@kstrlworks@techhub.social cover
@kstrlworks@techhub.social avatar

kstrlworks

@[email protected]

Building @ KstrlWorks. Used to babysit F‑35s and OTC trading systems, now babysitting #Linux apps.

🔧 Building HardPass (#VFIO / #LinuxGaming ).
🏴‍☠️ #SelfHosted & #Privacy maximalist.
⚡ Hacking in #Golang, #ZigLang & #Flutter.

Writing high-performance tools for #GameDev, #SysAdmin

This profile is from a federated server and may be incomplete. View on remote instance

@briankrebs@infosec.exchange avatar briankrebs , to random

If you're on LinkedIn and are thinking about verifying your account with them, maybe read this first. It walks through LinkedIn's privacy disclosure to identify 17 companies that may receive and process the data you submit, including name, passport photo, selfie, facial geometry, NFC data chip, national ID #, DoB, email, phone number, address, IP address, device type, MAC address, language, geolocation etc. Unsurprisingly, it seems the biggest recipients are US-based AI companies.

https://thelocalstack.eu/posts/linkedin-identity-verification-privacy/

A screenshot from thelocalstack.eu // THE 17 COMPANIES THAT TOUCH YOUR FACE Persona maintains a public list of subprocessors — third-party companies that process your personal data on their behalf. Here's the ful list: COMPANY WHAT THEY DO WITH YOUR DATA LocATION Anthropic Data Extraction and Analysis San Francisco, USA Openal Data Extraction and Analysis San Francisco, USA Grogeloud Data Extraction and Analysis San Jose, USA AWS Infrastructure, Image Processing Houston, USA Google Cloud Platform Infrastructure as a Service Mountain View, USA Resistant Al Document Analysis New York, USA FingerprintJs Device Analysis Chicago, USA MongoDB Database Services New York, USA Snowflake Database Services Bozeman, USA Elasticsearch Search and Analytics Engine Mountain View, USA Confluent ETL Services Mountain View, USA DBT ETL Services Philadelphia, USA Sigma Computing Data Analytics. San Francisco, USA Tableau Data Analytics. Seattle, USA Stripe Gredit Card Processing South San Francisco, USA Twilio Communication APs (Phone, SMS) Denver, USA Persona Identities Canada Gustomer Support & Development Toronto, Canada
ALT
kstrlworks ,
@kstrlworks@techhub.social avatar

@briankrebs I worked heavily with Persona and can say the following:

  1. Data is deleted from their servers because it is transferred to "not their server" cold storage, not completely removed from access. I should specify this used to be the case but I have heard they have changed this as of late.

  2. They have very poor RBAC capabilities; it's effectively all or nothing for developers, in that you either access all user data or can't use the system to test APIs properly.

  3. Persona doesn't actually have any capability to validate if your IDs are valid, such as checking driver license numbers or passport numbers in a valid database. Therefore, the ability to validate an ID is questionable at best, but it does meet the requirements of KYC and KYB.

  4. Its default recommended workflow leaks the ID to the account; that ID can be used to push fake data to the Persona flow for another user, which can then be used for social engineering. This is by design, and no, they refused to fix it.

@kstrlworks@techhub.social avatar kstrlworks , to random

Is anyone else noticing that Unreal is moving away from being a game engine and is moving more into being a cinematic engine? A lot of its features are getting badly optimized for games while being more optimized for visuals and renders.

If we think about their revenue model being a percentage of returns or a flat fee, you realize that on movies and animations their ROI is higher, so it makes sense. But it also means games will continue to suffer unless devs fork their engine prior to 5.3 and start stripping things out.

Where is Linux not working well in your daily usage? Share your pain points as of 2026, so we can respectfully discuss

Thought I'd create a distinct thread from the previous one asking about daily use, because I really do want to hear more on people's pain points. Great to know people are generally sounding pretty positive in those posts who recently switched, but want to know your difficulties as well! This way old and new users can share ...

kstrlworks ,
@kstrlworks@techhub.social avatar

Sprocketfree cm0002 the problem is not that they don't exist it's that they barely have apps.

kstrlworks ,
@kstrlworks@techhub.social avatar

dreadbeef C bindings can be used on Rust so Gnome should be easier. I find QTs lack of AT-SPI to be a non starter. Also nothing says you need to use gnome or it if you're making your own mobile first compositor.

kstrlworks ,
@kstrlworks@techhub.social avatar

dreadbeef super valid point. I do believe having a Wayland compositor that just reformatted the app via ST-API would be a massive first step. It would force accessibility and dynamic sizing. Given only Gnome has ST-API built in. Qt is just a mess for accessibility

kstrlworks ,
@kstrlworks@techhub.social avatar

CannonFodder @Neptr@lemmy.blahaj.zone avatar Neptr You were bundling LGPL source into your project. Their request was right, you were violating their license; if you had just used upstream FFmpeg by requiring systems to install it from the package i.e .deb dependency or downloading it directly from their releases and having their binary fully separate, you wouldn't have had any pushback.

kstrlworks ,
@kstrlworks@techhub.social avatar

CannonFodder Policy? It's the legal license you agreed to when you copied their code. It's not like they rug pulled you; it's open, and you should have read it before you even started. If you are commercial, look into FOSSA; you need an SCA for license compliance. Your way around this for LGPL was to make a fork and then compile the fork and use those compiled libraries if you needed airgapped. The moment anything touches that code, like if you static link all code that is touching it now needs to now be public too. If you dynamically link as long as the full code for that file is open you're covered.

I'm actually baffled you didn't even bother reading their license for a commercial product and chalked it up to they have some policy.

kstrlworks ,
@kstrlworks@techhub.social avatar

CannonFodder The switching of your linking afterward doesn't change the requirement you violated and needed to comply with, which was to open source the code that touched it.

No, it wouldn't and shouldn't have just dropped all the required because you complied when caught; this is equivalent to saying you parked in a handicap spot and then, when asked, moved your car and said you expected not to get fined now and the police are harassing you for such.

I get the frustration, but I know as a business owner you wouldn't sign a legal document without reading it or understanding what you're setting yourself up for. Yet this seems to be exactly your process with software licenses. You need a Software Composition Analysis (SCA) if you do not have the time or the energy to read the licenses; this will prevent you from falling into the same hole.

PS: this has been heavily tried in court look at QT LPGL licensing enforcement cases this is a known license and known requirements.

kstrlworks ,
@kstrlworks@techhub.social avatar

CannonFodder Librerian
Just a heads up, this isn't a good look for your Robotics business. As the owner, you're always representing your company. Getting into arguments and insulting people online doesn't exactly scream professionalism, or customer trust. Might want to think about how this reflects on your business.

@kstrlworks@techhub.social avatar kstrlworks , to random

Hi, I'm Sparrow. I run KstrlWorks where we build high-performance, privacy-first tools for Linux users.

Built systems for F-35s and high-frequency trading desks. Now an executive that companies with deep pockets parachute into their disasters to fix operations and actually grow them.

Currently shipping:
HardPass - GPU passthrough and that actually works. For and power users.

I write about:

  • Real . The kind that prevents incidents, not LinkedIn motivational posters.
  • Running efficient, security-first teams that don't implode
  • , systems architecture, and
  • Building infrastructure so solid you never need to hire a fixer like me

High-performance, privacy-first tools built with the same standards I use for critical systems. Linux users deserve that.

Let's build things that work. 🐧

Hardpass GPU passthrough tool, to run windows apps locally with hardware acceleration.
ALT
kstrlworks ,
@kstrlworks@techhub.social avatar

prettybunnys gigachad Debian actively prevents you from changing their version to stop you from messing up the system. Consider Pipx or UV to use and install wherever other things you wanted to that way and you won't have a problem..

having trouble running the playstation accessories app on vm

i want to update the firmware on my dualsense controller and installed the necessary app on a vm. it opens but when i plug in the controller the app seems to crash. i tried uninstalling and reinstalling and rebooting but it keeps crashing. does anyone have any potential fixes?

the image is of the app before connecting my controller. after connecting, the app closes without any message and will not reopen until after i disconnect the controller.
ALT
kstrlworks ,
@kstrlworks@techhub.social avatar

@Chiivo@lemmy.world avatar Chiivo

The app is most likely disconnecting and reconnecting the controller or making it connect as another device through the process the moment that happens the device is not passed back through or not as the fully same device so apps fail.

This is similar to things like VR and boom microphones