Skip Navigation

InitialsDiceBearhttps://github.com/dicebear/dicebearhttps://creativecommons.org/publicdomain/zero/1.0/„Initials” (https://github.com/dicebear/dicebear) by „DiceBear”, licensed under „CC0 1.0” (https://creativecommons.org/publicdomain/zero/1.0/)L

Laser

@ Laser @feddit.de

Posts
0
Comments
105
Joined
3 yr. ago

  • Lix - a new fork of Nix

    Jump

  • This is a fork or other form of replacement for nix as in the package manager. It does not replace NixOS, but can be used on NixOS and Darwin.

  • Eurozone escapes recession as France, Spain, Germany and Italy beat growth forecasts – business live

    Jump

  • Letting the interest rate is usually an instrument used when invest is too low, a growing economy however is a sign of invest going up.

    Low interest rates have been a major driver for a lot of prices the last years, especially housing, so I don't mind interest rates not coming down immediately and I don't expect the ECB to do so when the Fed doesn't.

    I would like to see banks offer fair interest rate to customers though. There's a huge gap currently.

  • Deleted

    deleted by creator

    Jump

  • Yeah weird in that regard that a car wash can render it non-functional if you forget to put it into car wash mode

    I initially thought it was a joke

  • Should have stayed in the basement

    Jump

  • It's the reverse of what is more likely to happen: kids wanting to be an astronaut when they grow up, but then achieving nothing, which is way more likely than this: kid wants to achieve nothing, yet becomes an astronaut, a profession which only very select individuals can reach with less of effort. Having failed at his dream of not achieving anything, the astronaut is sad.

  • What could your distro learn from another distro?

    Jump

  • Yes! Apologies, didn't proofread what my phone produced from swiping

  • What could your distro learn from another distro?

    Jump

  • NixOS has the best concept and even pioneered it, but whether its implementation and documentation is perfect is a topic for debate.

    However, it's been quite long since I had to fiddle with my config and as such, the downsides don't really affect one on a daily basis. In fact, I recently reinstalled my machine to change the root filesystem and it was an absolute breeze. If not for secure boot, it would have been absolutely trivial, and with secure boot it was easy and convenient.

    As such, I consider the pains an investment into system that runs much better down the road. Though I'd love it if these pains were reduced.

  • Unmasking the hidden gems of Void Linux | Animesh Sahu

    Jump

  • nixpkgs is holding out with it because it's part of the current GNOME 46 draft pull request: https://github.com/NixOS/nixpkgs/issues/282102

    Though I agree it'd have made more sense to migrate to freerdp 3 earlier and have two versions available, like with pipewire.

    There's also a nix file in that discussion with a more recent version.

  • Fwupd Will Use Zstd Compression

    Jump

  • Fwupd Will Use Zstd Compression

    Jump

  • Maybe Debian's goal is to make liblzma a dependency of everything possible? It wasn't a standard dependency of OpenSSH either, but rather something they patched in. ;)

  • Fwupd Will Use Zstd Compression

    Jump

  • Here, it's libzstd.so, libc and glibc, and libzstd only libc and glibc. What do you mean? At first I thought you were implying an liblzma dependency, but there's no such thing, at least can't see it.

  • Tried Arch for the first time | My experience and impressions

    Jump

  • As far as I know, you can use ChatGPT without a subscription, but still paid. I found https://nano-gpt.com/get-started the other day where you pay with cryptocurrency per request, I guess someone behind the scenes is paying the subscription and is offering this as a service. The model behind can be chosen. So in case you have some lying around, you can just use that, or if there's more interest from others, give me the prompt and I'll pay for it, still have Nano around.

  • The xz package has been backdoored, you need to update your system now

    Jump

  • It just worked fine when I checked right now

  • backdoor in upstream xz/liblzma leading to ssh server compromise

    Jump

  • Fedora 41, Fedora Rawhide, Debian Sid are the currently known affected ones AFAIK.

  • The xz package has been backdoored, you need to update your system now

    Jump

  • Debian is not really the problem, but rather the target, just read the original announcement at https://www.openwall.com/lists/oss-security/2024/03/29/4:

     
        
== Affected Systems ==
Running as part of a debian or RPM package build:
if test -f "$srcdir/debian/rules" || test "x$RPM_ARCH" = "xx86_64";then
...
openssh does not directly use liblzma. However debian and several other
distributions patch openssh to support systemd notification, and libsystemd
does depend on lzma.


Initially starting sshd outside of systemd did not show the slowdown, despite
the backdoor briefly getting invoked. This appears to be part of some
countermeasures to make analysis harder.

Observed requirements for the exploit:
a) TERM environment variable is not set
b) argv[0] needs to be /usr/sbin/sshd
c) LD_DEBUG, LD_PROFILE are not set
d) LANG needs to be set
e) Some debugging environments, like rr, appear to be detected. Plain gdb
   appears to be detected in some situations, but not others

    So if you were using Arch, you were unaffected by this vulnerability because

    • the script wouldn't trigger because it uses neither DEB nor RPM packages
    • even if it had triggered, the backdoor only gets activated when the calling binary is /usr/sbin/sshdwhich doesn't happen in Arch because they don't patch OpenSSH to support systemd (which in turn pulls in xz).

    This doesn't mean that Arch saved you because it's super secure or anything, but this was a supply chain attack that hit Arch (and Debian Sid, where the backdoor was actually caught because ssh logins took so long…), but it didn't trigger because it wasn't targeted.

    Meaning there's no immediate need to be concerned, but you should update ASAP even though the Arch package probably doesn't contain backdoored artifacts.

  • I have unlimited cellular data on my phone but not if I use it as a hotspot.

    Jump

  • I had a provider before that blocked tethering and hotspot, the solution there was also to increase TTL on the clients connecting to the phone by 1. The phone would lower it by 1 again, making it look like data originated from there.

  • BitTorrent is No Longer the ‘King’ of Upstream Internet Traffic

    Jump

  • uTorrent sold out, its decline is not only due to BitTorrent becoming less popular, but also because what was once a very thin client at one point was bundled with malware so a lot of people kept using old versions or switched to clients like qBitTorrent

  • Discord began blocking servers with information prohibited in the Russian Federation

    Jump

  • While discord doesn't necessarily cost money, it for sure also isn't free. In fact it's the reddit problem but way worse. A proprietary non-searchable database with all content fully licensed to discord including the right to sub-license. At least, Reddit had an API and is still searchable through their public facing http. I mean I get people don't want their group messages readable by everyone, bit for large groups, it makes sense.

  • thinking of trying linux,

    Jump

  • Personally, I don't get the appeal of distro hopping. I think it's nice to try different concepts, but there aren't that many.

    You basically have the "classic" distributions, like Debian, Suse, Fedora and their derivatives and if you want those split up into the stable and the rolling distributions (Arch, maybe Debian Sid). Then there's the source-based distributions, most notably Gentoo and derivatives. Declarative distributions, NixOS and GUIX system. And then maybe the newer breed of immutable distributions like Fedora Silverblue.

    To me, the difference between an Arch system and Debian are kind of minimal. Yet I'd always prefer Arch. But why would I hop to OpenSUSE?

    Granted, I always install from the terminal anyways and build my system to my needs, so I usually don't get the default experience.

  • thinking of trying linux,

    Jump

  • Not using Windows except for work, I use Linux mostly because of Microsoft's design decisions. I guess depending on your use case, Windows can be a perfectly fine OS. Personally, I think their behavior is unprofessional (trying to force Microsoft accounts on users, ads in the start menu, integration of AI into the system which means transmitting data to their servers etc) so I'm willing to accept tradeoffs for systems which do not come with these downsides.

    In the end, OSs are inherently complex.