Attacking UNIX Systems via CUPS, Part I
#linux #nix #cups #rce #vulnerability #critical
https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/
Attacking UNIX Systems via CUPS, Part I
#linux #nix #cups #rce #vulnerability #critical
https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/
Vi uma #dica (acho que foi aqui no "Mastoverso" sobre um tal de `csvlens` para paginação/exibição de arquivos delimitados por vírgula ou outro caractere utilizando modo texto/terminal, mas quando fui montar um alias no bash para um shell do #Nix, percebi que poderia usar o `pspg` também. Apesar de o `pspg` ter sigo pensado para utilização com o #PostgreSQL, ele funciona bem para arquivos CSV e similares, inclusive, detectando delimitadores comuns no Brasil, como o ";".
Aproveitando que falei sobre o #Nix no último toot, vou comentar sobre o meu caso de utilização absolutamente banal: coloquei o #Nix no #openSUSE Leap porque precisei testar o ferramental de uma certa #blockchain para um cliente da empresa. Acabou que eu nem precisei do tal ferramental para resolver o problema, mas achei o Nix interessante. Como o Leap é uma distribuição estável, evito a necessidade de abarrotar o sistema com #Flatpak e experimento novidades ou obscuridades com `nix-shell -p`.
Video of the interview with #guix founder @civodul is available. A great chat about the #nix deployment model, his interested in #guile and #free software. Lots of interesting chat about motivation in #freesoftware, #gnu and #linux - as well as the Plan9-ification of Guix!!
In a single day, sourced only from fedi, 268 people have committed to migrating to a fork. 184 as users and 84 as contributors maintaining packages. This is a very good starting point for a #NixPkgs fork (which includes #NixOS).
The biggest blocker remaining is #Nix itself. Securing maintainers for Nix (the cpp project) would mean a newly established fork can exist independently. If you would be able to do so, please get in touch.
Last, I must express my deep disappointment and disbelief at the accusation of excluding people from minority or marginalized backgrounds. As someone who highly values diversity and inclusion, this accusation is not only unfounded but also insulting.
I don’t care if you’re insulted the discourse is full of right wingers and you’re not doing shit about it literally cry all you want you’re not doing anything I don’t care.
A lot of the problems in the #Nix/#NixOS community are fundamental, built into its culture, from toxic development culture to the *two* repeated military-industrial sponsorship situations.
The culture of undermining community authority, of acceptability of conflict of interest, of tolerating abusive behaviour, goes up to the very top of the organization, with Eelco Dolstra.
You can read an extensive summary of the issues and sign an open letter to the Foundation here:
oh yeah the secret project I've been working on for two months, @lix_project, is finally in public preview. there's a fair number of rough edges in the website and infra remaining to fix but the software is rock solid.
thanks so much to the dozens of people who have been running `main` daily for several weeks and reporting the few remaining issues. at this point i would say it's just a stabler, faster, more user friendly #Nix 2.18.
if you want to try it out: https://lix.systems
Distributed system daemons with Shepherd and Goblins funded by NLnet
https://spritely.institute/news/spritely-nlnet-grants-december-2023.html
Discussions: https://discu.eu/q/https://spritely.institute/news/spritely-nlnet-grants-december-2023.html
Btw, probably well-known by those closely involved in Nix et al, there's also #TVIX by The Virus Lounge, a #Rust reimplementation of the #Nix language. And a project that got funding from #NLnet @NGIZero
Update: Eelco went behind the back of the #Nix board that he himself is on to publish that all too dreadful Determinate Systems blog post.
https://discourse.nixos.org/t/small-update-from-the-board/44292
I feel like something is shifting internally, and I'm holding my hopes up to see what comes next week. :blobfoxcofeowo:
Getting really sick of painstakingly migrating to some Cool New Technical Thing With Superpowers and then whoops, It's All Ethics Violations after a while.
First #Kagi - CEO is a white dude who can't read the room when a bunch of users raise serious concerns re: suicide warnings, .ru indexes, Brave collab, etc.
Now #Nix / #NixOS - BDFL is a white dude who can't read the room when a bunch of users raise serious concerns re: toxic members, shitty governance, MIC sponsorship, etc.
The next online #Guix patch review hacking session is on Tuesday.
17:00 UTC; 18:00 London; 19:00 Paris; 13:00 London
We're going to try and do some pair/group huddling using Upterm. All the details are on the Wiki:
https://libreplanet.org/wiki/Group:Guix/PatchReviewSessions2024
Come along if you want to review some patches, or if you want to hack - or if you just want to hangout with some other #guile, #guix, #linux, #lisp and #nix adjacent people!
So, yeah, I read about #Nix, I read the nix pills, I played with #NixOS in a VM... I would try to use it for a bit.
Oh hey, quick idea, let's look at a real-life derivation from a real package in nixpkg...
*Stares in WTF*
@SReyCoyrehourcq @khinsen It's true that the #Python ecosystem moves quickly and one can not rely on an analysis to still work *exactly the same* in a couple of months when executed with the then-latest versions. But that's not just the case for Python! Relying on backwards-compatibility of any software stack is not enough and a very poor choice in the first place. As suggested in the README, using something like :guix: #guix or :nixos: #nix or at least containers is necessary.
Regarding guix: This is is a huge effort, still work in process, anyhow great progress has been achieved in the last months and years. Read more about this at https://guix.gnu.org/de/blog/2023/the-full-source-bootstrap-building-from-source-all-the-way-down/
Regarding #nix, I don't know whether they actually try since they even include blobs provided by others (e.g. proprietary software).
@ahelwer
I wrote a follow-up article to my previous one, which is about (what appears to be) #OperatingSystem #bias in #NextGenerationInternet (#NGI) and #NLnet:
https://sleepmap.de/2023/operating-system-bias-in-next-generation-internet-and-nlnet/
#ArchLinux #EuropeanCommission #Linux #Nix #NixOS #NixOSFoundation #funding
@raito @tcltk @clacke @nixos I’ve been planning to try this since forever and I’ve been slowly packaging stuff to that end. #Nix and #Tcl would go so well together!
The #nushell talk at #NixCon reminded me of this again, but my list of ongoing side projects is a little too big at the moment 😅. Still, if anyone is working on it please let me know!
(sorry for the necropost, I just found the thread by browsing tags)
The #nix installer does not work with #selinux enforcing ... :fedora:
And you have to install it by running a script from the internet ... no package
Too little is being done to allow people to actually install #nix safely and easily
GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.
All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.