Oh for fucks sake, now this?? Can we all just take a step back and calm down, between ‘US/Taiwan/China’, ‘Ukraine/Russia’ and
I suppose sealing the border may be related, as North Korea is also sending soldiers to Ukraine, and this happened at about the same time.
That being said, it's also true that North Korea pretty regularly does attention-getting things, and I suppose that it's not impossible that this is one of those.
Yeah...I don't know how long it takes for everyone, but another example:
Gilbert Bargayo – crucified for the 15th time in Carcar, Cebu, and for the 17th time in Barangay Duljo-Fatima, Cebu City in 2012. Six-inch nails pierced his palms and feet, and took 45 minutes to all be hammered in.[21]
I'm just kinda imagining someone taking 45 minutes to finish hammering nails through my appendages.
considers
We are going to die, and that makes us the lucky ones. Most people are never going to die because they are never going to be born. The potential people who could have been here in my place but who will in fact never see the light of day outnumber the sand grains of Arabia. Certainly those unborn ghosts include greater poets than Keats, scientists greater than Newton. We know this because the set of possible people allowed by our DNA so massively exceeds the set of actual people. In the teeth of these stupefying odds it is you and I, in our ordinariness, that are here. We privileged few, who won the lottery of birth against all odds, how dare we whine at our inevitable return to that prior state from which the vast majority have never stirred?
-- Richard Dawkins
Dawkins was talking about human dissatisfaction with mortality, but I think that perhaps it puts perspective on life as well.
I've been alive as long as I can remember, and everyone I interact with is alive. Familiarity breeds contempt, and it's perhaps easy, from that perspective, to forget how rare a thing life is.
There are some pretty hardcore Filipinos.
https://en.wikipedia.org/wiki/Crucifixion_in_the_Philippines
Crucifixion in the Philippines is a devotional practice held every Good Friday, and is part of the local observance of Holy Week. Devotees or penitents called magdarame in Kapampangan willingly have themselves crucified to reenact Jesus Christ's suffering and death, while related practices include carrying wooden crosses, crawling on rough pavement, and self-flagellation. Penitents consider these acts to be mortification of the flesh, and undertake these to ask forgiveness for sins, to fulfil a panatà (Filipino, "vow"), or to express gratitude for favours granted. In the most famous case, Ruben Enaje drives four-inch nails into both hands and feet and then he is lifted on a wooden cross for around five minutes.[1]
Yeah, I really wish that people would post context there when they post something. Some of the problem is that people see news, then promptly go to create and post memes joking about a current news item. But if you haven't seen the news item and don't know some of the jargon or military history or other context, it can be difficult to understand what's going on.
I've commented a bunch of times with a "context comment" on posts linking to source material.
To add to that, on Reddit, there was originally /r/CredibleDefense. This was intended to be serious discussion about military topics from people who knew what they were talking about making supportable statements. Like, people cited sources and such. It didn't always actually meet that bar, but the idea was to keep the level of nonsense low.
That's kind of a high bar, and sometimes people don't want to rigorously examine everything and have more-casual discussion, so then /r/LessCredibleDefence showed up.
/r/NonCredibleDefense was developed as the logical extension of this, becoming less...serious...and consisted of people posting memes and often making completely-inaccurate statements for humorous effect.
NCD was more-approachable than the others, and so a lot of people wound up showing up there.
I was not around when they formed, but did show up later, and enjoyed content on all of them.
There is no CredibleDefense or LessCredibleDefense on the Threadiverse, currently. !NonCredibleDefense@sh.itjust.works is the sole representative (well, maybe military@lemmy.world will be something like that, but it doesn't quite deal with the same stuff). I tend to vigorously disregard the rule about not posting serious material on NCD, as a result, but it's got plenty of memes and people making jokes.
So assuming I didn’t want to set the regular ACL and the default ACL I would need to set the ACL not on /srv/disk-uid/media/data but instead on /srv/disk-uid/media/ and would achieve essentially the same result?
If you set the default ACL entry on /srv/disk-uid/media/ prior to creating data in that directory, then when you created data, data would get a default ACL entry and a regular ACL entry. That's what you have now, and probably what you want.
Though as things stand, I have no idea what the ACL on /srv/disk-uid/media/ is, so I can't promise you that it'd be identical. If you also set a regular ACL entry on that directory in reality, then it wouldn't look like your hypothetical scenario.
or my search-fu failed me
I think that it's mostly that a lot of Linux users don't wind up using the ACL system, as the traditional Unix permissions system does all they want, and so they don't need to even touch ACLs. So not a lot of stuff out there talking about it. If you're using Windows or VMS or something, then coming into contact with ACLs isn't optional; if you're doing file permissions, you're doing ACLs.
Though like I said, I’ve done virtually nothing with Posix ACLs in the past, so that’s from a brief glance at the docs and a quick test.
I would say this really doesn’t matter that much.
I'm just warning about taking it authoritatively. I've got relevant background, but not specifically on Posix ACLs. What you got is "I tested it for under a minute and glanced very briefly at docs, and have very sporadically used them."
If you don’t prefer that, maybe a OSS-project I can send it to? :)
Nah, but thanks. Do what you want with your coins!
Because if my memory serves me right (it was well beyond 11pm) that’s the command I had typed in.
I believe it was /srv/dev-disk-by-uuid-e3e0eac5-806a-44e9-a0e9-07fb99a18281/media# sudo setfacl -d -m g:extUserG:rwx data
You probably did exactly that.
I expect that the -d there just makes the command set a default ACL entry rather than a regular ACL entry, doesn't set both.
tests
Yeah. You need two commands if you want both a default and regular ACL entry.
You want a default ACL entry and a regular ACL entry on data.
The regular ACL entry affects items directly inside data.
The default ACL entry causes items that you create inside data to have that ACL. It doesn't both do that and act as a regular ACL entry for data.
Also why do I need both default:group:extUserG:rwx and group:extUserG:rwx to be able to write in the media/data directory? Shouldn’t the first one be sufficient enough?
Nope. Looks like the default ACL entry won't actually affect permission checking itself. Though like I said, I've done virtually nothing with Posix ACLs in the past, so that's from a brief glance at the docs and a quick test.
I haven't done much dicking around with Posix ACLs.
And I'm not completely sure what you want to do, even after looking at your comment a couple of times.
If the issue is that you want this operation to succeed:
Doesn’t work: root@NAS01:/srv/dev-disk-by-uuid-e3e0eac5-806a-44e9-a0e9-07fb99a18281/media/data# su appoxo -c 'mkdir dir-extUserG' mkdir: cannot create directory ‘dir-extUserG’: Permission denied
Then it's presumably that the permissions on media/data aren't what you want.
If I understand correctly:
You have a user appoxo which belongs to the group extUserG. That is, if you type groups as that user, then you see "extUserG" listed.
You want this user to have write permissions to /srv/dev-disk-by-uuid-e3e0eac5-806a-44e9-a0e9-07fb99a18281/media/data.
You can see from your getfacl data/ command that the data directory doesn't grant write privileges to extUserG. It has a default ACL entry granting write privileges, so things created in that directory will inherit an ACL entry. But data itself doesn't have an ACL entry granting write privleges to extUserG.
You want data to have this ACL entry when you run getfacl data:
group:extUserG:rwx
as well as the default ACL entry:
default:group:extUserG:rwx
Right now, it only has the default ACL entry:
default:group:extUserG:rwx
If you run sudo setfacl -m g:extUserG:rwx data in the top-level media directory, then that should add the ACL entry, and I'd expect that user appoxo would subsequently be able to create and modify files and directories directly inside data.
Note that I'm not saying that this is necessarily sufficiently-restrictive to do the other things you want, like constraining your containers or whatnot, so don't expect me not mentioning that to be a thumbs-up there -- I mean, we can't see the ACL on the top-level media/, so no way to confirm that.
One possible concern: I think that a process with serviceG in its list of groups -- such as what I expect your docker containers would be -- can remove the extUserG ACL entry. That is, they could prevent appoxo from being able to fiddle with files that they have created. That may or may not be a problem for you. Appoxo can ultimately re-add that ACL entry to any thing under data from which the ACL entry is removed, as long as they have write access to data (which should be the case after you run the command above I mentioned. But appoxo doesn't quite, as things stand, act like "root" for the whole directory hierarchy, doesn't just bypass permissions.
If the end result is a more self-sufficient russia and profits going to the war effort … would it have been the right move?
Autarky costs something, given an efficient market. Normally, due to comparative advantage, a country will trade with whoever can produce something with the most comparative advantage. That will normally make the country better-off. So a restriction on trade -- like an entity refusing to do business with it -- will make the country worse-off than in a free market. Could cut off access to supply chains or money or whatever.
So you would not normally expect Russia to have more resources to go to the war effort as a result of cutting business connections. Russia of 2024 will have fewer resources available to it than Russia of 2021.
I don't disagree that this is less-disruptive to Russia than a company intentionally dismantling its infrastructure in Russia. I do not know whether that is a practical option, as the authorities might simply seize the assets. Russia does have jurisdiction over things that happen in Russia. They can make it illegal to dismantle factories; I have not been following, but I remember reading that several laws restricting things along these lines have been passed in the past, including limiting bankers from exiting Russia, some sort of controls on moving assets, and some sort of restrictions on divesting assets.
reads article
Actually, the article specifically references this, right at the end:
However, for some companies, staying longer in Russia has not always been a carefully calculated business choice because the government has put significant obstacles in place to prevent them leaving.
These included trying to take over the assets of Western companies wanting to go
Oh so both hashes and synmetric cryptography are secure entirely by doubling up the key size.
That's not my understanding, which is that it's more-secure than that and doesn't require the doubling. Assuming the pages I linked are correct and that the understanding of them from my skim is correct, both of which may not be true:
About a decade-and-a-half ago, it was believed that AES of existing key lengths could be attacked via a known quantum algorithm -- Grover's algorithm -- using future quantum computers. However, the weakness induced was not sufficient to render AES of all key lengths practically vulnerable. it would be viable to simply increase key lengths, not redesign AES, sufficient to make it not attackable via any kind of near-future quantum computers.
At some point subsequent to that, it was determined that this attack would not be practical, even with the advance of quantum computers. So as things stand, we should be able to continue using AES with current keylengths without any kind of near-future quantum computer posing a practical risk.
Take all that with a huge grain of salt, as I'm certainly not well-versed in the state of quantum cryptography, and I'm just summarizing a few webpages which themselves may be wrong. But if it's correct, you were right originally that there aren't going to be near-term practical attacks on AES from the advance of quantum computing, not from any presently-known algorithm, at least.
So over 92 mph. They're moving pretty quickly.