Show newer
Sven Slootweg

About the backdoor: please do *not* assume that if your SSH server is not affected, you are not affected by it at all.

A lot about this situation is still unclear, but what *is* clear is that this wasn't a drive-by attack - this was clearly a well-prepared long-term engagement, across many commits and messages by potentially multiple accounts.

That makes it very plausible that there are other backdoors that haven't been found yet, and that might affect you under different circumstances.

There's not much you can concretely do about that yet, but you should carefully watch developments around this situation.

0
Sven Slootweg boosted
9th level spell slut

nixos users: tracking issue for the xz exploit rollback is github.com/NixOS/nixpkgs/pull/

see also github.com/NixOS/nixpkgs/issue

0
Sven Slootweg boosted
vilmibm

I could take a "LMAO TOLD YOU SO" approach here but really I'm just sad. I really did enjoy working on the github CLI and the copilot feature violated all the values I tried to bring to that project. It's also a great object lesson in the downfall of GH culture under MSFT.

Show thread
0
Sven Slootweg boosted
vilmibm

I guess the "copilot for github cli" launched. i can't bring myself to look at it but friends tell me it's as unreliable as i predicted.

this is the feature i quit over. i wasn't thrilled in general with working at GH at that point but being told i had no choice but to accept/support shoving copilot into the GitHub CLI is the actual event that pushed me out.

I gave plenty of warning that that was my line in the sand and they crossed it.

1
Sven Slootweg boosted
Ninji

just got back from my month-long trip to the middle of nowhere, can’t wait to update my Fedora system and check out the latest enhancements to my favourite data compression library 💻🐺

1+
Sven Slootweg boosted
*
tillian 🦊🇰🇿:antifa: ACAB

"it is a mistake to rush to impose the individual ethical responsibility that the corporate structure deflects. this is the temptation of the ethical which, as žižek has argued, the capitalist system is using in order to protect itself in the wake of the credit crisis — the blame will be put on supposedly pathological individuals, those "abusing the system", rather than on the system itself."

— mark fisher, "capitalist realism: is there no alternative?"

0
Sven Slootweg boosted
*
Sindarina, Edge Case Detective

Little roundup of the news around the ‘xz’ supply chain compromise that I have seen so far;

arstechnica.com/security/2024/

bleepingcomputer.com/news/secu

redhat.com/en/blog/urgent-secu

lists.debian.org/debian-securi

openwall.com/lists/oss-securit

cisa.gov/news-events/alerts/20

This is unlikely to impact people who run stable or LTS versions of Linux distributions, but if you are on Fedora 41 or Rawhide, for example, it's worth checking for updates.

Same goes for Debian testing, and unstable.

1+
Sven Slootweg

the xz backdoor, distro vetting 

Not to beat a dead horse, but this situation is exactly why I can't take arguments of "you should always use distro repos, they have been vetted and are safe, and avoid public registries" very seriously

0
Sven Slootweg boosted
Pierre Bourdon

xz-utils was backdoored by its upstream. Tracked as CVE-2024-3094 and thoroughly documented by vuln discoverer Andres Freund on oss-security@: openwall.com/lists/oss-securit

0
Sven Slootweg

@robinsyl I normally use Organic Maps which has quite good bike routing (uses OSM data), but due to a corrupted microSD card and some Android nonsense I'm currently unable to get it working :(

0
Sven Slootweg

Got routed over a footpath thrice and through a closed dike path once, also for some fucking reason it made me go *around* a perfectly serviceable street

Show thread
1
Sven Slootweg boosted
Njion the Cofftea Dragon ☕

That wonderful feeling when the professor in one of your classes is wearing an antifa t-shirt 🥰

0
Sven Slootweg

Had to use Google Maps today due to circumstances and yep, their bike routing is still fucking awful

1
Sven Slootweg boosted
Aby--not fast, just furious

#activism #anarchism #FuckRacism #FuckWhiteness #FuckWhiteSupremacy

0
Sven Slootweg

about "compromising on values to grow a movement" 

One of the most frequent bits of advice I hear towards radical activist groups, is that they shouldn't be so demanding of people, and they should compromise on their values to have a broader reach.

Let's talk about why that strategy doesn't really make sense, when you think about it.

Now, let's start with the goal of such a movement: it's, usually, to 'shift the frame' in public debate, to change what is considered morally acceptable by a general public. For that, you only usually need a relatively small group of people to start with (think hundreds or thousands).

The unspoken assumption in the advice is that if you don't compromise, then there will simply not be enough people who agree with you, to create that change. But that assumption is not actually true!

So if you have the choice between "sticking with your values and reaching like-minded people", and "compromising on values and reaching people who don't really agree", the former makes a lot more sense.

This then sets into motion a gradual shift of the public opinion, which will slowly grow the group of like-minded people - and with it, the group of people interested in getting involved. All without any compromise on values!

In short: we don't actually *need* to compromise on our values, to reach our goal. That would only be helpful to instantaneously have broad reach while getting little done - but that is the goal of marketing companies, not of activists.

"But it's important to get criticism from people who think differently, or it'll be an echo chamber!"

First off, "echo chambers" in that sense do not exist - they are right-wing rhetoric, not some sort of social-scientific concept. Really. Go look for the origins.

Secondly, the values we're talking about here are values like equality and basic human rights like agency. We generally don't really care about the opinions of people who do not share those values, like transphobes or racists.

"But you might miss out on valuable criticism that way!"

This hides another unspoken assumption - that racists, transphobes, etc. are somehow uniquely qualified to provide criticisms that *nobody else* who isn't a transphobe, racist etc. would come up with.

I would invite you to sit for a bit and think about what you're implying with that, and what that means for your own worldview.

0
Sven Slootweg

Food brands should be legally required to disclose the manufacturers and suppliers for their products

0
Sven Slootweg boosted
Covid Safe Furs

We are pleased to announce that we'll be conducting basic fit testing at our upcoming panels at @lasvegasfurcon and #GSFC2024! Come wearing your favorite mask, and we'll see if we can detect any leaks - right at the panel!

We'll be using a simplified version of a real quantitative fit test procedure where we test whether you can taste a bitter or sweet solution through your mask.

If you'd like to get a fit test but can't make the panel time, reach out and we can find an alternative time!

#LVFC2024

0
Sven Slootweg boosted
proto ◇

new blog post! "A Brief Survey of Alternative Search Engines"

proto.garden/blog/search_engin

1+
Sven Slootweg boosted
Dee :heart_nb:

you wouldn’t know her. she’s from a different nix store.

0
Sven Slootweg boosted
nano!ナノ

a game developer’s guide to beating cheaters:

sell your game for money, even if its $5, just dont do f2p (making a new account after getting banned is easy, forking over money is not so much)
let players run servers, they will moderate them on their own and provide a place for people to play without cheaters (this is currently the only way to play team fortress 2 without running into the cheating bots on valve’s matchmaking servers)
hire human moderators that respond to reports and manually ban cheaters in official servers live (blizzard did this with world of warcraft and it is and was highly successful for defeating bots)
copy counter-strike’s overwatch system (players have shown that they are more than willing to help crowdsource bans, it also doubles as additional entertainment for the players)

the solution isn’t to put a fucking rootkit on my computer. learn from the past, perhaps

1+
Show older
Pixietown

Small server part of the pixie.town infrastructure. Registration is closed.

Resources

Developers

What is Mastodon?

pixie.town

  • About
  • v3.5.19patch-2024-07-04

More…

v3.5.19patch-2024-07-04 · Privacy policy