chameleon

Unfortunately, it's definitively an instance of intentional design. This whole consent dialog thing became a booming "consent management platform" industry. Many of them advertise better acceptance rates than the competition, or used to but have removed those claims in more recent times now that the big GDPR boom is over.

This particular dialog is TrustArc, who are infamous. At one point they defended it with a "well, we gotta retry if it fails to make sure your preference is expected, and we can't know if your adblocker is causing it to fail or if it's just a fluke", which is one of those things where they say something that's not totally wrong but you know they're lying through their teeth.

Reproducible builds generally work from the published source tarballs, as those tend to be easier to mirror and archive than a Git repository is. The GPG-signed source tarball includes all of the code to build the exploit.

The Git repository does not include the code to build the backdoor (though it does include the actual backdoor itself, the binary "test file", it's simply disused).

Verifying that the tarball and Git repository match would be neat, but is not a focus of any existing reproducible build project that I know of. It probably should be, but quite a number of projects have legitimate differences in their tarballs, often pre-compiling things like autotools-based configure scripts and man pages so that you can have a relaxed ./configure && make && make install build without having to hunt down all of the necessary generators.

Won't help here; this backdoor is entirely reproducible. That's one of the scary parts.

This is a fun one we're gonna be hearing about for a while...

It's fortunate it was discovered before any major releases of non-rolling-release distros were cut, but damn.

Login isn't necessary, but there is no :latest tag published so you need to pull a version that exists. The current version is at codeberg.org/forgejo/forgejo:1.21.8-0 or at :1.21 if you want one that tracks patch updates (as found in the container registry).

My casual-browsing-only netbook is currently running on a RAID0 setup between the internal eMMC and the microSD card because I think it's funnier that way. Nothing useful's stored on there and it's one nixos-rebuild away from being reinstalled so I don't mind the inevitable breakage.

Someone hacked in a clear (in-game). First time it happened to this level, but not the first time it happened overall.

sudo mv /etc/default/grub /root/old_etcdefaultgrub to get it out of the way, then sudo dnf reinstall /etc/default/grub to reinstall the package that provides it, giving you a fresh unmodified copy. Should work for practically any config file on Fedora.

Storj is blockchain stuff with the storage and bandwidth provided by individual node operators. They've kinda tried to bury the whole blockchain stuff and generally keep it removed from their main signup/pricing/usage flow; customers pay in USD and never have to see any of it. But it's still there in the background and it's still the main reward system for node operators.

There's some clickwrapped T&Cs for operators that set some minimum requirements, they've made sure one node leaving doesn't cause data loss, but I'd still be very wary of using them for anything irreplaceable. It only takes one crypto crash or the like for the whole thing to die out, and while they might end up suing some guys running an old NAS out of their garage, that's not gonna get your data back.

DP is very much not free. VESA themselves is happy to tell you that DisplayPort is excluded from their list of free standards, and the leaked copies of old standards are stamped with a "distribution to non-members is prohibited" notice on every page.

I'm not sure where that misconception came from, but it really needs to stop at some point. The best thing to say about VESA is they're slightly less bad than the HDMI Forum. But only by so little.

This is a shot in the dark, but since the permissions look fine to me, the only other thing that comes to mind is that the SELinux contexts might not have been copied. Fedora is one of the few distros that enables SELinux in enforcing mode right out of the box. That can be very complex to understand if it breaks.

There is a Fedora documentation page about SELinux. The /var/log/audit/audit.log log file should be full of errors relating to your /home if it broke. I believe that stat /home and stat /new_home should display the SELinux context if SELinux is active, and they should be identical.

Also possible I'm totally off the mark, though, it's just a possibility.

I don't think Factorio is suitable for a first-time gamer. The way the inventory, hotbar and the map work aren't immediately obvious if you've never played a game. If you do try, at least turn biters off. The time pressure that's added by having to set up defense would be difficult enough to handle, but offensive combat is quite the struggle if you're still trying to learn basic gaming controls. You'd be dealing with things like swapping hotbars to one with grenades & stuff, control schemes changing the moment you get into a vehicle and weird targeting quirks. And by the time you get to trains or advanced oil cracking quite a lot of people tend to drop off the game in general.

I'd start with something like Minecraft on peaceful difficulty, then give easy or normal a try after a couple of hours if that goes well. Peaceful leaves time to learn all the basic controls and is fun enough to run around in by itself, and you're not going to get blasted by a creeper that fell behind you.