For desktop use (and programming) I can very much recommend Das Keyboard. I have a Das Keyboard 4 Pro [External Link] with Cherry MX Blue switches and it is really great. I never want to use anything else again. I ponder getting one with brown or similar switches for work (since co-workers might be annoyed by the loud click of the blue switches).

I also got the very important Tux Keycaps for the Super Keys: https://shop.daskeyboard.com/collections/accessories/products/linux-key-cap-bundle-1 [External Link]

The only thing I really miss and would like to have is a keyboard with ISO layout and english keycaps. They all only sell the ANSI layout which I find harder to use. I like the big enter key I can just smash down on :D

See the difference here: https://deskthority.net/wiki/ANSI_vs_ISO [External Link]

View this comment - View article - View full comments

Thank you so much for covering this! This time I won't miss out on the special edition like I did with TIS and SHENZEN I/O.

View this comment - View article - View full comments

Quoting: Schattenspiegelbut they also deeply into this telemetry and required user accounts crap

Can you qualify that? IMHO the "required user accounts crap" is wrong. I own CK2, EU4, Tyranny, PoE and none of these games forces me to have an account. If I have one I can sign in, but I was never forced. IIRC one of the games asked me if I wanted to provide telemetry data, and I assume that when I rejected this rejection was honored. So is this statement of yours based on facts or just hearsay?

View this comment - View article - View full comments

Quoting: Cestus<<--- party pooper Anyone know the status of meltdown v1 V2 and spectre? is it fixed to the hardware level with these new CPU?

AMD was not affected by V3/meltdown.
V1/Spectre is mitigated in the OS (RETPOLINE)
V2/Spectre is hard to exploit on AMD and fixed in microcode (https://www.amd.com/en/corporate/security-updates)

View this comment - View article - View full comments

Quoting: NeverthelessEasier... just try setting the cpu governor without it :)

Interesting ... learned something new ...

(all binaries with setuid-root)

It works without the setuid call:

#include <sys/types.h>
#include <stdio.h>
#include <unistd.h>
#include <errno.h>

int main() { 
        printf("EUID: %i\n",geteuid());
        printf("UID: %i\n",getuid());
        FILE* file = fopen("/sys/devices/system/cpu/cpu1/online","w");
        if (!file) {
                perror("Error opening: \n");
                return -1;
        }
        if (fprintf(file,"0\n") < 0) {
                perror("Error writing: \n");
                return -2;
        }
}

(Sorry, have no governors to set, so I just used cpu1/online for the same effect).

However, it does not work if you use system (which you should not do to begin with ^^, see also Caveats section in man 3 system and https://stackoverflow.com/questions/27461936/system-vs-execve [External Link]. This is because the EUID is not propagated to the program called by system, while the UID is.

steam@SteamBox ~ $ cat test2.c
#include <sys/types.h>
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>

int main() { 
        printf("EUID: %i\n",geteuid());
        printf("UID: %i\n",getuid());
        system("echo EUID_System: $EUID");
}
steam@SteamBox ~ $ ./test2 
EUID: 0
UID: 1000
EUID_System: 1000
steam@SteamBox ~ $

steam@SteamBox ~ $ ./test3 
EUID: 0
UID: 0
EUID_System: 0
steam@SteamBox ~ $ cat test3.c 
#include <sys/types.h>
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>

int main() { 
        setuid(0);
        printf("EUID: %i\n",geteuid());
        printf("UID: %i\n",getuid());
        system("echo EUID_System: $EUID");
}
steam@SteamBox ~ $ 

Bottom line: Please don't use system in a setuid-root binary. This is broken and a serious security hole.

View this comment - View article - View full comments

Quoting: NeverthelessI forgot about the "setuid( 0 );" in the file. It's nessessary. Try for yourself (with owner root and suid root):

#include <stdio.h>
#include <stdlib.h>
#include <sys/types.h>
#include <unistd.h>

int main()
{
system( "whoami" );
setuid( 0 );
system( "whoami" );
return 0;
}

No its not :) You are confusing uid and euid (effective user id). Whoami is the wrong command to show what you want to show since it outputs the username based on the UID. But the UID is not what is used to check privileges. (See man credentials for the difference between user id and effective user id.)

Try with this code snippet instead:

#include <sys/types.h>
#include <stdio.h>
#include <unistd.h>
int main() { 
    printf("EUID: %i\n",geteuid());
    printf("UID: %i\n",getuid());
}

The EUID is what matters when you write to files. Unless you want to use setuid() to change the apparent username to root (and then output it using whoami) it is useless. You can NOT elevate privileges this way.

Hmm ... @Liam: Indentation is somehow broken for code blocks or I'm too stupid ;)

View this comment - View article - View full comments

Quoting: Nevertheless

Quoting: mike44Good but I would prefer not to install anything. Could we simply run a command before and after playing?

I found a simple suid program on the net, which I just had to change a bit to do the right things.

#include <stdio.h>
#include <stdlib.h>
#include <sys/types.h>
#include <unistd.h>

int main()
{
setuid( 0 );
system( "echo performance | sudo tee /sys/devices/system/cpu/cpu*/cpufreq/scaling_governor" );

return 0;
}

and to set it back to powersave:

#include <stdio.h>
#include <stdlib.h>
#include <sys/types.h>
#include <unistd.h>

int main()
{
setuid( 0 );
system( "echo powersave | sudo tee /sys/devices/system/cpu/cpu*/cpufreq/scaling_governor" );

return 0;
}

This is really bogus, broken code ...
The setuid command is useless since

• a) you are already root (per chmod u+s)


• b) you would not be able to elevate your privileges like that if you were not. That would be a security hole. The purpose of setuid is to drop privileges when you are already root. Not to elevate them (see man setuid).

Using sudo in the system commandline makes no sense as well. It is benign if you have a setuid root binary (i.e. does nothing, just leave it out). If you are not yet root it will ask of course but then you can really just use the commandline directly. Skip the c and use bash.

View this comment - View article - View full comments

Quoting: Kimyrielle

Quoting: PatolaI am curious, what would be the reason for a "no sales" policy?

Arrogance.

I'm pretty sure that's what your boss would say too when you don't partake in work-for-half-the-salary month...

View this comment - View article - View full comments

Quoting: elmapulpsp ??

Platform Security Processor, the big firmware blob that is the OS beneath the OS.

View this comment - View article - View full comments

How people think that concepts such as Flatpaks are better than SteamRuntime is beyond me.

The concept of Containers means that every application provides its own required libraries. Every sane person that cares about security has to ask himself who will update these libraries? This is going to be the same we have with Windows applications that litter the disk with their own versions of outdated libraries.

A concept such as SteamRuntime with a single runtime that gets updated by the provider of that runtime (here steam) seems way saner. They take care of updating the libraries and *all* applications will instantly get the added security benefits.

Containers are a nice way to install software, no doubt, but they bring the problems Windows has had for ages to Linux. The install a bunch of software outside of the established software management system (apt, yum, whatever) which is then exempt from updates. This central software management was one of the strong points of Linux once.

While SteamRuntime also runs outside of the system package management it is still a central place that takes care of library updates and, as added benefit, you can also install all libraries provided by steam runtime through your own package management, effectively removing the update problem.

I don't really get this recent obsession with containers. It feels like a 'Windowsization' of Linux to me ...

View this comment - View article - View full comments