JoeKrogan @ JoeKrogan @lemmy.world

Served in the Krogan uprisings. Now I run a podcast

---

Read more

Posts

12

Comments

1,001

Joined

2 yr. ago

I'm curious to know about the distro maintainers that were running bleeding edge with this exploit present. How do we know the bad actors didn't compromise their systems in the interim ?

The potential of this would have been catastrophic had it made its way into the stable versions, they could have for example accessed the build server for tor or tails or signal and targeted the build processes . not to mention banks and governments and who knows what else... Scary.

I'm hoping things change and we start looking at improving processes in the whole chain. I'd be interested to see discussions in this area.

I think the fact they targeted this package means that other similar packages will be attacked. A good first step would be identifying those packages used by many projects and with one or very few devs even more so if it has root access. More Devs means chances of scrutiny so they would likely go for packages with one or few devs to improve the odds of success.

I also think there needs to be an audit of every package shipped in the distros. A huge undertaking , perhaps it can be crowdsourced and the big companies FAAGMN etc should heavily step up here and set up a fund for audits .

What do you think could be done to mitigate or prevent this in future ?

Your distro should havê a security mailing list you van subscribe to

Completely under the banks control so missing the entire point

I just have installed and finished. Also emulator categories created by emudeck

I read that thinking you were talking about human housemates for a second 🤣. I haven't had my coffee yet 😉

Can confirm, when I crossed the border from Italy my existing deal was no longer valid so my connection just dropped.

It would be interesting to see where in the world they are being downloaded.

No I try to only buy what I need and look for long term value in purchases. I do spend on experiences such as traveling as I find it rewarding.

Piano

It is only normal for the supervillain DOOM

Honestly I dont know but I'd imagine somewhere like South Korea if I had to choose.

Just finished breath of the wild and hitman absolution. Went back to journey to the savage planet for the first time in ages. I also played some Mario tennis on citra.

Yes

No. Not everyone uses traefik or caddy

Fake details and don't use the app should do the job.

We have rolling Dev and release branches. Dev is considered stable and is branched off for features they are tested and reviewed and merged back into Dev if they pass. Once all issues are done for the task we merge Dev into release to make a new release then tag it and ship it.

In your case I would do a branch per feature and merge them in only when they are finished and tested, fixing any conflicts and retest it post merge.

I prefer roms and emulators above all else as I know that as long as I back them up I'll be able to play them. Other than that I use steam for convenience as a linux only gamer but I'm all for gog and their DRM free stance.

As for physical. The hardware fails unless its a ps2 😄. So at the end you are left with a ton of discs and you Will have to rip them to play them. Also some games are just shipping unfinished on disc and need to download patches or whatever.

it keeps the bug count down 😏

I like it but I would prefer it to be more restrictive out of the box. Such as have apps declare a list of urls the are permitted to contact , a browser could have * .

I'd like a more granular filesystem list too more akin to apparmors were each file path needed is explicitly defined, in some cases you would need a wildcard or a directory but for most apps this could be done.

I'm not a fan of any corporation, so they can get fucked too I won't buy sony hardware but if they port a game to steam I want I'll get in on sale.

I support valve with purchases on steam as it supports linux. There was also the fact that sony took the linux install option away from the ps2 (or was it ps3) .