The playa flooded that year so we started late and were still working when the closure expired. A video of us working claiming that’s how we left it is disingenuous; otherwise what are we still doing there?
In a way it’s proof that we did in fact leave it clean; anybody doing a hit piece like that would 100% have included video of post-resto trash if they were able to find any.
No, you can grant yourself this inside an unprivileged user namespace. `unshare -Ur capsh --print` lists the capabilities inside a user namespace and demonstrates that it has both CAP_SYS_ADMIN and CAP_NET_ADMIN.
Almost all distros allow unprivileged user namespaces, and in my opinion this is the right decision, because they're important for browser sandboxing which I think is more important than LPEs.
You're probably right, but that seems like the less important part of this. At that point you've already got an out-of-bounds write. Another comment speculated that you could use PageJack as an alternative exploit path once you have that primitive: https://news.ycombinator.com/item?id=48069623
Some codepaths do ns_capable() (must have capability in owning namespace, reachable via unprivileged user namespaces), some do capable() (must have capability in host user namespace, not reachable via user namespaces at all).
ZCRX can only be enabled by passing capable(CAP_NET_ADMIN), so you need to be privileged on the host.
Namespaces _may_ result in limits on what you can do with a capability, but a capability is global in scope.
If a kernel feature is gated on cap_sys_admin only, it doesn't matter at all what namespace it is in. Namespace support or additional constraints are not implicit and have to be added to each need.
People misunderstanding this is partially why we have this latest crop of vulnerabilities.
I eventually went barefoot out of frustration one time and sat down with feet sticking outside the tent for a good 45 minutes trying to dig the stuff out between my toes. What an experience
I’ve done this for a couple years now, cool to see it pop up here. I believe the scale is a touch larger; 3935 acres in 2025, plus a small amount outside the fence line.
On the technical side, we not only log but photograph everything, down to each clump of toilet paper. We check our progress by doing hundreds of tests identical to what the BLM does, both ahead and behind our main crew; bagging up any debris to be photographed on green screens where the pixels are counted to ensure we’re under the 2.29×10^-3 percent limit.
It’s a stupendous amount of walking, with no shade, a moop stick and a bucket. But it’s a hell of a feeling to be part of making sure we remain undefeated against an impossible task that the future of burning man depends on.
I'm from a completely different country, never been to burning man, have no plans to visit, but I've been to other hacker camps and the most magical thing is being part of the build/clean up crews, because the 1 week camp is actually a 3 week experience. And those extra 2 weeks there is no bar, no lecture tent, no infrastructure, just you and a bunch of really fun people, in tents, in the wilderness, having a lot of cozy moments together.
Am I right to assume, that maybe this cleanup crew experiences something similar?
Burning Man culture draws a distinction between participants and spectators - one of the best ways to get the “participant” experience is by working and actively being a part of putting it on. This definitely includes build and strike. There are people (many paid by the Burning Man Org) who get there months before the event and stay for months after.
At burning man you can even get early access if you’re working on an art installation. It’s really fun hanging out, drinking beers, assembling art, and watching a mini Vegas sprout of nothing but a trash fence over a week or two.
Yeah, we definitely have a lot of great moments together, that's the biggest reason I come back. But otherwise, I imagine it's very different. We stay in the city and bus in each day. I had a dishwasher the year before last so doubt it's the same wilderness feel.
The camaraderie is similar. Although I experience more of what you’re talking about immediately following the event rather than the tightly constrained and well oiled machine of the moop mapping process.
I had the same thought when reading this. Even a lightweight CV system that pre-sorts items for human review could save a lot of effort. Happy to help look at a small sample of the data if that would be useful.
im not sure if that’s on my NDA but I’m comfortable saying it’s an ecosystem constrained decision, with much consideration owed to what kind of cases are available to keep the conductive and corrosive dust off the screen and ports
The analog version still exists, and gets hand updated every day (though we don’t upload photos). You can visit it the following year at the appropriately named camp, Moop Map.
File transfer and storage (Dropbox, browser download, rsync, scp, NFS/SAN etc) is a classic use case that can utilize all the bandwidth you have and typically uses single streams between client and server.
In a way it’s proof that we did in fact leave it clean; anybody doing a hit piece like that would 100% have included video of post-resto trash if they were able to find any.
reply