Yaksh Bariya

3.2K posts

Yaksh Bariya banner
Yaksh Bariya

Yaksh Bariya

@CodingThunder

@termuxdevs | Node.js for Android

India Katılım Haziran 2020
117 Takip Edilen223 Takipçiler
Sabitlenmiş Tweet
Yaksh Bariya
Yaksh Bariya@CodingThunder·
This is to announce that I am moving away from X to Mastodon. @CodingThunder" target="_blank" rel="nofollow noopener">mastodon.social/@CodingThunder is where I will be active now, and not here. Also this is probably my last day here. Just logged in to post this #mastodon
English
1
0
1
334
Yaksh Bariya
Yaksh Bariya@CodingThunder·
@shramanb113 @ashoKumar89 Yep, in fact I'm a huge fan of AppArmor, I did switch to using it for building packages for @termuxdevs. Wild that the documentation for AppArmor is literally non-existent. For even some of the basic features, you have to go through SO, or some gitlab issue. The Wiki is useless
English
1
0
1
24
Ashok Sahoo
Ashok Sahoo@ashoKumar89·
Would you approve this Dockerfile? It works. What production issues do you see?
Ashok Sahoo tweet media
English
8
1
36
12.2K
Yaksh Bariya
Yaksh Bariya@CodingThunder·
@GrapheneOS Thanks. My next phone will definitely then be whatever GrapheneOS phone @motorolaindia releases. I hope it is released in wider market and not just US/EU. I like the cleaner mostly AOSP builds by Motorola. (Tagging @Moto to let them know that people are waiting for it)
English
0
0
5
191
GrapheneOS
GrapheneOS@GrapheneOS·
@CodingThunder It's going well and it should be available at some point in 2027.
English
1
1
32
730
GrapheneOS
GrapheneOS@GrapheneOS·
Android's security policy for the past several years has been to backport patches for Critical and High severity Android vulnerabilities to the past 3 major yearly releases. Moderate and Low severity patches including most fixes for privacy weaknesses have required upgrading to the latest releases. Google recently informed OEMs of greatly reduced security support for older releases of Android. For the vast majority of discovered vulnerabilities, only Critical severity issues deemed to be an imminent risk will be backported at all and only to the most recent 2 major yearly releases (16 and 17). Externally reported vulnerabilities will currently still follow the same policy for backports as before. High and Critical severity vulnerabilities reported to Google by external parties will be backported to releases going back around 3 years (currently 14, 15, 16 and the current latest stable 17). Android Security Bulletins already omit Moderate and Low severity patches. They're already dated 2-4 months after the vulnerabilities were disclosed to OEMs and allowed to be shipped. Only Samsung flagships and Pixels ship any of it 'early' on practice. Only GrapheneOS ships the full set 'early'. The vast majority of vulnerabilities are now being discovered internally by Google for Android and Chrome. These are largely being discovered with AI. The subset deemed Critical severity and an imminent risk will be backported to 16 and 17. Bare minimum security support for older releases is over. Bare minimum Android security patches now require being on Android 16, 16 QPR2 or 17 and quickly moving to Android 18 when it's released. Once Android 18 is released, it will be the only release with current High and Critical severity patches. Serious support for older Android releases has ended. Android 17 is the only Android release with the current set of disclosed Moderate and Low severity patches. Android 16, 16 QPR2 and 17 will soon be the only releases with the current set of disclosed Critical and High severity patches too. Once Android 18 is released, it will be the only one. Vast majority of Linux kernel vulnerabilities aren't covered by Android Security Bulletins, externally disclosed patches are backported very slowly and Android Security Bulletins come 2-4 months later than when Android patches can be shipped. If you want bare minimum patches, use iOS or GrapheneOS. We're going to need to do a lot of work with Motorola and Qualcomm to provide serious patches for GrapheneOS devices. We're going to need more developers. After the launch of the new devices with GrapheneOS support, we want to repeatedly port to the latest Linux LTS branch among other major changes. Google is completely overwhelmed by the massive torrent of vulnerabilities discovered by AI models. They've done repeated cycles of layoffs and buyouts crippling their ability to handle it. The change to the schedule for Android Security Bulletins is also extremely at odds with this new reality. Google switched to a performative Android Security Bulletin system with vulnerabilities listed 2-4 months after they're shipped. They're pretending as if not open sourcing patches protects people from OEMs not patching them. Our community has people successfully reverse engineering binary patches. Google needs to start open sourcing QPR1 and QPR3 releases again along with open sourcing security preview patches shortly after disclosure to OEMs. Otherwise, we'll just hire people to start doing reverse engineering work in an official capacity to start publishing the changes as open source early.
English
25
116
1.1K
41.6K
Yaksh Bariya
Yaksh Bariya@CodingThunder·
@shramanb113 @ashoKumar89 Non-root user shouldn't be needed, it's already inside a container. So should be fine. Apart from that if you are serious about security I'd also add some custom hand-written apparmor rules
English
1
0
1
119
S Banerjee
S Banerjee@shramanb113·
I mean, there are quite a few issues here. Assuming this is intentionally a single stage build: 1. Use node:22-alpine or node:22-slim unless you specifically need the full image. 2. Set a WORKDIR before copying files. For the npm specific bits: 1. Copy package.json and package-lock.json first, then run npm ci (not npm install) to take advantage of Docker layer caching and ensure reproducible installs. 2. Copy the rest of the source after dependencies are installed. 3. Run as a non root user instead of the default root user. 4. Use the exec form: CMD ["npm", "server.js ( or the main file )"] @ashoKumar89 How far off am i from a good Dockerfile??
English
2
0
18
1.5K
Yaksh Bariya
Yaksh Bariya@CodingThunder·
@ashoKumar89 Shouldn't node_modules be in .dockerignore? Apart from that all the concerns are handled by @shramanb113 in another comment
English
0
0
2
622
NOVA
NOVA@Its_Nova1012·
Which command do you use to undo your last commit? → git reset --mixed HEAD~1 → git reset --soft HEAD~1 → git reset --hard HEAD~1
NOVA tweet media
English
35
2
58
5.4K
Yaksh Bariya
Yaksh Bariya@CodingThunder·
Nvm, it's uploaded to Google servers and shared via a QR code. Still exclusive to Pixel and Samsung S series, I want this so bad on my device
English
0
0
0
20
Yaksh Bariya
Yaksh Bariya@CodingThunder·
Seems like the new Google Play Services update has just brought #AirDrop support to all #Android 15 and newer devices. Horrrrayy. Love you #Google for this update.
English
1
0
0
42
Yaksh Bariya
Yaksh Bariya@CodingThunder·
@Troyano_CEH @ayesha_fatiima You need to specifically first do OOBE\BypassNRO, then when it reboots, go to terminal and ipconfig /release before moving to any other option in the GUI
English
1
0
0
6
Yaksh Bariya
Yaksh Bariya@CodingThunder·
@Troyano_CEH @ayesha_fatiima It is necessary to release the IP now with newer windows version. Else it'll try to update and refuse to provide the option of "I don't have internet".
English
1
0
0
15
ayesha
ayesha@ayesha_fatiima·
So Microsoft removed the option to set up Windows 11 offline. Guess it's time to switch to Linux. 🐧
ayesha tweet media
English
47
2
85
10.8K
Yaksh Bariya
Yaksh Bariya@CodingThunder·
@zeddotdev How much storage do you guys have that you can just forget to run it, and don't notice. I mean I have a bunch of npm, yarn, and cargo junk lying around here and there, but still I will notice it when it's been a while
English
0
0
0
221
Yaksh Bariya retweetledi
@abdimoalim.bsky.social
@abdimoalim.bsky.social@abdimoalim_·
std::vector<bool> is not a vector of bools.
English
10
1
59
8K
Yaksh Bariya
Yaksh Bariya@CodingThunder·
@Ancap_Christian Doesn't sony sell them at a discount? The sw is very limited or I might see myself thinking of using it as some sort of custom server for handling some stuff, haha cause of discounted prices especially in the current hardware prices
English
0
0
0
20
Yaksh Bariya
Yaksh Bariya@CodingThunder·
@Scope_404 Who cares when you have force push access. Let the branch burn with my code
English
0
0
0
45
Scope 404
Scope 404@Scope_404·
Please…
Scope 404 tweet media
English
9
6
50
54.4K
Yaksh Bariya
Yaksh Bariya@CodingThunder·
@GamewithDave In fact true. A lot of games I play I just tuned them down to low settings and I'd say they look more artisitc than on ultra in many cases. Yeah realistic lighting and other stuff is cool, but not necessary
English
0
0
0
26
Dave
Dave@GamewithDave·
Sad but true?
Dave tweet media
English
30
21
186
4.6K
Yaksh Bariya
Yaksh Bariya@CodingThunder·
Dear @SBIMF, I ain't investing in your BS company that doesn't even manage to beat it's benchmark. Get the fuck off and don't try to message me again with such a scam offer.
Yaksh Bariya tweet media
English
0
0
1
33
Yaksh Bariya
Yaksh Bariya@CodingThunder·
@GrapheneOS Also a shame that they are not backporting low severity fixes to older versions. I wonder how much of this could actually be left alone to vendors backporting and submitting the changes to AOSP if they didn't lock the trees to releases
English
1
0
0
74
Yaksh Bariya
Yaksh Bariya@CodingThunder·
@GrapheneOS Also hasn't Google moved a huge part of the security patches from vendors to Google Play System? I guess only the kernel and few other critical stuff is with the vendor. 2/N
English
2
0
0
95
Yaksh Bariya
Yaksh Bariya@CodingThunder·
@Troyano_CEH @ayesha_fatiima You also need to get rid of internet access with ipconfig /release, if you are too lazy to remove the ethernet cable or running in a VM and just lazy to remove the vNIC
English
1
0
0
8