• 0 Posts
  • 37 Comments
Joined 2 years ago
cake
Cake day: June 21st, 2023

help-circle



  • If you are building a static system, SELinux is amazing. You need a few lines of policy per application to label things appropriately, then you can see what accesses programs made and decide if you want to allow them or not.

    Taking a full Linux system and adding a locked down SELinux policy can be done in less than a week. If you are starting with an SELinux enabled system and just want to lock down your application, it can be done in less than a day.

    Once you know what you are doing, there is also a pretty powerful policy analysis tool that lets you see what a given domain can do; including transitive things like “domain sandbox_t can launch a program in Domain vim_t, which can write a file in Domain sshd_config_t, which can be read by domain sshd_t” which may indicate that your sandbox has a hole allowing it to compromise your sshd configuration. Although, to be fair, doing this level of analysis is not simple, even with the tooling. And you very quickly notice issues that are inherent in how Linux works.

    The problem with SELinux comes when you try applying it to general purpose systems, because you do not know ahead of time what the user will want to do. To be effective, policy needs to be written for the specific system it will be running on.

    An example I like to use is Android. Android makes great use of SELinux, and is a general purpose system. But the SELinux policy itself does not protect the general purpose Android system. It protects the special purpose system that is the Android runtime. All apps run with the same policy that says things like “cannot access the filesystem at all, unless given access by the Android runtime”, then the actual security policy users see is all implemented in use space by Android. SElinux is just a means of preventing apps from bypassing the Android permission system.


  • Also, AppArmor might not exist without SELinux.

    When the NSA first implemented SELinux, they did so directly, but were not able to get that merged into mainline because there was concern that SELinux was not the correct solution.

    What they ended up doing was creating the Linux Security Modules (LSM) framework, which is just a bunch of hooks in the kernel that a module can implement. SELinux was then rewritten as LSM module. This allowed other solutions like AppArmor to be implemented without any invasive work; they could just plug into the same system SELinux used.

    Some time later, the ability to run multiple LSMs at once was added.

    Incidentally, Linux capabilities are also implemented as an LSM.


  • homura1650@lemmy.worldtoWorld News@lemmy.world*Permanently Deleted*
    link
    fedilink
    English
    arrow-up
    7
    arrow-down
    1
    ·
    5 months ago

    Volatility has always been built into investing, including index funds.

    If retirement is a long way away, then this is a non event. If retirement is close and your 401k was in a target date fund, you are heavily invested in bonds at this point, precisely to deal with this sort of situation.

    If you are close to retirement, and heavily weighed to tech heavy indecies, then this will probably delay your retirement a few years. If you’re already retired and so invested, you may have a problem.


  • In fairness to the PA, Palestine has an approximately 0% chance of winning a war against Israel. And an approximately 100% chance of them getting blown to pieces if they ever had an attack successful enough for Israel to fully mobilize against them (see Gaza).

    Their most likely to succeed strategy would be pursuing victory through the Israeli court system (which was relatively on their side, leading to the attempted “court reform” power grab that was the political story in Israel prior to October 7). Their next best bet would be Israeli politics moving away from the current right wing nationalist coalition.

    That is not to say that any of the above is easy, or likely to succeed. But at least it has a plausible chance. And, if it fails, that failure still leaves them better off than a war against Israel.




  • Official death tolls are always an undercount. Even after mundane disasters like hurricanes, the death toll gets revised up during the cleanup as more victims are discovered. The disaster in Gaza is still ongoing, so people have more important things to do than count the dead.

    In addition to this, the Gaza Health Ministry has taken a deliberately conservative approach of only counting bodies that make it to a hospital and are clearly dead as a direct result of the conflict (e.g, not disease or famine).

    The official death count is not a reflection of how many people are dying. It is a reflection of the Gaza Health Ministry’s capacity to count the dead.


  • I suspect they are inclined to tell the Russians to kick rocks. However, they are going to need some foreign support. As long as they are on the US terror list, it will be very difficult for that help to come from any US aligned group.

    Having said that, between the growing disagreement over Israel policy, the coming 4 years of a Trump administration, and the desire of a lot of European countries to resolve the Syrian Refugee crisis; I could see a lot of European countries going against the US on this one and helping the new Syrian government.



  • homura1650@lemmy.worldtoWorld News@lemmy.world*Permanently Deleted*
    link
    fedilink
    English
    arrow-up
    5
    arrow-down
    1
    ·
    8 months ago

    You don’t make peace with your friends. You make peace with your enemies.

    Unless you actually plan on commiting a full scale and thorough genocide, eliminating terrorists is simply not a viable strategy for defeating terrorism. If you don’t go all the way to genocide, then a sizable portion of the non-terrorists you didn’t kill will become terrorist



  • That hasn’t been the case for decades. Israel has a lot of allies in the region (basically the entire anti-Iran coalition). Admitadly, these alliances are largely premised on Israel’s military and intelligence might, which would be diminished without US support; but Israel still has significant in-house capabilities.

    As to the actual power dynamics, I agree that the US has a lot of leverage. But that is meaningless if they don’t use it. Moreso now that Israel knows they would only need to wait for the next administration to reverse course if we started using our leverage now.



  • Israel is not alone in the region anymore. The middle east is bipolar now, and Israel is well established in the anti-Iran coalition. I wouldn’t call this “stabilizing”, but if the actual fighting is contained to Israel, Iran, and Iranian proxies, that is good for the rest of the anti-Iran coalition.

    Sucks for Israel, but when your political leadership is fighting with military leadership because the latter is not sufficiently hawkish, I don’t think “stability” is the policy objective said leadership is actually pursuing.


  • Both can be true. A large swath of the electorate is stupid for electing Trump, but the Democratic party failed to reach them. This is a lesson that Republicans have known for decades but Democrats still don’t get. Voter’s are not rational; being better than your opponent does not win elections. People can be annoyed at the voters for making this reality, and at the Democrats for still not getting it.

    In fairness to the Dems though, the incumbent party lost ground in almost every Democracy, and Harris underperformed less in swing states where both parties campaigned.


  • The Social Security Trust Fund does not exist. It is an accounting fiction. When Social Security was passed, it came with a tax increase to offset the increased spending. For decades, the tax increase was greater than the spending increase, so the government spent the difference on other stuff; but made a note that Social Security had a surplus. However, since 2010, this flipped and the cost of Social Security has exceeded the income of its associated tax. The bean counters would the flip happened in 2021, but that is because they believe in the fiction of the Social Security Trust Fund, so that interest on the Trust Fund counts as income to Social Security, despite the fact that said interest is paid by the federal government.

    So, why does this accounting fiction called the Social Security Trust Fund matter? Because it has the force of law. Under current US law, Social Security is exempt from the the typical budgetting rules. As long as the bean counters would say the Trust Fund has a positive balance, Social Security is authorized to increase it’s budget to meet it’s obligations. In contrast, most Federal programs get their budgets increased as part of the yearly budget (or a continuing resolution when Congress can’t pass a budget. Or they just close when Congress can’t pass a CR).

    So, what happens when the trust fund runs out?

    Option 1, Congress does not authorize continued spending at current levels. This is typically known as a spending cut. But because it is triggered by an existing law and Republicans have spent decades playing up the trust fund, they can act like this cut was a force of nature, and not them actively deciding to cut it in the congressional budget.

    Option 2, Congress funds social security just like it funds everything else, through an appropriations bill. SS keeps operating, and becomes another political football in the annual budget fight

    Option 3, Congress picks some way to tell the bean counters that the social security trust fund is still positive. Social security keeps operating at current lol levels, and remains exempt from the normal appropriations process.

    So, what is all this talk about removing the cap on the Social Security payroll tax? If we ignore all the accounting trickery, that is about taking a regressive income tax payed by workers earning less that $168,600/year and turning it into a flat tax. Nothing whatsoever to do with social security, but I agree that a flat tax is better than a regressive tax. Still not as good as a progressive tax, which is the only thing that would have been politically viable but for the fiction that this tax is at all related to Social Security benefits (and their associated limit).

    Social Security isn’t even the only federal program to have this issue. Our highway system is payed for by the Highway Trust Fund, which is funded by a tax on gasoline. This fund has been insolvent since 2008, so Congress just included highway funding in their appropriations bills and payed for the difference like they pay for most Federal programs.


  • The monthly payout of social security is based on how much you earned while you were working, which is roughly correlated with how much you payed in [0]. However, the monthly payment has a hard cap. No matter how much you earned while working, SS will not pay you more than someone who averaged $168,600/year. Even below that cap, there is a progressive structure, where those with a lower income see a larger marginal benefit.

    [0] not exactly, as it only looks at you inflation adjusted best 35 years