28 Jul
2025
28 Jul
'25
6 p.m.
Somehow, my locale on one of my systems was changed to am_ET.uft8. I might not have
noticed, actually. It only obviously broke a few farily minor things. But, I use xdotool
scripts with "search --name" parameters and they stopped working. The target of
these commands is my Firefox browser. It turns out that Firefox will default to it's
"C" locale if it doesn't recognize the locale as set.
Everything looked the same, but was in fact different :)
After switching the locale back to en_US.utf8, my xdotool scripts worked just fine.
It seems to me that resetting the locale in this way could be used for all kinds of
attacks. If an attacker could change my locale, I have two questions: How did they do it
and what else did they change. It happened on one of my more secure systems where I
don't visit weird sites.
I was stracing some stuff and used a few related programs and was playing with file
descriptors. That may be the culprit too :) I'm going to move this activity to
another system, which will be more cumbersome. But, I'd like to keep the affected
system relatively secure
After forcing Google/Gemini to treat these changes as an attack, it gave me back some
pretty generic advice but nothing about a specific attack other than some attacks look at
the locale.
Just an FYI and seeing if anyone has any experience or thoughts. I found the insideous
nature of the effects of the locale change interesting.