@Anarcat@kolektiva.social
@Anarcat@kolektiva.social avatar

Anarcat

@Anarcat@kolektiva.social

Debian developer, sysadmin, ex-entrepreneur, anarchist, photographer, musician, writer.

This profile is from a federated server and may be incomplete. Browse more on the original instance.

Mer__edith, to random
@Mer__edith@mastodon.world avatar

I keep brooding on the way the xz backdoor was enabled in significant part via weaponizing the FOSS culture of shitty behavior and abuse.

Yes, there're other pathologies at work here (the big tech capitalist pillaging of the commons, etc).

But what is striking is that the uncool, mean standards of FOSS conduct that many of us have decried for years, & that many defended as authentic, tough, etc., ended up not just being exclusionary loser behavior, but a significant attack surface.

pid_eins, to random
@pid_eins@mastodon.social avatar

PSA: In context of the xzpocalypse we now added an example reimplementation of sd_notify() to our man page:

https://www.freedesktop.org/software/systemd/man/devel/sd_notify.html#Notes

It's pretty comprehensive (i.e. uses it for reload notification too), but still relatively short.

In the past, I have been telling anyone who wanted to listen that if all you want is sd_notify() then don't bother linking to libsystemd, since the protocol is stable and should be considered the API, not our C wrapper around it. After all, the protocol is so trivial

cyrus, to random
@cyrus@wetdry.world avatar

@darl sent me this, idk the original source

eb, to security
@eb@social.coop avatar

Unfolding now: https://news.ycombinator.com/item?id=39865810

An incredibly technically complex #backdoor in xz (potentially also in libarchive and elsewhere) was just discovered. This backdoor has been quietly implemented over years, with the assistance of a wide array of subtly interconnected accounts:

The timeline on this is going to take so long to unravel

#security #linux

glyph,
@glyph@mastodon.social avatar

@eb I really hope that this causes an industry-wide reckoning with the common practice of letting your entire goddamn product rest on the shoulders of one overworked person having a slow mental health crisis without financially or operationally supporting them whatsoever. I want everyone who has an open source dependency to read this message https://www.mail-archive.com/xz-devel@tukaani.org/msg00567.html

glyph,
@glyph@mastodon.social avatar

@eb "I never thought a sophisticated APT would backdoor my volunteer-maintained infrastructure that I got for free" sobs entire industry who voted for the "volunteer-maintained infrastructure that I get for free with no defense against sophisticated APTs" party

vagrantc, to random
@vagrantc@floss.social avatar

So, Philipp Kern dropped by asking if we could do some verifications of recent Debian Security updates, given, well the whole mess... and that our build infrastructure may have run compromised code at some point...

So I did a quick pass at a handful of updates and everything verified ok so far, though I skipped some of the probably more juicy targets such as chromium and firefox:

https://lists.reproducible-builds.org/pipermail/rb-general/2024-March/003321.html

Debian is reproducible enough to at least try this sort of thing!

molly0xfff, to random
@molly0xfff@hachyderm.io avatar

Sam Bankman-Fried has just been sentenced to 25 years in prison.

mobilizon, to random French
@mobilizon@framapiaf.org avatar

s'envole hors du nid de @Framasoft : nous transmettons le projet à l'association Kaihuri. Toutes les infos et réponses à vos questions se trouvent dans cet article : https://joinmobilizon.org/fr/news#24-03-27

En conséquence, nous allons également transmettre les clés de ce compte, qui ne sera donc plus animé par @Framasoft.

Merci à toutes et à tous de votre confiance, et bon vent à !

infobeautiful, to random
@infobeautiful@vis.social avatar

If you are aged 30 or more, then 50% of all human fossil fuel emissions happened during your lifetime. (by Neil Kaye)

franklinlopez, to random
@franklinlopez@kolektiva.social avatar

Rejoignez les Gardiens du territoire Nehirowisiw Aski dans leur lutte contre la destruction de leurs forêts ancestrales. Cette vidéo suit les Gardiens alors qu'ils confrontent des engins forestiers, exigent des réponses d'une compagnie de coupe et documentent l'ampleur de la dévastation. Au même moment Luc Martel, le maire de ville de La Tuque qui enclave les forêts ancestrales déclarait en conférence de presse: ''Les inondations et les feux de forêts on doit vivre avec puisqu'on a aucun contrôle'' Pourtant, on sait que l'ampleur des catastrophes écologiques est de plus en plus important avec les boulversements climatiques. Rappelons que c'est l'activité industrielle qui est responsable de ces boulversements.

les Gardiens restent déterminés à protéger leur territoire. Soutenez leur combat pour la terre : gardiensduterritoire.com !

https://www.youtube.com/watch?v=ta077CffSDI

mobilizon, to random French
@mobilizon@framapiaf.org avatar

flies out of the @Framasoft nest: we pass the project on to the Kaihuri association.

All the info and answers to your questions can be found in this article : https://joinmobilizon.org/en/news#24-03-27

As a result, we will also be handing over the keys to this account, which will no longer be managed by @Framasoft.

Thank you all for your trust, and all the best to !

orion, to random
@orion@hci.social avatar

I made an HTML/DOM viewer you can paste into your console to view or debug any website in 3D. Choose from random/gradient/clear colors or whether layers have sides.

You can save it as a bookmarklet so it's 1 click away. It's just a tiny IIFE JS function.
https://gist.github.com/OrionReed/4c3778ebc2b5026d2354359ca49077ca

video/mp4

ilikecats,

@orion Finally, someone brought back the old firefox 3d debug feature ( https://firefox-source-docs.mozilla.org/devtools-user/3d_view/index.html )

josh, to random
@josh@josh.tel avatar

deleted_by_author

    •
    josh,
    @josh@josh.tel avatar

    deleted_by_author

    bkardell, to random
    @bkardell@toot.cafe avatar

    The @servo collective has just passed $250/month in individual contributions, most of them recurring. It would be great to see some businesses appearing in here. Developing a novel, memory safe engine is pretty interesting, I think.

    https://opencollective.com/servo

    elijah, to AWS
    @elijah@kolektiva.social avatar

    To recap, is transphobic, now claims to own all your content, and and power in Gaza.

    Unless your plan is to live on berries and roasted snake, we desperately need an ethical cloud alternative.

    https://woem.men/notes/9ragjwecxwul3nis
    https://www.reddit.com/r/selfhosted/comments/1bouuv7/warning_vultr_a_major_cloud_provider_is_now/

    waglo, to random French
    @waglo@jasette.facil.services avatar

    Je voulais vous dire, c'est la journée mondiale de la procrastination https://www.journee-mondiale.com/223/journee-de-la-procrastination.htm

    Mais voilà, c'était lundi et c'est maintenant que je le partage avec vous. Mission accomplie!

    CrimethInc, to random
    @CrimethInc@todon.eu avatar

    This is what Elon Musk gets for trying to turn Twitter into a Nazi factory.

    "On a platform like Twitter, a project like ours is like a canary in a coal mine: when things change, we are the first to go, and that means the clock is ticking for everyone."

    https://crimethinc.com/TwitterCanary

    mhoye, to random
    @mhoye@mastodon.social avatar

    TIL that the “blood geyser” trope in sword fighting movies, animated or otherwise, comes from a technical failure on a Kurosawa set in 1962 that the man himself refused to reshoot because the actors stayed in character and the shot looked so cool.

    https://screenrant.com/akira-kurosawa-sanjuro-mistake-change-action-movies-violence/

    mjg59, to random
    @mjg59@nondeterministic.computer avatar

    Conversation elsewhere about how patent concerns meant Red Hat disabled all elliptic curves in OpenSSL for ages and https://bugzilla.redhat.com/show_bug.cgi?id=319901#c5 is maybe my favourite Bugzilla comment ever

    mhoye, to random
    @mhoye@mastodon.social avatar

    I saw this go by earlier today, and I wish I'd bookmarked it:

    "Salary based on location" isn't a salary. It's a class stipend.

    Update: it was @wxcafe here: https://social.wxcafe.net/@wxcafe/112142711541211940

    wxcafe, to random
    @wxcafe@social.wxcafe.net avatar

    sliding scale salaries that came around with the generalization of remote work are really interesting in that they remove the pretention that salary is related to the work that you provide, and instead it's a stipend so you don't die and can keep working

    b0rk, to random
    @b0rk@jvns.ca avatar

    today's weird git fact: one thing I just noticed about detached HEAD state in git is that sometimes git status says “HEAD detached at" and sometimes it says “HEAD detached from"

    I could not guess what this was supposed to mean, but it's documented in the release notes for git 2.4.0: it says "at" when HEAD hasn't been moved since it was originally detached and "from" if it has been moved https://github.com/git/git/blob/11c821f2f2a31e70fb5cc449f9a29401c333aad2/Documentation/RelNotes/2.4.0.txt#L107-L113

    torproject, to random
    @torproject@mastodon.social avatar

    Tor Browser 13.0.13 is now available from the Tor Browser download page and also from our distribution directory. 🔄 This is an unscheduled emergency release with important security updates to Firefox for Desktop platforms. Android is unaffected.
    https://blog.torproject.org/new-release-tor-browser-13013/

    Anarcat, to debian
    @Anarcat@kolektiva.social avatar

    (Re)introducing screentest https://anarc.at/blog/2023-12-18-rewrote-screentest/ -planet -planet

    TobiX,
    @TobiX@social.troll.academy avatar

    @Anarcat Resolution auto-detection didn't work for me (Because monitor management on Wayland is a mess), otherwise I like the reuse of existing stuff (The gstreamer test stuff) ... And I still don't know (and don't want to know) why gstreamer's autovideosink tries raw KMS first (and fails)

  • All
  • Subscribed
  • Moderated
  • Favorites
  • JUstTest
  • rosin
  • thenastyranch
  • cubers
  • ethstaker
  • InstantRegret
  • DreamBathrooms
  • ngwrru68w68
  • magazineikmin
  • everett
  • Youngstown
  • mdbf
  • slotface
  • kavyap
  • anitta
  • GTA5RPClips
  • khanakhh
  • normalnudes
  • osvaldo12
  • cisconetworking
  • provamag3
  • Durango
  • tacticalgear
  • modclub
  • Leos
  • megavids
  • tester
  • lostlight
  • All magazines
    •