27·
16 days ago
Arthur Besse
cultural reviewer and dabbler in stylistic premonitions
- 57 Posts
- 78 Comments
Joined 4 years ago
Cake day: January 17th, 2022
You are not logged in. If you use a Fediverse account that is able to follow users, you can follow this user.
that kernel release (which most distros have still not shipped yet) fixes only one of the two vulnerabilities (CVE-2026-43284); afaik even upstream still doesn’t have a patch for the second one (CVE-2026-43500) at this time.
(for people relying on Linux privilege separation, here are mitigation instructions.)
unfortunately, like its predecessor (Nokia’s Maemo/Meego), Jolla’s SailfishOS has never been (and has never had plans to be) fully free/libre open source software.
many components of it are freely licensed, but not nearly enough to constitute an actual mobile operating system you can use.
You’re correct on both points (🤦♂️ indeed).
I’ve now edited this post to link to their advisory text file instead of their advertising-heavy blog post about it which I had initially linked when the above comment was posted. Thanks.
1·3 months agonow that i’ve linked you to the paywall bypass and pointed out that it is a credible journalist and outlet reporting that Proton confirmed that this happened, why not update your post title to match the article’s accurate headline?
OP, why did you put “news media claims” at the beginning of this post title? are you doubting the veracity of it? the journalist and outlet reporting this are both well known and reputable, and they have quotes from Proton’s head of communications confirming it.
10·7 months agoPlastic surgery would become more popular.
One of the paper’s authors had the same thought:
“Suppose this type of technology gets used in labor market screening, or maybe dating markets,” Shue muses. “Going forward, you could imagine a reaction in which people then start modifying their pictures to look a certain way. Or they could modify their actual faces through cosmetic procedures.”
She also bizarrely says that:
“we are very much not advocating that this technology be used by firms as part of their hiring process.”
and yet, for some reason:
The next step for Shue and her colleagues is to explore whether certain personality types are drawn to specific industries or whether those personality types are more likely to succeed within given industries.
i haven’t used it myself but https://jmp.chat/ looks good if you’re OK with a US or Canadian number.
there is a lemmy community about it here: !sopranica@lemmy.ml.
“But you can’t copy with Ctrl+C, it’s…” - You can. When something is selected It copies selection to clipboard, otherwise it sends SIGINT.
What terminal emulator are you using where ctrl-c copies instead of sending SIGINT when text is selected? In every one I’ve ever used, ctrl-c still sends SIGINT even with text selected (and one must must use ctrl-shift-C/ctrl-shift-V to copy/paste).
I don’t have any suggestion for getting the behavior you’re asking for, but besides the normal ctrl-(shift)-C/V clipboard FYI you also have two other types of clipboard-like things: one which works anywhere (not only in the terminal) and is actually always automatically copying anything you select and lets you paste from it with middle click (this originated with X Windows but i think most Wayland compositors have also implemented it by now), and another which is found in GNU Readline (used by bash and numerous other REPLs) called the “kill buffer” which can be pasted (or “yanked”) from and cut (or “killed”) to using Emacs keyboard shortcuts (which also include various cursor movement controls).
Notes:
- the kill buffer is local to a given readline context, it’s not shared across different shell windows.
- the list of emacs keybindings in that wikipedia article i linked is currently confusingly referring to the kill buffer as “the clipboard”
- you can drastically reconfigure your readline keybindings and other behavior by editing your
.inputrcfile, but you cannot achieve what you were originally asking for because there is no concept of text selection in readline.
HTH!
the info line contains the answer:
Info: applications using this runtime: io.github.Hexchat
You need to remove Hexchat if you want to remove the end-of-life runtimes it requires.
I regret to inform you that the maintainer wrote in February 2024: This will be the last release I make of HexChat. The project has largely been unmaintained for years now and nobody else stepped up to do that work.
My computer uses both system and user remotes.
Because my .var directory is almost full, […]
If you’re low on disk space you probably want to have everything installed as either user or system, to avoid having some runtimes installed in both.
7·8 months agoHere is the paper: Dutch courage? Effects of acute alcohol consumption on self-ratings and observer ratings of foreign language skills (sci-hub pdf link).
It was published in 2017 but only won the Ig Nobel prize this year.
Abstract
Aims: A popular belief is that alcohol improves the ability to speak in a foreign language. The effect of acute alcohol consumption on perceived foreign language performance and actual foreign language performance in foreign language learners has not been investigated. The aim of the current study was to test the effects of acute alcohol consumption on self-rated and observer-rated verbal foreign language performance in participants who have recently learned this language.
Methods: Fifty native German speakers who had recently learned Dutch were randomized to receive either a low dose of alcohol or a control beverage that contained no alcohol. Following the experimental manipulation, participants took part in a standardized discussion in Dutch with a blinded experimenter. The discussion was audio-recorded and foreign language skills were subsequently rated by two native Dutch speakers who were blind to the experimental condition (observer-rating). Participants also rated their own individual Dutch language skills during the discussion (self-rating).
Results: Participants who consumed alcohol had significantly better observer-ratings for their Dutch language, specifically better pronunciation, compared with those who did not consume alcohol. However, alcohol had no effect on self-ratings of Dutch language skills.
Conclusions: Acute alcohol consumption may have beneficial effects on the pronunciation of a foreign language in people who have recently learned that language.
Thanks for pointing this out. Looking closer I see that that “journal” was definitely not something I want to be sending traffic to, for a whole bunch of reasons - besides anti-vax they’re also anti-trans, and they’re gold bugs… and they’re asking tough questions like “do viruses exist” 🤡
I edited the post to link to MIT instead, and added a note in the post body explaining why.
It is now official. Netcraft has confirmed: Distrowatch is dying.
One more crippling bombshell hit the already beleaguered Distrowatch community […]
There are several ways to; afaik waypipe is the best one.
you can still use OpenRC instead if you want, and sxmo will continue to do so by default.
you can read here about why they added systemd.
I’m planning on revitalizing and bringing this old Itautec to the 21st century
I think it was born in the 21st century? From this it looks like the first Celeron M was in 2004, and the first at that clockspeed was 2005.
Also, 2GB of RAM is plenty for many purposes - that’s more than any Raspberry Pi before the Pi 4 had!
At first i thought, wow, cool they’re still developing that? Doing a release or two a year, i see.
I used to use it long ago, and was pretty happy with it.
But looking closer now, what is going on with security there?! Sorry to be the bearer of probably bad news, but... 😬
The only three CVEs in their changelog are from 2007, 2010, and 2014, and none are specific to claws.
Does that mean they haven’t had any exploitable bugs? That seems extremely unlikely for a program written in C with the complexity that being an email client requires.
All of the recent changelog entries which sound like possibly-security-relevant bugs have seven-digit numbers prefixed with “CID”, whereas the other bugs have four-digit bug numbers corresponding to entries in their bugzilla.
After a few minutes of searching, I have failed to figure out what “CID” means, or indeed to find any reference to these numbers outside of claws commit messages and release announcements. In any case, from the types of bugs which have these numbers instead of bugzilla entries, it seems to be the designation they are using for security bugs.
The effect of failing to register CVEs and issue security advisories is that downstream distributors of claws (such as the Linux distributions which the project’s website recommends installing it from) do not patch these issues.
For instance, claws is included in Debian stable and three currently-supported LTS releases of Ubuntu - which are places where users could be receiving security updates if the project registered CVEs, but are not since they don’t.
Even if you get claws from a rolling release distro, or build the latest release yourself, it looks like you’d still be lagging substantially on likely-security-relevant updates: there have actually been numerous commits containing CID numbers in the month since the last release.
If the claws developers happen to read this: thanks for writing free software, but: please update your FAQ to explain these CID numbers, and start issuing security advisories and/or registering CVEs when appropriate so that your distributors will ship security updates to your users!
sure. first, configure sudo to be passwordless, or perhaps just to stay unlocked for longer (it’s easy to find instructions for how to do that).
then, put this in your
~/.bashrc:alias sudo='echo -n "are you sure? "; for i in $(seq 5); do echo -n "$((6 - $i)) "; sleep 1; done && echo && /usr/bin/sudo 'Now “sudo” will give you a 5 second countdown (during which you can hit ctrl-c if you change your mind) before running whatever command you ask it to.
Nice post,
but your title is misleading: the blog post is actually titled “Supply Chain Attacks on Linux distributions - Overview” - the word “attacks” as used here is a synonym for “vulnerabilities”. It is not completely clear from their title if this is going to be a post about vulnerabilities being discovered, or about them actually being exploited maliciously, but the latter is at least not strongly implied.This lemmy post however is titled (currently, hopefully OP will retitle it after this comment) “Supply Chain Attack found in Fedora’s Pagure and openSUSE’s Open Build Service”.edit: @OP thanks for changing the title!Adding the word “found” (and making “Attack” singular) changes the meaning: this title strongly implies that a malicious party has actually been detected performing a supply chain attack for real - which is not what this post is saying at all. (It does actually discuss some previous real-world attacks first, but it is not about finding those; the new findings in this post are vulnerabilities which were never attacked for real.)
I recommend using the original post title (minus its “Overview” suffix) or keeping your more verbose title but changing the word “Attack” to “Vulnerabilities” to make it clearer.TLDR: These security researchers went looking for supply chain vulnerabilities, and found several bugs in two different systems. After responsibly disclosing them, they did these (very nice and accessible, btw - i recommend reading them) writeups about two of the bugs. The two they wrote up are similar in that they both involve going from being able to inject command line arguments, to being able to write to a file, to being able to execute arbitrary code (in a context which would allow attackers to perform supply chain attacks on any software distributed via the targeted infrastructure).
