Hacker News: nobody42

New comment by nobody42 in "New Nginx Exploit"

nobody42 — Thu, 14 May 2026 22:28:36 +0000

Memory safety is good, but does not protect from every threat. In this day and age infrastructure operators should familiarize themselves with proactive defenses, MAC: SElinux and AppArmor. It required much friction earlier, but there are more tools to ease the usage today.

https://presentations.nordisch.org/apparmor/

https://github.com/nobody43/apparmor-profiles/blob/master/ng...

https://github.com/nobody43/apparmor-suggest

Disclaimer: I'm the author of both repos.

New comment by nobody42 in "Copyparty, the FOSS file server [video]"

nobody42 — Thu, 27 Nov 2025 15:07:08 +0000

Attack surface of this thing gives me existential dread.

New comment by nobody42 in "Debian Extended Long Term Support"

nobody42 — Sun, 23 Nov 2025 16:46:47 +0000

> Freexian aims to keep the updates available for individual users and non-profit organizations.

New comment by nobody42 in "The privacy nightmare of browser fingerprinting"

nobody42 — Sat, 22 Nov 2025 21:34:34 +0000

Best among existing. Anti-fingerprinting field is still in it's early stages.

I wouldn't say Tor Browser is the best because it requires custom configuration to be usable conveniently, which will make the connection non-uniform (and the user will stand out).

>Tor is pretty good for protection. Then there's always i2P as well…

Tor and i2P does nothing for (anti)fingerprinting - the program which render the web pages does.

>Saying one browser can protect the best is pretty hard to prove.

Not a proof but things to consider: https://privacytests.org/

New comment by nobody42 in "The privacy nightmare of browser fingerprinting"

nobody42 — Sat, 22 Nov 2025 21:01:09 +0000

You could test with this: https://github.com/abrahamjuliot/creepjs Does it store the data? Unknown.

The best browser for protection is https://mullvad.net/en/browser because it makes the connection uniform, to better blend in.

New comment by nobody42 in "Android/Linux Dual Boot"

nobody42 — Thu, 20 Nov 2025 14:42:14 +0000

pmOS device compatibility matrix: https://wiki.postmarketos.org/wiki/Devices

New comment by nobody42 in "LLMs should not replace therapists"

nobody42 — Mon, 07 Jul 2025 10:56:11 +0000

Therapy booth from 1971: https://www.youtube.com/watch?v=U0YkPnwoYyE

New comment by nobody42 in "Mullvad Leta"

nobody42 — Wed, 28 May 2025 18:59:42 +0000

Isn't owned by advertising company. https://en.wikipedia.org/wiki/Startpage#Merger_and_recent_hi...

New comment by nobody42 in "Plain Vanilla Web"

nobody42 — Mon, 12 May 2025 00:21:58 +0000

http://youmightnotneedjs.com

New comment by nobody42 in "I'm Done with Ubuntu"

nobody42 — Wed, 05 Feb 2025 15:46:45 +0000

Same. I sighed when they continued to run telemetry after disabling it - I blocked it (don't care if it's a dry run or not). Bit the bullet when they discontinued FF/TB in favor of snaps - installed them from tar. But when they installed ubuntu-pro without notice, on existing system, which is impossible to remove without also removing DE - that was the last straw for me. I'm moving all my desktops to Debian. Unfortunately Debian can't be recommended for beginners due to sheer volume of documentation for Ubuntu on the web.

New comment by nobody42 in "I'm Done with Ubuntu"

nobody42 — Wed, 05 Feb 2025 15:15:27 +0000

Updates are a necessity, and they don't have to be feature-breaking. More distributions need to adopt security-only channels.

New comment by nobody42 in "The Insecurity of Debian"

nobody42 — Wed, 04 Sep 2024 20:35:22 +0000

I'm trying to solve the lack of tools for AppArmor profile composition: https://github.com/nobody43/apparmor-suggest

New comment by nobody42 in "The Insecurity of Debian"

nobody42 — Wed, 04 Sep 2024 20:27:23 +0000

It's a symptom. Seems that label-based MAC is too tightly coupled with other parts of the system. With path-based, there's no need to disable it (entirely) because each part have their own separated strict scope.

New comment by nobody42 in "The Insecurity of Debian"

nobody42 — Wed, 04 Sep 2024 19:53:52 +0000

AppArmor is not less restrictive, it's less fine-grained, at the current stage of development at least.