caiocgo, to KDE
@caiocgo@mastodon.social avatar

Should I test or should I move on with my life without constantly being reminded that I use a DE that demands 256GB of ram to properly open a menu or move a window?

r1w1s1,
@r1w1s1@mastodon.social avatar

@caiocgo @massa I really like #KDE for me the best DE but you should try #slackwarelinux :) I like #debian but I don't like #systemd

kubikpixel, to linux
@kubikpixel@chaos.social avatar

»Linux Fu: Getting Started With Systemd«
– on @hackaday

Well, I'll have to take a closer look and see if this makes me "successful".

🐧 https://hackaday.com/2024/04/11/linux-fu-getting-started-with-systemd/


bluca, to random
@bluca@fosstodon.org avatar

has joined the @sovtechfund and we now have a security bugs bounty program up and running on https://yeswehack.com/programs/systemd-bug-bounty-program

Good hunting!

genebean, to NixOS
@genebean@fosstodon.org avatar

I’m impressed enough with native (systemd-nspawn) #NixOS containers that I think I’m going to use them for more parts of my home server as a way of providing a tad bit more isolation between services.
[#homelab #SelfHosting #SelfHosted #Linux #systemd ]

Okanogen, to debian
@Okanogen@mastodon.social avatar

So all it took was a near miss asteroid security nightmare to get the #Systemd maintainers to at least start to do at least one of the things folks have been concerned about for over a decade. #xzBackdoor #Debian
https://linuxiac.com/after-a-recent-ssh-vulnerability-systemd-reduces-dependencies/

governa, to random
@governa@fosstodon.org avatar
jbzfn, to linux
@jbzfn@mastodon.social avatar

🐞 After a Recent SSH Vulnerability, Systemd Reduces Dependencies | Linuxiac

「 The rationale behind this request is to strip down libsystemd to its core functionalities, thereby reducing the risk of vulnerabilities that could compromise system security 」

https://linuxiac.com/after-a-recent-ssh-vulnerability-systemd-reduces-dependencies

xtaran, to debian
@xtaran@chaos.social avatar

Yay, #Debian reduces #OpenSSH dependencies (in Debian Unstable for now) and removes #libsystemd dependency.

openssh (1:9.7p1-4) unstable; urgency=medium

  • Rework systemd readiness notification and socket activation patches to not link against libsystemd (the former via an upstream patch).
  • […]

Thanks Colin Watson!

(via https://tracker.debian.org/news/1516548/accepted-openssh-197p1-4-source-into-unstable/)

#xz #xzbackdoor #xzorcist #JiaT75 #systemd #AttackSurfaceReduction

bluca, to random
@bluca@fosstodon.org avatar

Alright, this took some team effort but in git main we are now at:

$ lddtree build/libsystemd.so.0
build/libsystemd.so.0 (interpreter => None)
libcap.so.2 => /lib/x86_64-linux-gnu/libcap.so.2
libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6
ld-linux-x86-64.so.2 => /lib/x86_64-linux-gnu/ld-linux-x86-64.so.2

for a full-feature build, down 5 libs which are now dlopened on demand. Last one, libcap, will need to be swapped for some ioctls which won't happen for this release.

#systemd #xz

linuxiac, to linux
@linuxiac@mastodon.social avatar
crepels, to linux
@crepels@mastodon.social avatar

✨New post in the systemd by example series!✨

This time, I'm taking a look at systemd timers.⏱️

Compared to adding entries to crontab, timers are more powerful and flexible, and in my opinion a lot simpler.

https://seb.jambor.dev/posts/systemd-by-example-part-5-timers/

jph, to random
@jph@hachyderm.io avatar

Anyone got any ideas about how to do this very-specific thing? https://systemd-by-example.com/system/13ef8a77f2add98b78e65ba4fe694a8e

I'm trying to have a Target get disabled by a Condition, and then not pull in its dependencies, but the systemd documentation says it's not possible - but doesn't suggest an alternative

sekenre, to random
@sekenre@fosstodon.org avatar

Wait. Lemme rewind just a sec. Why is PID 1 dynamically linked? #XZBackdoor #XZ #systemd

winterschon, to infosec
@winterschon@hachyderm.io avatar

we're all aware of the xz issue, but systemd and CVEs are intertwined. linux distros choose insecurity + instability by using systemd.

it's brought to you by:

  • a dev who despises POSIX
  • a dev who eschews security, ethics, and foundations of UNIX
  • a dev explicitly aligned to microsoft propaganda
  • a dev who is anti-FOSS
  • a dev fiscally compensation by the closed-source juggernaut

never forget: https://pwnies.com/systemd-bugs/

#systemd #cve #infosec #microsoft #posix #bsd #linux #pottering #lol

danvratil, to KDE
@danvratil@fosstodon.org avatar

A lazy (and free!) Saturday, time to play around and experiment. How about managed by ?

(Don't worry, I'm not merging this (for now 😈). I'm not even sure if it's a good or a bad idea. And even if it gets merged, it will be optional. I rewrote the process management code to make it extensible, so in the future we can also run Akonadi as a Windows Service or whatever is native on MacOS, with fallback to the mechanism we use today)

swelljoe, to random
@swelljoe@mas.to avatar

The abusive behavior that was being used to manipulate Lasse Collin into bringing on more maintainers for #xz went unnoticed because abusive behavior in Open Source communities is so pervasive. In context, we can clearly see it was part of an orchestrated operation. Out of context, it looks like just another asshole complaining about stuff they have no right to complain about. https://robmensching.com/blog/posts/2024/03/30/a-microcosm-of-the-interactions-in-open-source-projects/

Okanogen,
@Okanogen@mastodon.social avatar

@swelljoe
Lol. I wrote this even before knowing that this vuln was caused by a kludge to make SSHD work with authentication and targets that.
I'm sure the sysemd maintainers have a great corporate excuse for why it's not any of their fault.

nf3xn, to random
@nf3xn@mastodon.social avatar

Fuck

This has been a public service announcement.

irfan, to linux

There's a huge backdoor ( -2024-3094) allowing remote SSH access (as far as I can tell at this moment) caused by a util called affecting a ton of systems ( and , well not really) and it's causing quite a huge panic. I honestly don't know much about it just yet, but just sharing some pieces to read about the huge vulnerability.

The person who had maliciously planted this vulnerability into xz-utils, Jia Tan, has made at least 750 contributions to the project over the past 2 years. They even have direct push access to the code repo, allowing them to have pushed commits with forged authors. Being "free" from this vulnerability is not as simple as reverting to a previous version due to just how much and how long they've contributed to the project, and people are rightfully suspicious that this person might have hidden other backdoors in xz.

Unlike most other vulnerabilities, it's a lot harder to pinpoint versions affected by this but the most likely case is most systems out there have xz installed on their system that are impacted - which at this moment, the info being thrown around is any version past 5.3.1, 5.4.6, or 5.6.0 (latest is 5.6.1).

🔗 https://access.redhat.com/security/cve/CVE-2024-3094

🔗 https://www.cisa.gov/news-events/alerts/2024/03/29/reported-supply-chain-compromise-affecting-xz-utils-data-compression-library-cve-2024-3094

🔗 https://www.redhat.com/en/blog/urgent-security-alert-fedora-41-and-rawhide-users

🔗 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068024

irfan,

As far as I can tell, you're only impacted by this vulnerability only if:

  • Your distro sources/packages xz from their release tarballs rather than through the Git source directly.

  • The payload was only included for the #RPM or #DEB packaging, so unless your distro uses these - you're probably safe.

  • As far as I can tell, it also only affects x86 systems so #ARM based systems should be fine.

  • As far as I can tell, your system needs to be running #systemd to be impacted by this, so #Docker/#Podman #containers should mostly if not entirely be fine....? maybe.


In other news, people are currently investigating and evaluating other projects also actively contributed by the compromised developer, Jia Tan, including #libarchive.

People are also analysing the dev's commit history to deduce their background from their activity lol. They've been found to push commits during office hours Mon-Fri, every other Saturdays, presumably Public Holidays that seem to align with China's PH, and seems to be on GMT +8 locale.

🔗 https://github.com/libarchive/libarchive

🔗 https://twitter.com/hackerfantastic/status/1773864354439417983

Taffer, to openSUSE
@Taffer@mastodon.gamedev.place avatar

Is there some sort of systemd event or trigger when a Bluetooth I/O device (a mouse in my case) is attached or removed?

Wondering if I could use this to automatically (and emphatically) disable my laptop's touchpad when the mouse connects.

nixCraft, to linux
@nixCraft@mastodon.social avatar

This page explains how to increase file descriptor limits using systemd or an older init system. Both soft and hard limits can be set per user or service, or system-wide. https://www.cyberciti.biz/faq/linux-increase-the-maximum-number-of-open-files/

maxamillion, to linux
@maxamillion@fosstodon.org avatar

I'm just going to say it, and we can agree to disagree if you do in fact disagree...

systemd has categorically made Linux better in basically every way imaginable

It's earnestly cool if you don't agree but it's really really good

🤷

alexleduc, to ai
@alexleduc@mstdn.ca avatar
konstantin, to rust
@konstantin@social.headbright.eu avatar

I love how Go and Rust programs just compile down to a single binary you can do whatever you want with. Sprinkle a systemd definition and voila, you’ve got yourself a long running service with superpowers 🥰.

linmob, to linuxphones
@linmob@fosstodon.org avatar
alxdre301, to linux
@alxdre301@urusai.social avatar

My livestream of switching from GRUB2 to systemd-boot! (I will try to speak in Vietnamese so please forgive me T_T)

https://spectra.video/w/7SqM553Qf5EUkFzQWRnu4s

  • All
  • Subscribed
  • Moderated
  • Favorites
  • relationshipadvice
  • tacticalgear
  • rosin
  • mdbf
  • DreamBathrooms
  • everett
  • magazineikmin
  • Youngstown
  • slotface
  • InstantRegret
  • khanakhh
  • thenastyranch
  • osvaldo12
  • kavyap
  • bokunoheroacademia
  • normalnudes
  • ethstaker
  • Durango
  • tester
  • cubers
  • GTA5RPClips
  • Leos
  • modclub
  • HellsKitchen
  • lostlight
  • cisconetworking
  • anitta
  • sketchdaily
  • All magazines