28 Jul
2025
28 Jul
'25
11 a.m.
Somehow, my locale on one of my systems was changed to am_ET.uft8. I might not have
noticed, actually. It only obviously broke a few farily minor things. But, I use xdotool
scripts with "search --name" parameters and they stopped working. The target of
these commands is my Firefox browser. It turns out that Firefox will default to it's
"C" locale if it doesn't recognize the locale as set.
Everything looked the same, but was in fact different :)
After switching the locale back to en_US.utf8, my xdotool scripts worked just fine.
It seems to me that resetting the locale in this way could be used for all kinds of
attacks. If an attacker could change my locale, I have two questions: How did they do it
and what else did they change. It happened on one of my more secure systems where I
don't visit weird sites.
I was stracing some stuff and used a few related programs and was playing with file
descriptors. That may be the culprit too :) I'm going to move this activity to
another system, which will be more cumbersome. But, I'd like to keep the affected
system relatively secure
After forcing Google/Gemini to treat these changes as an attack, it gave me back some
pretty generic advice but nothing about a specific attack other than some attacks look at
the locale.
Just an FYI and seeing if anyone has any experience or thoughts. I found the insideous
nature of the effects of the locale change interesting.
28 Jul
28 Jul
2:06 p.m.
Hi Gary-
That is very strange. (you might want to burn the computer) I guess that
local is Amharic (Ethiopia) . Tell me more about " visit weird sites. "
BTW my Github AI project has 40+ stars!
https://github.com/kbrisso/byte-vision
Anyone interested in a demo of local document analysis?
Kevin Brisson
On Mon, Jul 28, 2025 at 11:01 AM Gary <saclug(a)garymcglinn.com> wrote:
Somehow, my locale on one of my systems was changed to
am_ET.uft8. I
might not have noticed, actually. It only obviously broke a few farily
minor things. But, I use xdotool scripts with "search --name" parameters
and they stopped working. The target of these commands is my Firefox
browser. It turns out that Firefox will default to it's "C" locale if it
doesn't recognize the locale as set.
Everything looked the same, but was in fact different :)
After switching the locale back to en_US.utf8, my xdotool scripts worked
just fine.
It seems to me that resetting the locale in this way could be used for all
kinds of attacks. If an attacker could change my locale, I have two
questions: How did they do it and what else did they change. It happened
on one of my more secure systems where I don't visit weird sites.
I was stracing some stuff and used a few related programs and was playing
with file descriptors. That may be the culprit too :) I'm going to move
this activity to another system, which will be more cumbersome. But, I'd
like to keep the affected system relatively secure
After forcing Google/Gemini to treat these changes as an attack, it gave
me back some pretty generic advice but nothing about a specific attack
other than some attacks look at the locale.
Just an FYI and seeing if anyone has any experience or thoughts. I found
the insideous nature of the effects of the locale change interesting.
_______________________________________________
Lug-nuts mailing list -- lug-nuts(a)bigbrie.com
To unsubscribe send an email to lug-nuts-leave(a)bigbrie.com
30 Jul
30 Jul
4:22 p.m.
On Mon, Jul 28, 2025 at 02:06:23PM -0700, Kevin Brisson wrote:
Hi Gary-
That is very strange. (you might want to burn the computer) I guess
that local is Amharic (Ethiopia) . Tell me more about " visit weird
sites. "
BTW my Github AI project has 40+ stars!
[1]https://github.com/kbrisso/byte-vision
Anyone interested in a demo of local document analysis?
Hi Kevin,
We will meet at Kupros in August. I would be curious to see your local
document analysis. We could perhaps schedule a presentation style
meeting to review in further detail.
I use Liferay with Libreoffice and Elastic Search and its document
repository.
Brian
--
Brian Lavender
https://www.brie.com/brian/
"There are two ways of constructing a software design. One way is to
make it so simple that there are obviously no deficiencies. And the other
way is to make it so complicated that there are no obvious deficiencies."
Professor C. A. R. Hoare
The 1980 Turing award lecture
3 Aug
3 Aug
9:32 p.m.
Yes I can do a demo.
Thanks
Kevin
On Wed, Jul 30, 2025 at 4:23 PM Brian E. Lavender <brian(a)brie.com> wrote:
On Mon, Jul 28, 2025 at 02:06:23PM -0700, Kevin
Brisson wrote:
Hi Gary-
That is very strange. (you might want to burn the computer) I guess
that local is Amharic (Ethiopia) . Tell me more about " visit weird
sites. "
BTW my Github AI project has 40+ stars!
[1]https://github.com/kbrisso/byte-vision
Anyone interested in a demo of local document analysis?
Hi Kevin,
We will meet at Kupros in August. I would be curious to see your local
document analysis. We could perhaps schedule a presentation style
meeting to review in further detail.
I use Liferay with Libreoffice and Elastic Search and its document
repository.
Brian
--
Brian Lavender
https://www.brie.com/brian/
"There are two ways of constructing a software design. One way is to
make it so simple that there are obviously no deficiencies. And the other
way is to make it so complicated that there are no obvious deficiencies."
Professor C. A. R. Hoare
The 1980 Turing award lecture
_______________________________________________
Lug-nuts mailing list -- lug-nuts(a)bigbrie.com
To unsubscribe send an email to lug-nuts-leave(a)bigbrie.com
30 Jul
30 Jul
4:25 p.m.
On Mon, Jul 28, 2025 at 02:06:23PM -0700, Kevin Brisson wrote:
Hi Gary-
That is very strange. (you might want to burn the computer) I guess
that local is Amharic (Ethiopia) . Tell me more about " visit weird
sites. "
Gary, I seem to recall that you do not run regular updates on your
system. Personally, I would implement that practice.
Brian
--
Brian Lavender
https://www.brie.com/brian/
"There are two ways of constructing a software design. One way is to
make it so simple that there are obviously no deficiencies. And the other
way is to make it so complicated that there are no obvious deficiencies."
Professor C. A. R. Hoare
The 1980 Turing award lecture
6:25 p.m.
When is the next meeting?
On Wed, Jul 30, 2025 at 04:25:13PM -0700, Brian E. Lavender wrote:
On Mon, Jul 28, 2025 at 02:06:23PM -0700, Kevin
Brisson wrote:
--
-Gary
It is a simple thing to make things complex,
a complex thing to make things simple.
Hi Gary-
That is very strange. (you might want to burn the computer) I guess
that local is Amharic (Ethiopia) . Tell me more about " visit weird
sites. "
Gary, I seem to recall that you do not run regular updates on your
system. Personally, I would implement that practice.
Brian
--
Brian Lavender
https://www.brie.com/brian/
"There are two ways of constructing a software design. One way is to
make it so simple that there are obviously no deficiencies. And the other
way is to make it so complicated that there are no obvious deficiencies."
Professor C. A. R. Hoare
The 1980 Turing award lecture
_______________________________________________
Lug-nuts mailing list -- lug-nuts(a)bigbrie.com
To unsubscribe send an email to lug-nuts-leave(a)bigbrie.com
6:40 p.m.
Tue the 19th at 6:30. Sorry for being so lazy :)
On Wed, Jul 30, 2025 at 06:25:48PM -0700, Gary wrote:
When is the next meeting?
On Wed, Jul 30, 2025 at 04:25:13PM -0700, Brian E. Lavender wrote:
--
-Gary
It is a simple thing to make things complex,
a complex thing to make things simple.
On Mon, Jul 28, 2025 at 02:06:23PM -0700, Kevin
Brisson wrote:
--
-Gary
It is a simple thing to make things complex,
a complex thing to make things simple.
_______________________________________________
Lug-nuts mailing list -- lug-nuts(a)bigbrie.com
To unsubscribe send an email to lug-nuts-leave(a)bigbrie.com Hi Gary-
That is very strange. (you might want to burn the computer) I guess
that local is Amharic (Ethiopia) . Tell me more about " visit weird
sites. "
Gary, I seem to recall that you do not run regular updates on your
system. Personally, I would implement that practice.
Brian
--
Brian Lavender
https://www.brie.com/brian/
"There are two ways of constructing a software design. One way is to
make it so simple that there are obviously no deficiencies. And the other
way is to make it so complicated that there are no obvious deficiencies."
Professor C. A. R. Hoare
The 1980 Turing award lecture
_______________________________________________
Lug-nuts mailing list -- lug-nuts(a)bigbrie.com
To unsubscribe send an email to lug-nuts-leave(a)bigbrie.com
31 Jul
31 Jul
11:21 a.m.
No problem.
On Wed, Jul 30, 2025 at 06:40:25PM -0700, Gary wrote:
Tue the 19th at 6:30. Sorry for being so lazy :)
On Wed, Jul 30, 2025 at 06:25:48PM -0700, Gary wrote:
> When is the next meeting?
>
--
Brian Lavender
https://www.brie.com/brian/
"There are two ways of constructing a software design. One way is to
make it so simple that there are obviously no deficiencies. And the other
way is to make it so complicated that there are no obvious deficiencies."
Professor C. A. R. Hoare
The 1980 Turing award lecture
4 Aug
4 Aug
10:28 a.m.
I'm not sure if this is with the spirit or against it, but I found this:
CentOS Stream is derived from Fedora Linux. It has a new major version release every three
years, and each release is maintained for five years, matching the full support phase of
RHEL. CentOS Stream development is open to all, but because CentOS Stream only has updates
intended for RHEL, it is maintained by the RHEL team. Learn how to contribute.
Which seems like a reasonable compromise :)
On Wed, Jul 30, 2025 at 04:25:13PM -0700, Brian E. Lavender wrote:
On Mon, Jul 28, 2025 at 02:06:23PM -0700, Kevin
Brisson wrote:
--
-Gary
It is a simple thing to make things complex,
a complex thing to make things simple.
Hi Gary-
That is very strange. (you might want to burn the computer) I guess
that local is Amharic (Ethiopia) . Tell me more about " visit weird
sites. "
Gary, I seem to recall that you do not run regular updates on your
system. Personally, I would implement that practice.
Brian
--
Brian Lavender
https://www.brie.com/brian/
"There are two ways of constructing a software design. One way is to
make it so simple that there are obviously no deficiencies. And the other
way is to make it so complicated that there are no obvious deficiencies."
Professor C. A. R. Hoare
The 1980 Turing award lecture
_______________________________________________
Lug-nuts mailing list -- lug-nuts(a)bigbrie.com
To unsubscribe send an email to lug-nuts-leave(a)bigbrie.com
11:15 a.m.
Can't do it in this case. Kernel panic. My CPU doesn't support x86-64-v2.
On Mon, Aug 04, 2025 at 10:28:42AM -0700, Gary wrote:
I'm not sure if this is with the spirit or against
it, but I found this:
CentOS Stream is derived from Fedora Linux. It has a new major version release every
three years, and each release is maintained for five years, matching the full support
phase of RHEL. CentOS Stream development is open to all, but because CentOS Stream only
has updates intended for RHEL, it is maintained by the RHEL team. Learn how to contribute.
Which seems like a reasonable compromise :)
On Wed, Jul 30, 2025 at 04:25:13PM -0700, Brian E. Lavender wrote:
--
-Gary
It is a simple thing to make things complex,
a complex thing to make things simple.
On Mon, Jul 28, 2025 at 02:06:23PM -0700, Kevin
Brisson wrote:
--
-Gary
It is a simple thing to make things complex,
a complex thing to make things simple.
_______________________________________________
Lug-nuts mailing list -- lug-nuts(a)bigbrie.com
To unsubscribe send an email to lug-nuts-leave(a)bigbrie.com Hi Gary-
That is very strange. (you might want to burn the computer) I guess
that local is Amharic (Ethiopia) . Tell me more about " visit weird
sites. "
Gary, I seem to recall that you do not run regular updates on your
system. Personally, I would implement that practice.
Brian
--
Brian Lavender
https://www.brie.com/brian/
"There are two ways of constructing a software design. One way is to
make it so simple that there are obviously no deficiencies. And the other
way is to make it so complicated that there are no obvious deficiencies."
Professor C. A. R. Hoare
The 1980 Turing award lecture
_______________________________________________
Lug-nuts mailing list -- lug-nuts(a)bigbrie.com
To unsubscribe send an email to lug-nuts-leave(a)bigbrie.com
5:22 p.m.
I'm fairly certain that I understand the cause of the locale change.
I run this system with a display/monitor but without a keyboard. I use a smart TV
controller.
There was a power outage a few weeks back.
I finally decided it was time to reboot. I have a fair amount of stuff that I use a lot
running on this sytem. To log in, I have to use the on screen keyboard. It's
possible that I did some inadvertent keystroke and changed the locale, but the login
screen displayed en_US-UTF-8. But after logging in, the locale was am_ET.
I logged in again and expressly selected en_US.UTF-8 from the list, even though it
appeared to be selected. This time the locale was correctly set to en_US.
So, the system is back to normal and seems to be working well. There was probably no
general system issue or Evil Empire involved :)
The locale settings seem to be unnecessarily convoluted. And then there is X on top and
things being compiled to some binary format to stay in memory. A lot of moving parts.
On Mon, Jul 28, 2025 at 11:00:24AM -0700, Gary wrote:
Somehow, my locale on one of my systems was changed to
am_ET.uft8. I might not have noticed, actually. It only obviously broke a few farily
minor things. But, I use xdotool scripts with "search --name" parameters and
they stopped working. The target of these commands is my Firefox browser. It turns out
that Firefox will default to it's "C" locale if it doesn't recognize the
locale as set.
Everything looked the same, but was in fact different :)
After switching the locale back to en_US.utf8, my xdotool scripts worked just fine.
It seems to me that resetting the locale in this way could be used for all kinds of
attacks. If an attacker could change my locale, I have two questions: How did they do it
and what else did they change. It happened on one of my more secure systems where I
don't visit weird sites.
I was stracing some stuff and used a few related programs and was playing with file
descriptors. That may be the culprit too :) I'm going to move this activity to
another system, which will be more cumbersome. But, I'd like to keep the affected
system relatively secure
After forcing Google/Gemini to treat these changes as an attack, it gave me back some
pretty generic advice but nothing about a specific attack other than some attacks look at
the locale.
Just an FYI and seeing if anyone has any experience or thoughts. I found the insideous
nature of the effects of the locale change interesting.
_______________________________________________
Lug-nuts mailing list -- lug-nuts(a)bigbrie.com
To unsubscribe send an email to lug-nuts-leave(a)bigbrie.com
--
-Gary
It is a simple thing to make things complex,
a complex thing to make things simple.
27
days inactive
35
days old
10 comments
3 participants
participants (3)
-
Brian E. Lavender -
Gary -
Kevin Brisson