Elfi, known bug enjoyer 
@elfi@pixie.town
- Pronouns
- she/her, fae/faer
- Location
- Canada
I'm Elfi! I'm a fair folk, magical moth, greyace girl, greenhorn gamedev, in my thirties and 
, and ADHD+ASD+EDS. Disclosure: white
💕 Aine @SophicLeech
💕 Agi @AgiDine
💕 Jenny @Esme
💕 Cherry @deejvalen
Icon by @Zwiebelprinz, header from Liar Princess and the Blind Prince by NIS
Joined Feb 2020
Elfi, known bug enjoyer
boosted
boosted
drew an Abigail for Fanart Friday!
#art #mastoart #stardewvalley #stv #abigail #fanart #fanartfriday
Elfi, known bug enjoyer
boosted
boosted
linux pro tip you can turn any rolling release into a LTS by never updating
@koko I just hope it's not fedora 41
Elfi, known bug enjoyer
boosted
boosted
found on a backup of my debian sid install from before I switched to fedora. it's definitely out there
@Jo if rumours of them being a state actor turn out true, being exposed like that might just mean it for them
Elfi, known bug enjoyer
boosted
boosted
Nasa are currently working to fix a computer error aboard Voyager 1. The probe's computer system runs at around 8000 instructions per second and has about 68kB of memory. Due to the interplanetary distances involved, even at light speed it takes 45 hours to send a signal and get a response. When asked about the unique challenges this poses, an engineer said "that's actually about average for a modern CI system".
Elfi, known bug enjoyer
boosted
boosted
@nilaypatel -- editor-in-chief of @theverge -- thinks there aren't girls on the fediverse 😂
boost this if you're a girl on the fediverse to scare him lmao
open for sex
@deejvalen I'll take it
Elfi, known bug enjoyer
boosted
boosted
I think at a baseline, we shouldn't be building critical official packages for distribution from release tarballs. A huge part of this was the tarball didn't match the repo and since we're talking a compression library, compressed archives shipped for "testing" concealed the payload.
Official builds should pull source and build/test scripts generate testing data in an auditable way rather than just trusting a tarball containing blobs.
@trysdyn Not to mention Ubuntu, Mint, et al
@trysdyn Even the fact that arch wasn't targeted doesn't mean shit--this was aimed at distributions targeting servers all the way up to the enterprise level. This would've cracked open the internet with a hammer.
Elfi, known bug enjoyer
boosted
boosted
Anyway the entire ops/dev world just dodged (we think/hope we dodged, anyway but are not 100% sure) the biggest supply chain attack in history that would have screwed absolutely, literally, everyone.
This needs a giant f**king industry-wide post-mortem once we're sure we're not all doomed.
Elfi, known bug enjoyer
boosted
boosted
"Isn't that a bit alarmist?" No!
xz is a base-system package in literally every distro I know of. It's everywhere.
Compromised releases have been out for five weeks and we didn't notice. We only noticed because someone caught openssh taking 10x as long to do DH exchanges and auth. If the attacker had been sneakier we wouldn't have noticed at all.
The compromised xz was in Fedora's testing versions and they didn't notice. You had the compromised version in Arch for a month (and arguably still do, but a combination of build method and source acquisition method likely renders it safe).
If some random guy didn't go "Why is openssh so slow?" and dig really deep into that, it would have hit stable/live distros and then what? We don't know.
@trysdyn Yeah, someone is almost certainly going to prison over this at the end. liblzma and xz are going to be extensively audited if it turns out the maintainer is responsible, and may never be considered safe considering how sophisticated the obfuscation on the injection sequence is
@yassie_j would be a pity if someone put together WALL is STOP...
@Jo I've always wondered what an FPGA implementation of the Pico-8 would look like when put on an ASIC
Elfi, known bug enjoyer
boosted
boosted
These cool system clocks are now available online at https://rmcretro.store/collections/clocks
@Decimal Alright, I'm glad you have that option
@charlene @deejvalen Dwagon! Dwagon! Dwagon!
- Pronouns
- she/her, fae/faer
- Location
- Canada
I'm Elfi! I'm a fair folk, magical moth, greyace girl, greenhorn gamedev, in my thirties and , and ADHD+ASD+EDS. Disclosure: white
💕 Aine @SophicLeech
💕 Agi @AgiDine
💕 Jenny @Esme
💕 Cherry @deejvalen
Icon by @Zwiebelprinz, header from Liar Princess and the Blind Prince by NIS
Joined Feb 2020
