GNU social JP
  • FAQ
  • Login
GNU social JPは日本のGNU socialサーバーです。
Usage/ToS/admin/test/Pleroma FE
  • Public

    • Public
    • Network
    • Groups
    • Featured
    • Popular
    • People

Conversation

Notices

  1. Embed this notice
    Pleroma-tan (kirby@lab.nyanide.com)'s status on Saturday, 30-Mar-2024 10:13:11 JST Pleroma-tan Pleroma-tan
    tbh i know moving to openbsd wouldn't do a whole lot because this is a supply chain attack on fucking xz but maybe i should just move lab to openbsd :awesome_rotate:
    In conversation about a year ago from lab.nyanide.com permalink
    • Embed this notice
      ExtraSpecialK (extraspecialk@poa.st)'s status on Saturday, 30-Mar-2024 13:40:12 JST ExtraSpecialK ExtraSpecialK
      in reply to
      @kirby This xz hack only targets .deb and .rpm based distros. I guess it also depends on openssh patched to work with systemd (which openbsd def doesn't have).

      So you'd be safe on openbsd.... or even freebsd prob.
      In conversation about a year ago permalink
      Pleroma-tan likes this.
    • Embed this notice
      Pleroma-tan (kirby@lab.nyanide.com)'s status on Saturday, 30-Mar-2024 14:57:13 JST Pleroma-tan Pleroma-tan
      in reply to
      • ExtraSpecialK
      • reeeeeelman
      @realman543 @ExtraSpecialK are u ignorant or clueless
      In conversation about a year ago permalink
    • Embed this notice
      reeeeeelman (realman543@annihilation.social)'s status on Saturday, 30-Mar-2024 14:57:14 JST reeeeeelman reeeeeelman
      in reply to
      • ExtraSpecialK
      @ExtraSpecialK @kirby Should be compiling anyway.
      In conversation about a year ago permalink
    • Embed this notice
      Pleroma-tan (kirby@lab.nyanide.com)'s status on Saturday, 30-Mar-2024 15:10:49 JST Pleroma-tan Pleroma-tan
      in reply to
      • ExtraSpecialK
      • reeeeeelman
      @realman543 @ExtraSpecialK my fellow brother in christ, the vulnerability also affects releases built from source
      In conversation about a year ago permalink
    • Embed this notice
      reeeeeelman (realman543@annihilation.social)'s status on Saturday, 30-Mar-2024 15:10:50 JST reeeeeelman reeeeeelman
      in reply to
      • ExtraSpecialK
      @kirby @ExtraSpecialK I'm better than 90% of people. :dude_smug:
      In conversation about a year ago permalink
      ✙ dcc :pedomustdie: :phear_slackware: likes this.
    • Embed this notice
      reeeeeelman (realman543@annihilation.social)'s status on Saturday, 30-Mar-2024 15:19:27 JST reeeeeelman reeeeeelman
      in reply to
      • ExtraSpecialK
      @kirby @ExtraSpecialK >it also depends on openssh patched to work with systemd
      🤨
      In conversation about a year ago permalink
      Pleroma-tan likes this.
    • Embed this notice
      Pleroma-tan (kirby@lab.nyanide.com)'s status on Saturday, 30-Mar-2024 15:19:47 JST Pleroma-tan Pleroma-tan
      in reply to
      • ExtraSpecialK
      • reeeeeelman
      @realman543 @ExtraSpecialK oh right. nevermind
      In conversation about a year ago permalink
    • Embed this notice
      Pleroma-tan (kirby@lab.nyanide.com)'s status on Saturday, 30-Mar-2024 15:20:35 JST Pleroma-tan Pleroma-tan
      in reply to
      • ExtraSpecialK
      • reeeeeelman
      @realman543 @ExtraSpecialK actually, even if you built from source on say debian, that would still affect it
      In conversation about a year ago permalink
    • Embed this notice
      Pleroma-tan (kirby@lab.nyanide.com)'s status on Saturday, 30-Mar-2024 15:21:31 JST Pleroma-tan Pleroma-tan
      in reply to
      • ExtraSpecialK
      • reeeeeelman
      @realman543 @ExtraSpecialK fair enough
      In conversation about a year ago permalink
    • Embed this notice
      reeeeeelman (realman543@annihilation.social)'s status on Saturday, 30-Mar-2024 15:21:32 JST reeeeeelman reeeeeelman
      in reply to
      • ExtraSpecialK
      @kirby @ExtraSpecialK Only if you have systemgay, and then you can either simply turn off the systemd-flag (idk if this would fix it), or get a version that was not patched to work with systemd.

      I'd be willing to bet money you could compile the gentoo version on debian if you tweak some (or maybe even with no tweaking).
      In conversation about a year ago permalink
      Pleroma-tan likes this.
      Pleroma-tan repeated this.
    • Embed this notice
      Pleroma-tan (kirby@lab.nyanide.com)'s status on Sunday, 31-Mar-2024 05:05:23 JST Pleroma-tan Pleroma-tan
      in reply to
      • ExtraSpecialK
      • :marseyloadingneon: m0xEE :marseyloading:
      • reeeeeelman
      @m0xEE @realman543 @ExtraSpecialK tfw north korean state sponsored haxx0r literally implodes linux
      In conversation about a year ago permalink
    • Embed this notice
      :marseyloadingneon: m0xEE :marseyloading: (m0xee@breloma.m0xee.net)'s status on Sunday, 31-Mar-2024 05:05:25 JST :marseyloadingneon: m0xEE :marseyloading: :marseyloadingneon: m0xEE :marseyloading:
      in reply to
      • ExtraSpecialK
      • reeeeeelman
      @realman543 @kirby @ExtraSpecialK
      sshd with systemd support is how it was discovered, we still don't know if it's the only use case that might be affected. It's still not safe to assume that other software depending on liblzma isn't compromised as no one did the source code audit proper.
      Even very old versions, e.g. 5.2.x might be affected, as this "person" was with the project for quite some time.

      So I won't panic that much, we're all fucked anyway 😊
      In conversation about a year ago permalink
      Pleroma-tan likes this.

Feeds

  • Activity Streams
  • RSS 2.0
  • Atom
  • Help
  • About
  • FAQ
  • TOS
  • Privacy
  • Source
  • Version
  • Contact

GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.

Creative Commons Attribution 3.0 All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.