Conversation
Notices
-
Embed this notice
Pleroma-tan (kirby@lab.nyanide.com)'s status on Saturday, 30-Mar-2024 10:13:11 JST 
Pleroma-tan
tbh i know moving to openbsd wouldn't do a whole lot because this is a supply chain attack on fucking xz but maybe i should just move lab to openbsd :awesome_rotate: -
Embed this notice
ExtraSpecialK (extraspecialk@poa.st)'s status on Saturday, 30-Mar-2024 13:40:12 JST 
ExtraSpecialK
@kirby This xz hack only targets .deb and .rpm based distros. I guess it also depends on openssh patched to work with systemd (which openbsd def doesn't have).
So you'd be safe on openbsd.... or even freebsd prob.Pleroma-tan likes this. -
Embed this notice
Pleroma-tan (kirby@lab.nyanide.com)'s status on Saturday, 30-Mar-2024 14:57:13 JST
Pleroma-tan
@realman543 @ExtraSpecialK are u ignorant or clueless -
Embed this notice
reeeeeelman (realman543@annihilation.social)'s status on Saturday, 30-Mar-2024 14:57:14 JST 
reeeeeelman
@ExtraSpecialK @kirby Should be compiling anyway. -
Embed this notice
Pleroma-tan (kirby@lab.nyanide.com)'s status on Saturday, 30-Mar-2024 15:10:49 JST
Pleroma-tan
@realman543 @ExtraSpecialK my fellow brother in christ, the vulnerability also affects releases built from source -
Embed this notice
reeeeeelman (realman543@annihilation.social)'s status on Saturday, 30-Mar-2024 15:10:50 JST
reeeeeelman
@kirby @ExtraSpecialK I'm better than 90% of people. :dude_smug: ✙ dcc :pedomustdie: :phear_slackware: likes this. -
Embed this notice
reeeeeelman (realman543@annihilation.social)'s status on Saturday, 30-Mar-2024 15:19:27 JST
reeeeeelman
@kirby @ExtraSpecialK >it also depends on openssh patched to work with systemd
🤨Pleroma-tan likes this. -
Embed this notice
Pleroma-tan (kirby@lab.nyanide.com)'s status on Saturday, 30-Mar-2024 15:19:47 JST
Pleroma-tan
@realman543 @ExtraSpecialK oh right. nevermind -
Embed this notice
Pleroma-tan (kirby@lab.nyanide.com)'s status on Saturday, 30-Mar-2024 15:20:35 JST
Pleroma-tan
@realman543 @ExtraSpecialK actually, even if you built from source on say debian, that would still affect it -
Embed this notice
Pleroma-tan (kirby@lab.nyanide.com)'s status on Saturday, 30-Mar-2024 15:21:31 JST
Pleroma-tan
@realman543 @ExtraSpecialK fair enough -
Embed this notice
reeeeeelman (realman543@annihilation.social)'s status on Saturday, 30-Mar-2024 15:21:32 JST
reeeeeelman
@kirby @ExtraSpecialK Only if you have systemgay, and then you can either simply turn off the systemd-flag (idk if this would fix it), or get a version that was not patched to work with systemd.
I'd be willing to bet money you could compile the gentoo version on debian if you tweak some (or maybe even with no tweaking).Pleroma-tan likes this.Pleroma-tan repeated this. -
Embed this notice
Pleroma-tan (kirby@lab.nyanide.com)'s status on Sunday, 31-Mar-2024 05:05:23 JST
Pleroma-tan
@m0xEE @realman543 @ExtraSpecialK tfw north korean state sponsored haxx0r literally implodes linux -
Embed this notice
:marseyloadingneon: m0xEE :marseyloading: (m0xee@breloma.m0xee.net)'s status on Sunday, 31-Mar-2024 05:05:25 JST 
:marseyloadingneon: m0xEE :marseyloading:
@realman543 @kirby @ExtraSpecialK
sshd with systemd support is how it was discovered, we still don't know if it's the only use case that might be affected. It's still not safe to assume that other software depending on liblzma isn't compromised as no one did the source code audit proper.
Even very old versions, e.g. 5.2.x might be affected, as this "person" was with the project for quite some time.
So I won't panic that much, we're all fucked anyway 😊Pleroma-tan likes this.
-
Embed this notice
All GNU social JP content and data are available under the