There have been multiple accounts created with the sole purpose of posting advertisement posts or replies containing unsolicited advertising.

Accounts which solely post advertisements, or persistently post them may be terminated.

Pantherina

@[email protected]

This profile is from a federated server and may be incomplete. Browse more on the original instance.

Pantherina ,

Original Mastodon post by Andres Freund about discovery

Original Openwall thread

Update by @dangoodin

JFrog article

Bluesky post by another person

Hacker News article

Update by the original maintainer

Wikipedia Article

Original Mailing history

Pantherina ,

They just pay some dude that is doing good work

Best article about XZ backdoor?

Hey, I’ve been hearing a LOT about the xz backdoor. Crazy story, but rather than reading 10 different articles about it from 3 days ago when the story was quite new, does anybody know a high quality write-up that has all the juicy details and facts? I really like in-depth guides that cover every aspect of the story....

Pantherina , (edited )

https://feddit.de/pictrs/image/6eb35b94-06f1-43a7-8950-032aaf4f3563.png

Original Mastodon post by Andres Freund about discovery

Original Openwall thread

Update by @dangoodin

JFrog article

Bluesky post by another person

Hacker News article

Update by the original maintainer

Wikipedia Article

Original Mailing history

Pantherina OP ,

Yes the data was lost on Windows, but I prefer Linux a lot as all good tools seem to be linux only anyways haha. But will remember recuva as a last option.

Also no the disk is not booted anymore.

Pantherina OP ,

The files are deleted as that folder was too big

Pantherina OP ,

The files are deleted as that folder was too big

Pantherina OP ,

The small drive is nearly empty, just has a few files, those where deleted. The drive is now unuses, used testdisk, photorec, recuva now scalpel to get anything from it.

The files are there, for sure.

Pantherina OP ,

Thanks, I dont think the common tools are dangerous to work with the original, but I now have 3 backups in various approaches and will wait until I find a solution on how to restore header files, as this seems to be kinda impossible to recover (“secure delete”)

Pantherina ,

They didnt use Pipewire before??

Pantherina ,

Lolz

fedoraproject.org/wiki/Changes/DefaultPipeWire

I know that Fedora does breaking changes and basically beta tests, but Pipewire “just works” since at least 2 years

Tried Arch for the first time | My experience and impressions (lemmy.ml)

I used linux intermittently in the last 15 or so years, migrating from early Ubuntu versions, to Manjaro, Pop!_OS, Debian, etc. And decided to give Arch a try just recently; with all the memes around its high entry point, I was really expecting to struggle for a long time to set it up just as I want....

Pantherina , (edited )

OpenOffice is dead since years, Libreoffice is what is used today :D

Btw Inkscape is said to be quite good. GIMP 3.0 will have color profiles and nondestructive filters.

I used Libreoffice Impress instead of Powerpoint recently.

  • you will need to learn the core concepts new, master slides etc.
  • once you have your own templates, presentations will be very nice
  • you dont get AI bullshit templates so more manual work but more authentic presentations
  • same for hunting down icons, stock images etc.
  • for collaborating OnlyOffice is used, integrated into Nextcloud. OnlyOffice has a Desktop Client, but I dont see the reason, Libreoffice is more feature complete.
Pantherina ,

Apache, please just stop whatever you are doing. Rewrite your webserver in Rust or something.

Pantherina ,

“Session Installer”

Pantherina ,

There’s long been a very strong, racist tendency in the liberal environmentalist movement to blame ecological harm on the number of human bodies that exist. They want us to believe that earth’s degradation would cease if there were fewer people available to consume the fruits of industry and especially agriculture (which is where we get into nitrogen’s domain). We’re exposed to white men who rant about the “population explosion,” or the “population bomb,” phrases which draw easy but still potent double-meanings in the context of nitrogen. Obviously, these writers are stooges of the regime, pushing our discourse away from the real issues. They should be systematically ignored.

Yes, the total number of humans that exist at any one time has increased over the time of the reign of the dead god, and that’s not a coincidence or accident. But animal bodies, whether human or bovine or chicken, can create only so much ecological damage on their own: pre-industrially, they created none, as the ecosystem re-absorbed the ammonia from their shits. What matters is the subjecting of bodies, not just bovine but also chicken and fish and human, to ecological shortcuts and industrial expediencies of scale that arise from the capitalist imperative. What matters most of all is the amount and type of exosomatic energy that is applied to the means of production. What matters is energy in calories and kilowatt-hours. That’s what mattered when all energy was labor, and still matters today in the exosomatic regime.

It’s important to remind ourselves of scale, for which we can use Buckminster Fuller’s concept of “energy slaves.” Somewhere after Fuller, an energy slave was defined to be the energetic equivalent to a human working 24 hours a day, 365 days a year. In fact, Fuller adopted the less-stupid standard of a healthy individual working 40 hours per week. That amounts to 3 kilowatt-hours (kWh) per week—it did then, and it does now; human bodies have not changed all that much. The American oil industry produces about 9 billion kWh per week, or about 3 billion energy slaves. (Never count consumption; always count production.) There’s no reason to divide that up per capita, since it’s the oil industry and not citizens producing all that energy. But if you did, it would work out to nine energy slaves for every human body, just from oil, not counting coal and gas. Unlike living bodies, these energy slaves are actually jinn that live within pollutant molecules and that bring pestilence upon our cities in one form or another.

Nonetheless, the population has increased, and that is because coal oil and gas could be mobilized to synthesize ammonia (NH3) without organic input, which is why this precedes an essay about Nitrogen.

Will antivirus be more significant on Linux desktop after this xz-util backdoor?

I understand that no Operating System is 100% safe. Although this backdoor is likely only affects certain Linux desktop users, particularly those running unstable Debian or testing builds of Fedora (like versions 40 or 41), **Could this be a sign that antivirus software should be more widely used on Linux desktops? ** ( I know...

Pantherina ,

Antivirus doesnt work. It would need to monitor the whole system all the time, making it like twice as slow. How do you “stop” such a malware? You cant even uninstall xz without borking systemd.

Using SELinux especially for user programs, downloading only from trusted repos, having home non-executable apart from that and using a nonwheel user is the best you can do. Apart from using a hardened base Distro, like Secureblue, QubesOS or Tails.

Pantherina ,

Your distro should absolutely include that. And make sure to actually close all not needed ports, which is more work but the GUIs allow that easily.

Pantherina ,

Fedora does

Pantherina ,

Okay thats crazy. Maybe RPM installs can losen the firewall, or maybe common things are always open.

Pantherina ,

Btw I have no idea why they want to mix Mint with Cinnamon, must taste ugly.

Pantherina ,

No. They will likely still use release tarballs

Pantherina ,

Or sandbox Snap apps on systems without the Ubuntu Apparmor patches or even using SELinux?

Pantherina ,

That scentence makes little sense as both are using package managers that work similarly. Flatpak even uses ostree which is more advanced.

Pantherina ,

I should do a “sorting DEs by their taste” meme

Pantherina ,

Cough Fedora does that (using rpm-sequoia written in Rust) and also uses zst instead of xz for RPMs since Fedora 31

Pantherina ,

We dont live in such a perfect world. Linux has a small marketshare for non-server software, so packaging is done by your distro.

You would need to have user-facing settings for Apparmor or SELinux to replicate what already exists with Flatpak.

Principle of least privilege.

Maybe you prefer native packages, but bubblejail or SELinux confined users are complicated as hell and both are pre-alpha in my experience.

So yes you add bloat, dependencies etc. But you also add stability, a small core system, take load of OS developers and unify the packaging efforts so that it is done by developers not packagers.

This reduces complexity a lot, as the underlying system is not as important anymore, and you can just use whatever you want. Software is separated from the OS.

Flatpak is the only good format, as explained in this talk

(Snap has no sandboxing outside of Ubuntu and is thus not portable, Appimages are inherently insecure)

Pantherina ,

When Elon didnt want to path the xz backdoor so you get remote-rickrolled

Pantherina ,

It is not, it requires a private key to be used.

Pantherina ,

very nice!

Pantherina ,

Nala, Termux is Debian based and its pkg is basically apt

Pantherina ,

Root Waydroid lol, thats basically hell.

Waydroid without SELinux already removes all the Android sandboxing. Now its rooted!

Pantherina ,

Just download the devel kernel from your distro and go into make menuconfig. I am on an Intel Laptop with recent hardware. No reason to use amd, nvidia etc drivers. And there is a shitload of likely unmaintained drivers for ancient hardware.

Pantherina ,

Yes but Waydroid is not an Android phone. Have a look at this

github.com/waydroid/waydroid/issues/1136#issuecom…

Pantherina , (edited )

Btw do you know how uutils (rust rewrite of GNU coreutils) is doing?

Pantherina ,

What means wrong license? Does it need to be GPLv3?

gwendolencopper , to linux

Any virtual keyboard / on-screen keyboard recommendations for Gnome (Wayland) users? The default one doesn't support X11/XWayland apps, which unfortunately is most of them...

Pantherina ,

Yes poorly. The input method protocol was done by Purism (which says something as that company seems dead or whatever) and then basically untouched.

Pantherina ,

Today I found out that Kbin has an actually usable Interface, unlike Lemmy.

Pantherina ,

I suggest not giving their user sudo rights and having your own user with sudo rights for installing apps, doing upgrades and so on.

Yes but upgrades should be automatic and not require any privilege escalation. There is nothing privileged about keeping your system up to date. Same for flatpaks.

With a –user repo (in the flathub install command) you can let them install and uninstall their apps without any privileges, only to their user. Otherwise with a system repo they need to be in the flatpak group.

It will be very useful to have SSH installed if you need to assist them remotely.

That didnt age well ;D

and yes complex stuff like Tailscale is needed as the only good VNC apps for Wayland dont have builtin servers for connecting without an IP.

Using NoIP could be an easy solution too though.

Syncthing has versioning, I wouldnt even put servers in the game. Just backup their home to one of your machines (if that is okay for them).

Pantherina ,

No KDE settings are all done in the homedir, there is nothing snapshotted here

bugs.kde.org/show_bug.cgi?id=240862

Pantherina ,

Edit: EndlessOS is the immutable Debian distro, not ElementaryOS.

Pantherina ,

I installed Zorin in a VM. The install crashes when testing in live mode and then installing.

Apart from that, its really no better or less messy than GNOME with some extensions.

‘Mamma Mia!’ Stage Star Sara Poyzer Replaced By AI On BBC Show To Recreate Voice Of Dying Person — Update (deadline.com)

The BBC has issued a statement that offers important context to Sara Poyzer’s viral social media posts. The British broadcaster said it is using AI technology in a “highly sensitive documentary” to represent the voice of a person who is nearing the end of their life....

Pantherina ,

“Recreating the voice of a dying person” is such a weird phrasing. They want to show the voice that a dying person had in the past.

Pantherina ,

No they arent. Please read the linked post.

Pantherina ,

Shit missing internet got my comment deleted…

Appimage is not a neutral packaging format. Of course “an app packaged as .zip is as secure as packages as .tar.gz”. But the format causes all the things mentioned in the post.

  • libraries are often the oldest non-EOL possible to support old kernels
  • no transparency about used libraries and possible vulnerabilities
  • no upgrades of libraries, always just the wanted app and then passively also the libraries
  • no sandboxing without firejail (which is a root binary and thus can lead to privilege escalation of rootless processes if it has a vulnerability which it had in the past)
  • no GUI sandboxing
  • even with a repo no cryptographic signature verification like on Android (not sure about Flatpak which uses OSTree)
  • requires users to execute code in random locations
Pantherina ,

Toothpaste Sandwich

I've Installed multiple Linux Distros on my Editing Rig to see how well Davinci Resolve Studio works. Here are the results.

So a couple of weeks ago, I made this post asking for help from those who used Linux and Davinci Resolve, and their experience. To those who’s response was effectively “I use arch btw”, I hear you, but that wasn’t the question I wanted to ask....

Pantherina ,

rpm-ostree doesn’t support akmods afaik

It does and this is the official Fedora recommendation but just dont do that. Ublue has some additional tweaks, and they deal with possible breakages.

Pantherina ,

Yes the Fedora external repo setup sucks extremely.

Have a look at this idea to make it better

Enabling external repos is easy, but really, their setup is a pain in the ass. Lets see.

Pantherina ,

(Feddit just started working again)

CalyxOS implements many random 3rd party stuff as if that was their own.

Apart from 2 (QKSMS and Bromite) being unmaintained, installing random apps as system apps (if this is what they do) means a system update may cause data loss for users, when removing those apps. And it has the problem of a way too high goal that can not be reached. They simply dont maintain those apps, so dont ship them.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • random
  • lifeLocal
  • goranko
  • All magazines
    •