Skip Navigation

InitialsDiceBearhttps://github.com/dicebear/dicebearhttps://creativecommons.org/publicdomain/zero/1.0/„Initials” (https://github.com/dicebear/dicebear) by „DiceBear”, licensed under „CC0 1.0” (https://creativecommons.org/publicdomain/zero/1.0/)RE
Responsabilidade @ BaalInvoker @lemmy.eco.br
Posts
7
Comments
284
Joined
2 yr. ago

Is xz 5.6.1-3+ still dangerous?

Jump

  • Well, I guess u have your answer, tho

    The important thing here is to feel good with your decision

    • Is xz 5.6.1-3+ still dangerous?

    Jump

  • Well, until someone find a new backdoor, I call it safe again

    I'll not lose my mental health to a potentially and unknown shady backdoor that could be installed or not in a lib

    • Is xz 5.6.1-3+ still dangerous?

    Jump

  • What I did there? o.O

    I don't even know

    • Is xz 5.6.1-3+ still dangerous?

    Jump

  • Arch wasn't affected at all, cause the backdoor trigger was only on deb and rpm distros.

    However it still a good practice to update your system and leave this version behind. Anyway, Arch already updated and is no longer distributing the backdoor version, therefore 5.6.1-3 is safe

    You can use Arch btw again. Actually, you never had to leave it at first

    • Longtime Debian user, looking to branch out.

    Jump

  • For my daily laptop I use Arch with LTS kernel. I've using it for years and had only 1 issue with normal kernel (that made me switch to LTS)

    Also I used Arch as server for long time in my homelab, however now I changed to OrangePi and Raspberry Pi, so I use Ubuntu

    • Longtime Debian user, looking to branch out.

    Jump

  • Nothing is as good as an Arch server... I love the adrenalin running in my veins every update!

    I even set an autoupdate script to make things even more scarier!

    Despite the adrenalin rush, my Arch never broke

    • Fwupd Will Use Zstd Compression

    Jump

  • Well, if the choice to change from XZ to zstd is based on other technical features, my previous point is pointless

    It's always great to see better technology being implemented!

    • Fwupd Will Use Zstd Compression

    Jump

  • I think it solves nothing, cause it's not primarily a XZ issue itself, but some bad actors that infiltrate into the community for years to finally use his credibility to upload a backdoor. Every single package is vulnerable to this kind of attack and has little we can do to completely avoid it

    Of course we have to make the best moves to prevent this happening again, however it's not a simple "I'll use X instead of Z" (see what I did here?!), cause both X and Z may be doomed with this shit anytime

    • Discord to start showing ads in the coming week after resisting for almost a decade

    Jump

  • Matrix.org (Try Element)

    Revolt.chat

    I must say that Matrix is so competent that it can compete against whatsapp and Discord at the same time

    • Vim prank: alias vim='vim -y'

    Jump

  • ctrl+Q did the job!

    • Vim prank: alias vim='vim -y'

    Jump

  • Well... I typed "vim -y" at the terminal to see what was that and now I don't know how to leave vim.

    • Tried Arch for the first time | My experience and impressions

    Jump

  • I’ve been using some sort of unix CLI since the time I learned to pee standing (last year?)

    Well, if you're a woman that's a huge thing, pee standing!

    If you're a man, pee sitting (at home/friends home), please... It makes cleaning very, very simpler and the bathroom doesn't smell like public restroom

    • Will antivirus be more significant on Linux desktop after this xz-util backdoor?

    Jump

  • And more, it's known that av can increase sloppy behavior regarding security in people that does not know about security, making them feel safe and, therefore, clicking anywhere and installing anything

    Av does increase the risk of being infected for most people

    The way this xz backdoor was treated is good enough!

    1. Identify
    2. Announce
    3. Evaluate
    4. Rollback

    Always with good version control and cryptographic keys to sign the packages

    • KeePassXC w/ FF browser add-on on Zorin OS 17.1?

    Jump

    • KeePassXC w/ FF browser add-on on Zorin OS 17.1?

    Jump

    • KeePassXC w/ FF browser add-on on Zorin OS 17.1?

    Jump

  • I never tested, but I think you can do either way: Firefox native and KeePassXC flatpak; or Firefox flatpak and KeePassXC native

    What cannot happen is both flatpak, cause they won't work together...

    Well, if you test the other way around, tell us, cause I can only tell with KeePassXC flatpak and Firefox native

    • KeePassXC w/ FF browser add-on on Zorin OS 17.1?

    Jump

  • As long as you don't run Gentoo or any other distro that require you to compile your own packages, you can install the Firefox from repos and you'll have the same result.

    I really suggest you to use yours distro package manager to install Firefox and use KeePassXC as flatpak, cause this way you'll have your apps updated.

    Your solution, despite works, you'll have to update the packages by hand

    However be aware that Ubuntu force you to install Firefox Snap even if you run apt install firefox, so you'll face the same issue. For this reason I suggest you to move away from Ubuntu

    • KeePassXC w/ FF browser add-on on Zorin OS 17.1?

    Jump

  • This solution is outdated and complex.

    I suggest you to have your Firefox as a native installation and you can keep KeepassXC as flatpak.

    It may work out of the box

    • KeePassXC w/ FF browser add-on on Zorin OS 17.1?

    Jump

  • The issue is not KeePassXC flatpak, but both Firefox and KeepassXC flatpak.

    I use KeepassXC flatpak and native Firefox and works flawlessly.

    • [Solved]-sorta Problems running adguardhome

    Jump

  • Did you configure your router to use and broadcast the adguard ip addr as DNS server?

    You must configure your adguard ip as DNS server