Show newer
FoxQuirk 🦊 boosted
abadidea

I’ve seen numerous people express concern that their xz installation is several versions out of date — because while it may have saved them in this specific case, doesn’t that mean they must not be running updates correctly in general?

No! It’s normal for your personal copy of an open source program to be several versions out of date. When you get an update to a commercial software package, it’s already been through months of internal testing by professionals. In volunteer-based open source, the bulk of this testing is done by simply releasing the update on their site and letting advanced users try it out. At some point, if there’s no problems, it will get shuffled forward to stable update channels. Therefore it’s normal for most Linux software to be one to two years out of date compared to the absolute newest version you could possibly get.

The good news is that this backdoor was found before most distros accepted the update as stable, and therefore it was not yet installed on the majority of production servers — it’ll be mainly on testing servers. The bad news is that the malicious actor was clever enough to make sock puppet user accounts to complain about xz crashing and claim that the new update is a critical fix that needs to be rushed out the door as soon as possible. This was a close call, we were very lucky.

1+
FoxQuirk 🦊 boosted
Megan Fox

Me: "Wait, why doesn't Unreal have a cone trace?"

Marketplace: "Don't worry friend, we gotcha, check out this plugin"

<looks>

Me: "This only raises further questions"

#GameDev

1+
FoxQuirk 🦊

I'm unreasonably happy right now about having figured out how to regulate the power produced by my coal power plants in factorio, so that when the nuclear power plant is producing enough power the coal power plants turn off

0
FoxQuirk 🦊 boosted
Jim Stormdancer

Terry keeps rolling out the bangers. Finally, he's found his medium.

downpour.games/~terry/a-proper

1
FoxQuirk 🦊 boosted
xkcd bot (now with alt text)

2913. Periodic Table Regions 

title text: Cesium-133, let it be. Cesium-134, let it be even more.

(xkcd.com/2913)
(explainxkcd.com/wiki/index.php)

1+
FoxQuirk 🦊 boosted
Tinker ☀️

A couple things to think about here:

This appears to be a malicious maintainer - not a compromised account. Meaning the person themselves, coded this in an pushed it out.

So:
1) Did they try and backdoor any other code?
2) Are they part of a greater campaign or is anyone else helping them.

This is a massive breach of trust.

That said! Huge kudos to Andres Freund, Florian Weimer, and others in finding this.

A lot of eyes are on this now. CISA is involved. Major distros are involved, etc. Many eyes and such.

#infosec #linux #foss #hacking #cve20243094 #cve

Show thread
1+
FoxQuirk 🦊

Yea, so, I'm gonna wait with doing a dist-upgrade for a little while tbh

0
FoxQuirk 🦊 boosted
Pierre Bourdon

xz-utils was backdoored by its upstream. Tracked as CVE-2024-3094 and thoroughly documented by vuln discoverer Andres Freund on oss-security@: openwall.com/lists/oss-securit

0
FoxQuirk 🦊 boosted
Morten Linderud

Distributed tarballs of xz has been backdoored.

openwall.com/lists/oss-securit

#xz #security #linux

1
FoxQuirk 🦊 boosted
Voltaic Bitch

Anyway the entire ops/dev world just dodged (we think/hope we dodged, anyway but are not 100% sure) the biggest supply chain attack in history that would have screwed absolutely, literally, everyone.

This needs a giant f**king industry-wide post-mortem once we're sure we're not all doomed.

1+
FoxQuirk 🦊 boosted
bsky: @daniloc.xyz

So this is now the shape of how technology companies introduce new things. A big stage. A huge screen. Prancing and preening about the new thing they have to show you

But the problem is: we KNOW

We KNOW how it works now. There's nothing surprising about what's going on. What was once shocking and exciting—the miniaturization and high usability of advanced consumer electronics—is both familiar and expected.

Yet we're stuck in the old, tedious pattern. Going through the motions.

0
FoxQuirk 🦊 boosted
Radical Graffiti

"A world without trans people has never existed and never will"
Poster spotted in Olympia, WA

1+
FoxQuirk 🦊 boosted
Gaelan Steele

this is genuinely heartwarming

1+
FoxQuirk 🦊 boosted
crows call me breadlady

why would you label software “safe”

it is never safe to use software

1+
FoxQuirk 🦊 boosted
hkc:~\n>
me
1
FoxQuirk 🦊 boosted
✧✦Catherine✦✧

a 10x programmer is a programmer who has ten evil exes

1+
FoxQuirk 🦊 boosted
alys

me, learning about about the atomic age: man it's so goofy they tried to use radioactivity for everything.

15 YEARS LATER

every tech company i've ever interacted with: We've added AI to our product!

1+
FoxQuirk 🦊

Shitpost 

Gonna log back in to x so I can x my ex on x

0
FoxQuirk 🦊 boosted
hikari 🌟 (falling into the sky)

type of girl who tries to cause exactly the right international economic upsets as to ensure all currencies' exchange rates are perfect decimal orders of magnitude. no more 1.2 or 1.5 or 3. only 1, 10, 100, or 1000

1+
FoxQuirk 🦊 boosted
Soheb

People who are over the age of 30 and play video games on Xbox or PlayStation, when was the last time you played games on your games console, and if you can, please elaborate which console and when?

I’m trying to see how many of said folks are actively playing these consoles. I fully expect younger generations to play on said devices, but I do wonder how the over 30s get along with time management, cost of games, cost of living etc how they are managing…

#games #videogames #gaming

66 people · Mar 29, 2024, 09:16
1+
Show older
Computer Fairies

Computer Fairies is a Mastodon instance that aims to be as queer, friendly and furry as possible. We welcome all kinds of computer fairies!

Resources

Developers

What is Mastodon?

computerfairi.es

More…