sections under their real names.
I've seen videos on Reddit from people in their teens or 20s filming themselves committing crimes on Facebook Live or on TikTok: rape, looting, car theft, joyriding, etc. 8 years ago it was primarily people from 'newly-online' countries like India or northern Africa, where (I would guess) the internet was so new that they didn't expect their videos to become widely-shared.
But now young people in the West, who have grown up completely surrounded by social media, are doing it too. There's even people sending death threats to other people in DMs, using their real social media accounts!
This is particularly surprising when the consequences for this behaviour are surely higher than ever before.
Is it because social media has so totally surpassed all other forms of internet browsing? That just the concept of anonymity, of using a username that isn't derived from their real name, doesn't even occur to many of them?
Send me feedback about this section
It's remarkable how loose security is at banks - the one industry you'd expect to pay through the nose for security.
Santander used to save my password in cleartext (or, generously, encrypted with one master key). How can I know that? They used to ask for 3 characters from it. This was as late as 2024, when I switched. And I think their customer support can view your cleartext password, because I recall having to give these characters on the phone years ago.
Santander relied exclusively on SMS for 2FA. But anyone can hijack your SMS and receive the texts instead of you. Is it so difficult to allow clients to use an authentication app to generate their own OTPs?
So a hacker need only know your 5-digit security number (59,049 possible values). Because you are not allowed “a sequence of three or more numbers e.g. 123, 111”, the number of possible combinations is significantly lower than that (somewhere between 27,783 and 59,049). That's ridiculously insecure.
Santander used to store credit card numbers in cookies. The 'NewUniversalCookie' also stored passwords in cleartext, just base64 encoded. The passwords were in all-caps, meaning passwords are not case-sensitive.
On top of this, what exactly is 'identity theft'? It's actually the bank's fault if it happens - it should be called 'wrongful verification'. But banks successfully marketed it as 'identity theft' to transfer the blame to their customers when they, the banks, make mistakes. Would a bank be liable if some criminal fooled me into thinking they were that bank?
Anyway, have a laugh at this:
I have a statement from an account manager at our wholesale supplier arguing that the requirement to know both the email address and password is considered “two factor” in the industry.
Send me feedback about this section
Google and DuckDuckGo have got worse at finding answers to tech problems in recent years.
Google has removed a lot of features that used to make it easy to search for things - I used to be able to block certain domains from answers, and use boolean operators, so I could tailor and filter my results. But since around 2021, not even the most blunt tool - quotation marks around words or phrases - works properly on Google any more.
I guess it is all being converted into a vector embedding, instead of going through a manually-written algorithm - but maybe Google also didn't like how those filters helped people click on content instead of engaging with sponsored links.
It seems that sites like StackExchange are slowly dying - the answers are getting older and older. Large open source projects host their communities on Discord, where it is hard to search for solutions and where it isn't cached by search engines.
Youtube has replaced blogs; now instead of a 30-second read you have 30 seconds of adverts to watch before 5 minutes of exposition before 2 minutes of content.
I find myself sometimes having to use ChatGPT as a search engine.
Send me feedback about this section
When I was making my steganography utility, I was reading a lot about cryptography too, because the two fields are obviously related.
There used to be a tool called 'VeraCrypt', which was said to be an encrypted volume with the ability to have 'plausible deniability' of existence of encrypted files. I don't understand the point of this - any hacker who is capable of decrypting a file is also capable of hitting you with a wrench until you surrender the passcode.
Send me feedback about this section
I had previously understood that when SSDs fail, they become read-only. So this wouldn't be a big deal - you'd be able to copy everything off it.
But this was a mistaken belief. SSDs become read-only only if they fail due to too many writes - but most SSD failures come from the controller dying. And if the controller begins to die, reads are corrupted.
Firefox had this bug which made the CPU usage go to 100% and would crash my computer if I didn't enable and use the 'Magic SysRQ key' (alt+printscreen+f) to kill the process. I would have to press this key combination between 3-7 times in quick succession, and if I didn't do it quickly enough, I'd have to try again with 3-7 times in quick succession - i.e. the process kept respawning until the root Firefox process was killed.
What caused the bug? Maybe something to do with my 7000 Firefox tabs. But that's not important - although it is an interesting question why it's easier to keep old tabs around than to use browser bookmarks.
When I failed to kill the process in time, my computer would crash - and upon rebooting, it would usually have a corrupted filesystem, requiring a manual fsck.
This happened a lot. Surprisingly it didn't cause any data loss from anything I was working on - but one time it corrupted several .so files.
My SSD had two main partitions: /home and /.
At first, I noticed my /home read speeds were ridiculously slow (apparently a classic sign of a dying SSD), but I looked into the speeds and it appeared to be caused by directory traversing, not by file reading. Thus I assumed it was filesystem corruption, perhaps causing the kernel to parse lots of orphan nodes, which could be fixed by fsck.
During this testing, /home became read-only. I decided to remount it to see if that fixed anything. That was the fatal mistake.
Intel don't want their SSD controllers to fail silently, so they design their SSDs to 'self-destruct' after a failure. Effectively that means that if you encounter this failure, it goes into read-only mode, then the next time you try to mount the drive it will fail to mount (and be dead).
By going through my HDD, I also learned that I hadn't actually backed up everything that I had thought. My really old backups - from before 2017 - were not on this drive!
I finally located the HDD that probably had these files on, but when mounting it:
$MFTMirr does not match $MFT (record 3).
Failed to mount '/dev/sdb1': Input/output error
NTFS is either inconsistent, or there is a hardware fault, or it's a
SoftRAID/FakeRAID hardware. In the first case run chkdsk /f on Windows
then reboot into Windows twice. The usage of the /f parameter is very
important! If the device is a SoftRAID/FakeRAID then first activate
it and mount a different device under the /dev/mapper/ directory, (e.g.
/dev/mapper/nvidia_eahaabcc1). Please see the 'dmraid' documentation
for more details.
A quick sudo ntfsfix /dev/sdb1 fixed it, and I quickly copied the files onto my main backup HDD, then to my cloud backup too.
Send me feedback about this section
I have a customer relation to Google via cloud and Android, and might utilise AdSense, so there is always a chance I will need to dispute a charge from them. Customer support is non-existent, so the only method - chargeback - would result in my entire account being banned, which would lock me out of my digital identity: all the dozens of important accounts linked to my email, all the contacts and all my email history.
There's any number of reasons Google might permanently ban your account; they just won't tell you what it is, even if you are a paying customer. It might be something unsuspecting that their AI risk models correlate to suspicious behaviour, leading to a ban to limit Google's liability.
I realised that getting 'unpersonned' and banned from Google's vast ecosystem would be pretty devastating; and Google are notorious for unreliability, having zero appeals process, and having no customer service unless you are a huge company.
A former Googler recommends that you should keep your GMail to a separate account, used exclusively for GMail, because of the risk of Google randomly banning your main account. But if that's true, then Google can trivially link your other accounts to the GMail account, and ban that too - so you may as well avoid GMail entirely.
I've been pretty thorough in keeping my main GMail inbox clean of clutter, and I use almost nothing except for GMail - so the takeout.google.com backup was under 400MB and was completed (prepared and downloaded) within minutes. Apparently lots of people use Google Photos or Google Drive, resulting in takeout taking days to prepare or having errors preventing downloads.
I also seem to have completely avoided granting OAuth requests for my Google account (you can check the list here). That surprised me - I'm pretty sure I've used Google to log in to some services, but maybe I used temporary Google accounts for those.
Still, I had a bunch of accounts tied to my Google email - over 100 that I've counted so far - landlord, government, bank, smartphone accounts.
Send me feedback about this section
Turns out quite a few things in Linux fail if you set the root drive to readonly - most notably the KDE desktop environment requires writing to a lock file, although this can probably be mitigated by mounting /proc as a writeable drive.
`/etc/fstab` is where this option is set - but cannot be undone because it thusly puts itself into readonly mode. Thus, to fix it, I had to reboot, and edit the GRUB command line option to push me into a BASH console before it attempts to obey `/etc/fstab` (replacing `ro` with `rw --init=/bin/bash`).
I suppose my 'TODO' list should include learning how to make a Casper bootable drive with Clonezilla, which would allow me to mount the OS as a ramdisk, which is good enough.
But until then, I can use `iotop -o -b -d 10` to keep an eye out for disk-usage-heavy processes and uninstall/disable/reconfigure them.
`/etc/fstab` contents:
tmpfs /tmp tmpfs rw,size=500M,nr_inodes=5k,noexec,nodev,nosuid 0 0
Despite this, as `lsblk --all` showed, it would not boot with `tmpfs` at `/tmp`, nor did the command `mount /tmp` (or variations of that command, which indirectly use `fstab`).
Using a `mount` command which did not reference `fstab` gave a clue what the problem might be:
sudo mount -t tmpfs -o rw,size=1500M,nr_inodes=5k,noexec,nodev,nosuid randomnamehere /tmp
This command returned an exit code of `130`. From my shell console's manual:
When a command terminates on a fatal signal whose number is N, Bash uses the value 128+N as the exit status.
So this is actually an exit code of `2` (`SIGINT`) - interrupt. Hmm, that doesn't make sense at all.
Turns out, this was because I had typed `Ctrl+C` before querying the exit code - I had no idea BASH counted its own signal interrupts as exit codes. The actual `mount` command had an exit code of `0` - no error. So I'm back to having zero clues.
Well, now I have to Google what the systemd log command is (`journalctl -xe` - I always forget it). That shows no errors either.
So, after some frustrating Google searching, I came across this command: `systemctl list-unit-files -t mount`.
What does it do? No idea. But I figured that one line of the output was of interest to me: `tmp.mount generated -`. What does that mean? I don't know, but it might refer to `/tmp` that is generated from `fstab`.
I modified a subsequent command from that link, to `journalctl -u tmp.mount -f`, and tried the `mount` command again. Nothing happened (i.e. nothing was inserted into this process's journal).
How absurd! So I Googled how to find the filesystem type - turns out `stat -f -c %T /tmp` does that. And `/tmp` was indeed `tmpfs`, exactly as I wanted - the actual problem was that my tools did not work the way I expected them to:
This was puzzling. It would boot into the login screen, and allow me to login, but instead of displaying the desktop it would turn into a black screen. There was no cursor, and it wouldn't allow me to try a different terminal.
I tried going onto a different terminal and manually entering the desktop (startx), but that too resulted in a black screen. I could recover from that black screen only by going onto yet another terminal and killing the startx process or what it spawned.
This was similar to the symptoms that one NVidia driver issue previously caused, so I tried rebooting several times (which was the workaround for that particular driver issue!), but the same issue arose consistently, which basically ruled out that driver issue.
I checked the syslog, and I saw kernel panics and segmentation faults from whatever the KDE program was (kstartup5 maybe?).
Unfortunately, I couldn't reinstall this program without a WiFi connection - and I couldn't connect to the WiFi without starting up KDE first, due to a NetworkManager 'bug' that meant it couldn't see my Ethernet card until after logging in to the desktop environment (a 'bug' which has since been fixed, which means it might have been a misconfiguration somewhere).
I decided to install a different desktop environment, and log in through that (by setting the necessary X variables and running startx). It worked! So I reinstalled the seemingly-affected KDE package and rebooted.
But the problem persisted. I checked the syslog again, and this time the segmentation fault was coming from a different .so file. I wondered if lots of .so files had been corrupted.
I installed a different window manager (i3) and that disproved this thought - there were no segfaults. Thus the segfault originated exclusively from KDE.
Eventually, I discovered that you can run SHA checksums on package files - so I ran this over all my installed files, and discovered 2 or 3 corrupted files. I found the packages containing these files (using dpkg -S /path/to/file) and reinstalled those packages.
And it all worked again.
It's much better now than even just 5 years ago - I spent at least 200 hours debugging NVidia drivers due to everything from glitches to dev environments failing to kernel panics, because my laptop has a dual iGPU-GPU setup (I think it has a fancy name like 'prime' or something).
I've spent maybe 20-40 hours troubleshooting Python environments. Python web-hosting was the most monumental pain-in-the-ass - flask requiring gunicorn requiring gevent causing incompatibility with another async-io package - but sometimes Python environments break due to minor updates, and Python developers sometimes don't bother to specify the minor versions they used.
Please believe me when I say that C++ is sometimes easier than Python. It's really true - I can download a C++ program from 20 years ago and it will probably compile. But if I download a Python program from 5 years ago it will download 1GB of dependencies and then fail due to either a problem with a dependency (not being locked to the correct version) or another API change.
The most fun I've had with my smartphone was when the screen was absolutely smashed to bits.
Whenever there was a miniscule amount of moisture on the screen, it would act like it was possessed by a ghost - exiting my current app, opening Facebook Messenger or Snapchat or something, and randomly texting gibberish or video calling someone.
I didn't use my smartphone for anything except chatting to people, so this was genuinely fun. When necessary, I could plug it into my laptop and control it (via adb) if I needed to install new packages.
Sadly, I had to finally relent and get a replacement when the 'ghost' got too 'strong'.
Now that I use my phone for other things, I don't have the privilege - I need my phone to be usable. But it was fun while it lasted.
Send me feedback about this section
Since I have to use untrusted WiFi on trains, instead of my own beautifully-set-up home network, I've tried to take security more seriously.
The first step was to close down any listening ports. So I ran:
sudo lsof -P -n | grep LISTEN
At the time, I was running MySQL and several always-on servers. But here's the results of running this on a fresh Kubuntu install - with headers added:
COMMAND PID TID TASKCMD USER FD TYPE DEVICE SIZE/OFF NODE NAME
systemd-r 986 systemd-resolve 14u IPv4 3814 0t0 TCP 127.0.0.53:53 (LISTEN)
kdeconnec 6361 kubuntu 13u IPv6 33054 0t0 TCP *:1716 (LISTEN)
kdeconnec 6361 6417 QXcbEvent kubuntu 13u IPv6 33054 0t0 TCP *:1716 (LISTEN)
kdeconnec 6361 6452 QDBusConn kubuntu 13u IPv6 33054 0t0 TCP *:1716 (LISTEN)
kdeconnec 6361 6461 Qt\x20bea kubuntu 13u IPv6 33054 0t0 TCP *:1716 (LISTEN)
kdeconnec 6361 533273 kdeconnec kubuntu 13u IPv6 33054 0t0 TCP *:1716 (LISTEN)
cupsd 635600 root 6u IPv6 3510671 0t0 TCP [::1]:631 (LISTEN)
cupsd 635600 root 7u IPv4 3510672 0t0 TCP 127.0.0.1:631 (LISTEN)
adb 653588 kubuntu 6u IPv4 3799297 0t0 TCP 127.0.0.1:5037 (LISTEN)
adb 653588 653589 adb kubuntu 6u IPv4 3799297 0t0 TCP 127.0.0.1:5037 (LISTEN)
adb 653588 653590 device kubuntu 6u IPv4 3799297 0t0 TCP 127.0.0.1:5037 (LISTEN)
adb 653588 653591 client_so kubuntu 6u IPv4 3799297 0t0 TCP 127.0.0.1:5037 (LISTEN)
It took me a while until I fully realised the difference between 0.0.0.0 and 127.0.0.1 for server listening addresses. The second is a 'loopback' address - it only receives packages that originated from the same device - whereas the first receives all packages.
So first to identify these services:
You can see kdeconnectd and cupsd are both listening to all incoming traffic, but adb and systemd-resolve are fine.
So I simply disabled cupsd, and modified my server to optionally listen on 127.0.0.1 instead of 0.0.0.0. MySQL worried me a lot, but - if I recall correctly - it listened on 127.0.0.1 too.
AppArmor and SELinux are basically equivalent - they are kernel modules that provide the ability to apply policies to processes - whitelisting or blacklisting access to folders or protocols or ports or other things.
If you ever need to run an untrusted binary (if you are truly Ken Thompson-pilled, you don't trust anything you didn't compile yourself) you can run it within an AppArmor profile. You can apply AppArmor profiles in 'complain' mode, where it allows everything but logs anything that wasn't explicitly allowed - so you can rapidly create AppArmor profiles for new binaries.
I felt it was best to contain my browser within AppArmor, so I removed the default Firefox installation (which Ubuntu does through snap - which runs under the snap binary, not directly as the Firefox binary) and installed Firefox through a deb file.
Obviously I don't trust my own hand-written server either - that's why I have an AppArmor profile for it too. That way, even if an attacker gains total control over the server's process, they would be unable to modify the filesystem except for the log.
Send me feedback about this section
For my own system, I block almost all DNS requests except a list of several thousand whitelisted websites. I do this using AdHole. Thus outgoing DNS requests are quite infrequent, and more easily 'debuggable'.
While running my ls-open-connections script, I identified some strange TCP requests from python3.10, apparently from Firefox, definitely from short-running (single task) Python3.10 scripts:
tcp 192.168.0.12:59992 |tpop-api.twitter.com ESTABLISHED 3041531/firefox
tcp 192.168.0.12:43000 |twitter.com SYN_SENT -
tcp 192.168.0.12:45214 |github.com ESTABLISHED 3041531/firefox
tcp 192.168.0.12:51234 |abs-zero.twimg.com ESTABLISHED 3041531/firefox
tcp 192.168.0.12:47196 |cs672.wac.edgecastcdn.net ESTABLISHED 3041531/firefox
tcp 192.168.0.12:39190 |cs531.wpc.edgecastcdn.net ESTABLISHED 3590661/python3.10
tcp 192.168.0.12:47184 |dualstack.video.twitter.map.fastly.net ESTABLISHED 3591098/python3.10
It's a regular thing for Firefox. Interestingly some logs show it calling python3 - not python3.10:
tcp 192.168.0.12:37870 |web.archive.org ESTABLISHED 3509931/python3
...
tcp 192.168.0.12:37188 |changelogs.ubuntu.com SYN_SENT 1084293/python3
...
tcp 192.168.0.12:52418 |scontent-man2-1.cdninstagram.com ESTABLISHED 2178272/python3.10
On my previous system, while troubleshooting 100% CPU usage, I launched htop, and saw this line:
... 15.4 2.4 9h20:08 /usr/bin/dolphin --new-window --select /media/
Dolphin wasn't causing 100% CPU, but it caught my eye - it looked like a JavaScript library, but one I've definitely never downloaded. Kubuntu injects start-up parameters for Dolphin to save your previous position - so Kubuntu clearly thought that the last time I closed Dolphin, I had selected this file.
I was worried. Is there a zero-day exploit for gzip or tar? Is this a tar-bomb? When a file is deleted on Linux, it is only truly deleted from the filesystem when no processes reference the file - so it is possible for a malicious running process to keep access to a 'deleted' file, which I thought was a slight possibility.
So what is baklavajs? It is “a graph/node editor for the web. It provides an easy-to-use editor together with the ability to create custom nodes. Aditionally, it puts a strong emphasis on extensibility, which leads to a versatile plugin system.”
Okay, I definitely downloaded that. I must have simply deleted it and forgotten about it. I must have deleted it from the command line, causing Dolphin to try to select a non-existing file.
This only occurred when my /home SSD was in the process of failing - but it's a very odd thing, causing Firefox to gobble up numerous gigabytes upon startup, before it has even loaded the first tab.
Here's the syslog (yes, my laptop is called 'iPhone'):
Jun 14 23:37:41 iPhone kernel: [181267.843728] sysrq: Manual OOM execution
Jun 14 23:37:41 iPhone kernel: [181267.843829] Purging GPU memory, 0 pages freed, 0 pages still pinned, 2113 pages left available.
Jun 14 23:37:41 iPhone kernel: [181267.843953] kworker/3:2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=-1, oom_score_adj=0
Jun 14 23:37:41 iPhone kernel: [181267.843965] CPU: 3 PID: 110443 Comm: kworker/3:2 Not tainted 6.5.0-35-generic #35~22.04.1-Ubuntu
Jun 14 23:37:41 iPhone kernel: [181267.843975] Hardware name: ASUSTeK COMPUTER INC. GL552VX/GL552VX, BIOS GL552VX.204 01/28/2016
Jun 14 23:37:41 iPhone kernel: [181267.843980] Workqueue: events moom_callback
Jun 14 23:37:41 iPhone kernel: [181267.843996] Call Trace:
Jun 14 23:37:41 iPhone kernel: [181267.844000]
Copying the files (from a backup) to a non-failing drive did not replicate this behaviour. Thus this is probably some exotic side-effect of extremely-long read callback times - is Firefox not properly handling timeouts for filesystem operations, or something like that, leading to a memory leak?
AppArmor caught KDenLive (KDE video editor) trying to execute a file from /tmp:
/tmp/.mount_kdenliTBgryV/AppRun.wrapped
I disable execution on /tmp for security reasons - here is a summary of why, with a list of exploits that used /tmp. The short reason is that any user can read and write at /tmp/, and programs often forget to set/verify the correct permission bits on temporary files they create or read.
Executing a file under /tmp is a bad code smell. It seems to be very rare these days, so blocking execution on /tmp probably won't break any modern programs.
So what was KDenLive doing? First, note the .mount_ part. I suspect this is because KDenLive is run by snap in a container - if you run the lsblk utility you will see snap entries such as these:
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS
loop1 7:1 0 4K 1 loop /snap/bare/5
loop3 7:3 0 74.2M 1 loop /snap/core22/1122
loop4 7:4 0 497M 1 loop /snap/gnome-42-2204/141
loop5 7:5 0 40.4M 1 loop /snap/snapd/20671
loop6 7:6 0 91.7M 1 loop /snap/gtk-common-themes/1535
Thus snap programs are mounted. I haven't looked into why or how this works, but it leads me to suspect that this executable was created by snap, not by KDenLive. Also, the name of the file - AppRun.wrapped - looks more like something snap would run (an app startup script) than KDenLive. If it were KDenLive, what would it be, other than an addon?
Send me feedback about this section
My development on this stopped after Mozilla changed its addon policies - making it much more difficult for me to test my browser addon by removing the opt-out for Firefox's security policy of forbidding Firefox from running addons that haven't been signed by Mozilla.
This removed my ability to iteratively improve the addon by trial-and-error - instead, I would have to wait days after each change, to get the changed addon manually approved by Mozilla staff, before I could even test it on my own Firefox installation.
It was Mozilla's intention that almost all updates should be automatically approved - they just run a few automated tests on most updates - but, if I recall correctly, because RTagger changes the web page's HTML by editing innerHTML, many updates (maybe most) were automatically flagged and had to be manually checked by a Mozilla staff.
(TODO: Incomplete)
