rotopenguin

joined 2 years ago
sorted by: new top controversial old
Battlefield V now broken on Steam Deck / Linux with EA anticheat live in c/steamdeck@sopuli.xyz
[–] rotopenguin 34 points 2 years ago

The more EA breaks their own shitty games, the more powerful Linux becomes

Never seen a Camel walk through the eye of a Needle. in c/memes@lemmy.ml
[–] rotopenguin 24 points 2 years ago (1 children)

Shaking hands with St. Peter, slipping him a crisp $20: I think everything's all set here, don't you Pete? C'mon, open up those big beautiful pearly gates.

Ubuntu 24.04 Beta Delayed Due To XZ Nightmare in c/linux@lemmy.ml
[–] rotopenguin 39 points 2 years ago* (last edited 2 years ago) (4 children)

My $0.05 reading of it is that they want to hose down the build servers* and start clean, in case if the attacker escaped the sandboxing there.

* (the computers that compile all of the new packages from source, not web servers that are handing out finished deb binaries to the public.)

Thunderbird goes from DEB to snap in Ubuntu 24.04 in c/linux@lemmy.ml
[–] rotopenguin 1 points 2 years ago

I stand corrected. All programs should have access to anything, anywhere, and be linked to liblzma just in case if some arbitrary file is compressed. Thank you for setting me straight.

Thunderbird goes from DEB to snap in Ubuntu 24.04 in c/linux@lemmy.ml
[–] rotopenguin 1 points 2 years ago (1 children)

Any app that can be sandboxed, should. Especially apps that are parsing random data from the internet.

Thunderbird goes from DEB to snap in Ubuntu 24.04 in c/linux@lemmy.ml
[–] rotopenguin 15 points 2 years ago (2 children)

It can then go from a snap to a superior flatpak real quick.

[Sway] Lisp is taking over in c/unixporn@lemmy.ml
[–] rotopenguin 0 points 2 years ago

That sounds a lot nicer than the jav ascript garbage colle ction nightmar e that is gnome-m utter / gjs

[Discussion] New month, new games. What are you playing on you Deck? - April 2024 in c/steamdeck@sopuli.xyz
[–] rotopenguin 1 points 2 years ago

Stardoot

Will antivirus be more significant on Linux desktop after this xz-util backdoor? in c/linux@lemmy.ml
[–] rotopenguin 35 points 2 years ago* (last edited 2 years ago)

The xz attack was not a clown show. It's a well orchestrated attack, with a lot of clever techniques to slip a payload into something that is supposed to be fully open and readable source code. Somebody recognized a difference between what people think ssh&systemd's dependency graph looks like, and what it actually was. Fuckery went into disabling some technical defenses (a single dot was snuck into an autoconf file! Try to find it.) and SE went into disabling others. The best malware reversers in the world have been shooting caffeine into their eyeballs for 2 days, trying to make sense of latter-stage payloads.

This attack was damn good. They either got unlucky, or there is a small possibility that our spies out-spied them and dropped the dime. Another angle is that they were running out of time - systemd developers were getting nervous about their own surface area and were working to cut that back. The attacker took the chance on running their play before it was fully bulletproofed, because it was in greater danger of becoming an obsolete exploit.

Unveiling the xz Utils Backdoor which deliberately opens our SSH connections for RCAs in c/linux@lemmy.ml
Those who custom configure their kernel: what did you gain? in c/linux@lemmy.ml
[–] rotopenguin 3 points 2 years ago

"Oh, did I need to rebuild the initrd too? Shhheeeeit, can I do that in a chroot from a livedisk or something?"

backdoor in upstream xz/liblzma leading to ssh server compromise in c/linux@lemmy.ml
[–] rotopenguin 21 points 2 years ago (2 children)

apt info xz-utils

Your version is old as balls. Even if you were on Mantic, it would still be old as balls.

view more: ‹ prev next ›