This has been my first chaos event. I had expected a bunch of interesting and nerdy stuff, but I was not expecting to meet so many queer folks and such a colorful event. So wholesome vibes everywhere. ❤️🧡💛💚💙💜
I would say that the quiet hackcenter was a big success. It was filled most of the time. So I guess even neurotypical folks enjoy a quiet space to retreat for a while. I wish, more events would offer those.
How do I stop my own windows (the one with the giant X) from looking like they're out from the early 2010's? I really want to throw out SDL from my engine ASAP.
@scy Well... Must have been some sort of Euro Dance on Viva. People dancing in front of 90s flashing backgrounds. The first one that really stuck with me, tough, was Linkin Park's "In the End".
@scy Sorry, I am not buying this argument. Instead of using the official systemd library, developers should default to implementing their own version of a systemd-specific lowlevel socket protocol?
@scy But why do you expect people to know that? The page you linked lists a bunch of C functions at the top. And people should know that they should ignore those and rather lookup the protocol and implement it themselves?
@scy I am not saying that this attack has been solely enabled by systemd. Far from that.
However, I think it was a contributing factor. When you are interfacing with another piece of software the standard approach is to look for the official libraries and use them, if they exist. In this case, however, this drastically increased the attack surface. 1/3
@scy Developers, in general, are not systemd experts and I do not think that they should be expected to know the inner workings of a systemd-specific protocol, even if it is that simple. Using the official library that implements such a basic functionality should not create a large attack surface. 2/3
@scy IMHO, one of the lessons to be learned here is that such a functionality should be provided by a library that is as simple and small as possible, and not expect people to implement the functionality themselves despite there being officially supported libraries for that. That is just not how people work and "roll your own" is usually considered bad practice. 3/3
OpenSSH in openSUSE also seems to be patched to link to libsystemd, thus linking to liblzma. Hence, Tumbleweed should be affected. 😔 #openSUSE#Linux#liblzma#lzma#xz#ssh#infosec