Tootfinder

Opt-in global Mastodon full text search. Join the index!

@marcel@waldvogel.family
2024-04-10 05:22:36

Eine Bekannte hat mich auf den gut gemachten #xz-Artikel bei #Bluewin News aufmerksam gemacht. Gut verständlicher Überblick mit vielen interessanten Punkten. Wenn ihr in eurem Bekanntenkreis also etwas teilen wollt, das zwischen den vielen sehr oberflächlichen Artikeln da draussen eine Alternative ist,…

@mgorny@social.treehouse.systems
2024-04-10 05:22:38

Of course, I can't start a day without being awfully angry about some shit.
So #Gentoo suddenly undoes USE=lzma [and USE=zstd] that used to be enabled by default in 23.0 profiles, apparently based on "consensus" on the mailing lists. The "consensus" boils down to one conspiracy theorist developer complaining, and being supported by 3 users whose Gentoo contributions boil down to having to express their opinions on everything on the mailing list.
This isn't only a problem, because Gentoo is letting itself be controlled by a vocal minority. This is a problem, because we've enabled something that can affect program output, told everyone to upgrade and rebuild their systems, then pulled the carpet from under them.
Wait, did that random app start using LZMA compression now that you've enabled it? Well, bad luck, you won't be able to open your files anymore. Surely, there's no better #security than not being able to do anything!
Unfortunately, sys-apps/kmod had explicit IUSE= lzma by default for a while now, so there's still a risk that you'll be able to boot your system. That's not good for security at all!
#xz

@whophd@ioc.exchange
2024-04-10 00:59:55

Second-order effect of #xz-utils: Should we report this YouTube channel for #misinformation? Or is it just a very bad habit from good intentions? #infosec

@jtk@infosec.exchange
2024-04-15 17:36:43

Lasse Collin added a few updates to #xz

@rene_mobile@infosec.exchange
2024-04-16 09:00:20

A new paper with our current findings on the #xz case and potential mitigations is now online at @…: arxiv.org/abs/2404.08987
Please treat as work-in-progress, and there are multiple lines of analysis that we are still following up on. A future submission of an extended version to a peer-reviewed venue is quite possible.

@MrBerard@pilote.me
2024-04-16 16:44:23

makes sense, actually
#xz

Screenshot from Andres Freund Linkedin. Top of "People also viewed" is a Jia Tan.