Just to be sure, you should check whether SSHD is enabled: sudo systemctl status sshd.service If you never enabled it and it's disabled+inactive, then no need to reinstall Tumbleweed per the current guidance. Also you can double check your version of xz to make sure it's downgraded, the downgraded version for Tumbleweed should look like this:
sudo zypper search -vi xz
Loading repository data...
Reading installed packages...
S | Name | Type | Version | Arch | Repository
---+------+---------+-----------------------+--------+------------------
i+ | xz | package | 5.6.1.revertto5.4-3.2 | x86_64 | update-tumbleweed
name: xz
Fairly simple explanation by arstechnica:
“The malicious versions [of xz], researchers said, intentionally interfere with authentication performed by SSH, a commonly used protocol for connecting remotely to systems. SSH provides robust encryption to ensure that only authorized parties connect to a remote system. The backdoor is designed to allow a malicious actor to break the authentication and, from there, gain unauthorized access to the entire system. The backdoor works by injecting code during a key phase of the login process.”
Also from the article, you should check if your distro is offering a downgrade from the affected 5.6.x packages. Right now the exploit is not fully understood. For example, openSUSE recommends a full reinstall of Tumbleweed if an SSH server was enabled, just to mitigate risk.
TL;DR
It uses the Matrix protocol to make every post E2E encrypted in the same way a Matrix chat is. Except they added more separation between people in the “Circles” functionality. Instead of everyone seeing all content like in a chat room, you have to invite people to follow your timeline. And only those people who have been invited can see your posts, and vice versa. I’m not sure he said it specifically, but it was implied that unless people have invited each other to see their posts, they can’t interact with each other in the same circles (he used an example of two people not liking each other and both being able to see a 3rd person’s timeline, but not each others timeline/posts). So essentially it offers encryption and social media like usage but with a sane privacy stance…aka nobody can find you via stalking your mutuals and nobody can just google and DM you out of the blue. Basic photo and sharing is available, apparently improving those features is what is planned for this year.
You can also self host it if you wanted, as it just runs off a Matrix server (although they currently provide a US and Europe matrix server run by the FUTO company that funds the app development). Looks like they plan on charging for storage space (1.99$/month for 10GB is what it says in the app right now), and I’m not sure how much storage you get for free.
Yeah thankfully that’s the only part of the metaphor that holds… american evangelicals are about as far from a hardened warrior society as you can get…
Having BTRFS snapshots set up for root: 😀
Elbow on the keyboard issues this command before the sudo timeout: sudo rm -rf ./testdir/cd $HOME
RIP home directory 😭 and still figuring out the best way to do snapshots of home without using timeline snapshots and using a ton of space…
My current tower started out on Windows, and for some reason after a year or so it started crashing out randomly. Load didn’t matter, it would pass benchmark tests and then crash randomly 5mins after boot. However there was not a single useful error I could find. Installed Fedora, and looked at journalctl after a crash. Immediately I see “GPU has fallen on the bus”. Apparently it is relatively common, but I also found a thread that said it actually can be caused by loose connection. Did a complete reinstall on my GPU, haven’t had the problem again (~6mo now, had both 535 and 545 drivers). Sometimes it really might be a descriptive error message 😆
The situation is rapidly getting better, and I’m daily driving Fedora 38 with 3060Ti using the RPMFusion Nvidia driver and Gnome+Wayland. Everything (and I do mean everything) I’ve tried has all its basic functionality at baseline. Xwayland is a thing and it covers for not having true Wayland support in alot of cases. Not like there aren’t bugs and QOL issues, but from what I’ve seen Nvidia is engaged and working to fix them. We should probably try to critique Nvidia/Wayland based on specific issues now, instead of broad brush “Nvidia/Wayland bad” rhetoric…
Running Fedora 38 on both desktop and laptop, both former Windows machines with NVIDIA GPU (laptop has the intel IGPU and NVIDIA DGPU). I’ve been able to run every single game I’ve tried (Elden Ring, Mass Effect Andromeda, Starcraft 2, Sea of Thieves, etc) using Steam+Proton. In some cases Proton GE was required, and on the laptop there was a special proton launch argument required for Elden Ring to work. Additionally, on Wayland there is one specific issue being worked on (explicit sync) that does cause some annoyance, flickering apps etc. But it feels like NVIDIA is catching up in terms of Linux compatibility, hang in there!
Vmware workstation player is extremely good. Setup is simple and as far as I know it is faster than VirtualBox. I use it with Windows 10/11 and RHEL Linux for developers.
It still might for many, just to a lesser degree than defederation because a conscious user can choose to unblock things. I block many things year round but when election season comes around, for example, I unblock alot. Either for perspective, or as a reminder of the importance of my voice and vote because people are nuts 😂
This is why instance blocking as a native client feature is needed. I am aware some apps such as Memmy, which I use, implement it in a 3rd party way. However it’s clearly not easily done for everyone in all situations. Defederation is going too much toward an echo chamber; inability to have enough control over the content you see is also an issue.
Personally I see value in having access to misinformation via lemm.ee; it is useful to know all perspectives when that is helpful. However, I don’t wanna see that shit everyday.
Long story short: I think for now, block accounts and communities or use an app with instance blocking. Wait for instance blocking to be native. That’s my 2 cents.