• 36 Posts
  • 674 Comments
Joined 2 years ago
cake
Cake day: June 5th, 2023

help-circle

  • You can just do for f in * (or other shell glob), unless you need find’s fancy search/filtering features.

    The shell glob isn’t just simpler, but also more robust, because it works also when the filename contains a newline; find .. | while read -r will crap out on that. Also apparently you want while IFS= read -r because otherwise read might trim whitespace.

    If you want to avoid that problem with the newline and still use find, you can use find -exec or find -print0 .. | xargs -0, or find -print0 .. | while IFS= read -r -d ''. I think -print0 is not standard POSIX though.


  • My built-in SD card reader shows up in lspci as an “SD Host Controller”. Since lspci and lsusb should list everything that’s connected, it should show up there. If it’s not there, it is not connected, or idk, it’s broken maybe. Or it’s not listed with a name, just a number. I think the names come from some database of known devices. Maybe your SD card reader is a unicorn and nobody has ever seen it before and so it’s not in the database.


  • gnuhauttoLinuxGRUB is confusing
    link
    fedilink
    arrow-up
    4
    ·
    6 days ago

    Pretty sure the main difference is that one puts stuff in a directory called esp (which I assume is a placeholder for the actual directory?), and the other one is put in /efi. That needs to be the path to your efi partition, because that’s where the UEFI expects to find things it can boot. The target is probably redundant, i.e. it defaults to x84_64-efi on Gentoo (maybe not on Arch?) and the id is just a name, you can put whatever there. See man grub-install.










  • I edited my comment on your other reply and by my estimation, calculating every SHA256 of all MACs ever potentially issued takes less than 89 seconds on an RTX 3090.

    I also think MACs are (or should be considered) personally identifiable information, since there is potentially a paper trail back to the person who bought it. Plus MACs are not secret information, it’s broadcast on the LAN and for wireless modules over the air in the immediate vicinity (though some systems will randomize wireless MACs for privacy reasons). Privacy-unfriendly software has been known to collect MACs (even from other devices on the network and in the vicinity), so there are already databases connecting MAC addresses with other data.


  • You don’t need this to count unique users. You could just assign a random number on install or whatever. Or even more simply, just run the thing once per month, should be accurate enough. Do they expect the software to just randomly spam duplicate reports? Don’t write it that way.

    Best case they don’t care about collecting minimal data and don’t understand that hashed MACs are easily reversible. So incompetent fools with no sensitivity to privacy.

    Maybe this should be Manjaro’s tagline: Not purposely malicious, just grossly negligent and ignorant.


  • Debian popcon is opt-in, first of all.

    https://popcon.debian.org/FAQ

    Q) What information is reported by popularity-contest ?

    A) popularity-contest reports the system vendor [1], the system architecture you use, the version of popularity-contest you use and the list of packages installed on your system. For each package, popularity-contest looks at the most recently used (based on atime) files, and reports the filename, its last access time (atime) and last change time (ctime). However, some files are not considered, because they have unreliable atime. For privacy reasons, the times are truncated to multiple of twelve hours.

    [1] i.e. the dpkg Vendor field, see dpkg-vendor(1).

    So no fucking MAC addresses and machine-ids and harddrive serial numbers and stuff.

    They only want package statistics, the point being to have statistics about the popularity of packages, mainly so they can be prioritized for the CD/DVD isos. You know, information that actually has a use, not hardware identifiers that can only be used for tracking purposes.


  • That’s not anonymous, that’s pseudonymous.

    What is the point of this? The machine-id already looks to be some unique random number, so you’re calculating another unique random-looking number from that, might as well use the original number.

    You can’t glean any useful information from a unique random-looking number that would help with developing Manjaro. You can’t calculate any statistics from that. The only use is tracking.

    Edit: And as mentioned in my other comment, reversing the MAC SHA by brute force is trivial, so that one at least (and possibly the other hardware serial numbers they collect) shouldn’t even be considered pseudonymous.


  • MAC addresses are 48 bit, and half of that is just the manufacturer. So 24 bits really, and those bits aren’t random, I think manufacturers just assign these based on some scheme, like a serial number. Point is you could easily reverse the SHA by brute force.

    You can’t calculate any useful statistic from a hash so literally the only use this would have is some sort of tracking.


    Edit: I just looked up some data and I found someone using hashcat on an RTX 3090, which looks like it can do almost 10000 million SHA256 hashes per second of salted passwords (which are longer than 48 bit MACs, so MACs should be faster). 2²⁴ is 16.8 million, so it’ll take about 1.7 ms per vendor. I found a database with (all?) 53011 vendor ids:

    >>> 2**24 * 53011 / 10000 / 1000 / 1000
    88.93769973759998
    

    Yup, 89 seconds. You can calculate the SHA256 of every single MAC ever potentially issued in 89 seconds on a bog-standard 3090.