Nice use of language, made me smile, have one of these.
282 publicly visible posts • joined 25 Mar 2011
Exactly. We were maintaining an SBOM for our product since it began development circa 2010 (</whippersnapper>) and this was a required artefact when we delivered evaluation units to $US_DEFENCE_PRIME a few years later. In that case the focus was mostly on understanding licencing of the various components, but still - knowing what you're using is not a new concept.
Several months ago, I had to blow away and reinstall my laptop, and decided to give Slackware a go, based largely on your posts here. (As context, I consider myself reasonably au fait with Linux, having run Gentoo, Ubuntu, Fedora, Linux From Scratch and OpenSUSE in one form or another since before 2006, and fully agree with your characterisation of systemd.)
I felt at home in Slackware, it was great! But I couldn't find how to update packages. Key internet-facing packages and libraries relied on OpenSSL versions (1.0.2) that were EOL at the time, and it seemed like the way to know if something was patched was via email list. I dug myself into a waist-deep morass of dependencies trying to update and recompile packages manually to get the latest security fixes, and in the end retreated to Kubuntu where I can just run apt-get and get the updates I need.
As an experienced Slackware user, what did I miss? How do you keep things patched?
Best one I saw in our code base was:
in code that was working around quirks of MSVC.
A different part of our code base has a function that cleans up child processes, called grim_squeaker - long ago tribute to PTerry and Death of Rats, from my younger self.
I used to play cricket with a guy whose kit had red marks from shining the ball for the whole season. At the end of the season, one of the player's wives gave this guy a box of washing powder. It wasn't until later that we wondered what could happen if he was pulled over by the cops with an unmarked plastic box of white powder...
Disclaimer: I work for a company active in this area.
Filesystem encryption is common these days - bitlocker on Windows, or Veracrypt, or the Linux alternatives, etc. But that's not going to help if scumbags are logged into your system because they then see the same view of the files as you do, they're inside the file system.
There are also ways to do application level encryption, which is what you're suggesting. There are tools that will plug into Word, for example, and encrypt/decrypt stuff between Word and the disk. The problem is that this needs to be implemented on a per application basis - if your favourite CAD software doesn't have a plug-in for your chosen encryption software, you're short on luck. You also need to be careful with configuration - for example, ensuring temporary backup files created by the application are also encrypted.
Depending on your paranoia level, you also need to worry about swap files, which can contain unencrypted snapshots of files resident in your application's memory.
Finally, there's a kind of middle ground where you manually encrypt / decrypt files as needed - either on a per-file basis or in a container like Veracrypt. But that is less convenient for day-to-day workflow.
The Goon show called it 65 years ago:
Tell me, how do we raise the pier?
Oh, don't raise the pier!
Lower the river!
Gad! Genius! Absolute genius! But, but can you do it?
Sapristi yacka-backakas of course I can. My partner, the Honourable Grytpype-Thynne is the greatest water remover in the world! Follow me!
They should sew sponsors logos on their suits, like athletes. Or take a leaf out of stadium naming - like you have Etihad Stadium or the Kia Oval, could we see The Rio Tinto Prime Minister or The Boeing Defence Secretary?
Idea courtesy Robin Williams.