You don't even really need that; you just need to wait until the user runs `sudo` and then you also run `sudo` after they authenticate. Now you're root, boom. It doesn't get you the password, but once you're root you can backdoor to your heart's content and then you probably don't need it.
Alternately, run `sudo --non-interactive --validate` over and over until it succeeds. For some reason, using noninteractive doesn't log to the auth log/journald the way trying and failing to actually run a command would.
Edit: the loop only works assuming you can run this sudo command in the background in the user's shell so that you can pick up the same sudo session when they auth, which is honestly unlikely. Easier to wrap sudo in a command that just also runs sudo and then immediately runs something else.
I mean, this is basically why you press Ctrl-Alt-Del to log in on Windows NT and Win2k - because it's a keystroke that malware couldn't trap, so they can't put up a fake login screen because the OS will override it anyway.
FWIW, the base images they're talking about do not contain an entire OS. In fact, they're lacking a colossal amount of the most basic stuff that qualifies as 'an entire OS'. In many cases, your base images are 'a program to install more stuff if you need it', a shell, and coreutils.
Google promised their Nexus phones would get new versions of Android for X years then, after selling a bunch of them, just changed their mind.
I'm having a hard time googling it since every result that comes up is about Google cancelling Nexus phones entirely way back when, but I remember a lot of Nexus users were kind of PO'ed about it.
Correction: if the manufacturer chooses to provide updates, and they don't have to, they must continue to make those updates available for five years after end of sales.
In other words, manufacturers aren't required to publish updates at all, but if they do provide updates they have to make them available to users for five years after they stop sales. This only stops the case where a manufacturer ships a device and publishes updates for the device, but then takes those updates offline after they stop selling the device (but before 5 years is up).
A laptop built entirely around AI, which is definitely a stable business that will be around in its current form indefinitely and whose cost definitely won't go up once Google needs to start making a profit on it.
Went through acquiring game studios. Closed them before they released a single game.
A big part of Stadia failing was it didn't get traction, and a big part of that reason was Google's history of just giving up on products out of nowhere, so very few people were willing to give Stadia money with the risk of everything they bought vanishing. Then, when Google did give up on Stadia out of nowhere, Google said they'd refund everyone everything they spent - the kind of pledge that might have encouraged more people to actually give it a try.
Then again I heard anecdotal stories from a lot of developers that Google was a pain in the ass to work with because they didn't understand anything about working with game studios; it was just "we'll give you X money to bring your game to Stadia" when that money didn't make it worth taking developers away from the platforms they were already publishing to.
How is it getting that pricing data? By reading the giant, three-inch-high price labels that are right next to the fruit?
Call me crazy but I don't think that "discovering how much oranges cost" is a big enough pain point for most people to spend hundreds of dollars on smart glasses to solve.
Someone on HN a few months ago said that they gave up and decided to try Copilot in Outlook, which Outlook kept nagging him to do. He tried the example prompt that the nag screen gave him, whatever it was, and Copilot said 'sorry, I don't have that functionality' or something.
Not only the actual functionality people want is missing, but the functionality they're nagging us to use is missing./
I'm not sure if it's more frustrating or just laughably absurd how often I have experiences like this. Like where an LLM chatbot (mostly Gemini) or other AI tool gives me sample prompts to click and test (so they can show their capabilities, give inspiration etc) and it fails right off the bat.
Out of all things you'd think they'd at least invest some time to run some quality control on the demo options lol.
Alternately, run `sudo --non-interactive --validate` over and over until it succeeds. For some reason, using noninteractive doesn't log to the auth log/journald the way trying and failing to actually run a command would.
Edit: the loop only works assuming you can run this sudo command in the background in the user's shell so that you can pick up the same sudo session when they auth, which is honestly unlikely. Easier to wrap sudo in a command that just also runs sudo and then immediately runs something else.
reply