Notices tagged with linux, page 30

Timeline of the xz open source attack https://research.swtch.com/xz-timeline #infosec #security #linux

Made the mistake of trying to install/run a Python tool (thinking perhaps things have gotten better because it’s 2024).

So, anyway:

- poetry and pyenv (get them, trust me)

- If pyenv install fails for you (e.g., on Fedora 39) with ImportError: No module named '_curses', 'readline', and '_ssl':

sudo dnf install ncurses-devel readline-devel openssl-devel

Then run pyenv install again.

#python #iJustWantToRunAPackage #sigh #linux #fedora #pyenv #poetry

How to switch boot target to text or GUI in systemd #Linux https://www.cyberciti.biz/faq/switch-boot-target-to-text-gui-in-systemd-linux/

@itsfoss just published an article for April Fools' Day.

https://news.itsfoss.com/microsoft-ubuntu/

It's really one of the better April Fools' pranks I've ever come across. It's grounded and almost believable that it actually had me there for a minute! 😂

Good one, guys!

#AprilFools #AprilFoolsDay #Linux #OpenSource #FOSS #Microsoft #Windows10

Share them 🙂

#linux

Congress in the US has banned Copilot for security reasons. I would take it further. Really the way Windows is coded now, it is a significant security problem. The idea that it is unclear whether you are using local data or online data is unacceptable.

This includes:

- Login. Login should be local. You are not logging into a service. You are logging into a computer. The service should be separate from the computer.

- Copilot. Clearly another case where you may not realize that you are sharing data by asking a question.

- OneDrive. Another case where local data is backed up in the cloud, without active actions by you as a user. Backup is great, but you should have to explicitly enable it and there should be a warning that your data may be scanned.

- Windows. In reality even Windows is now a problem given the login issue and any tracking that is happening.

Online cloud services can be great, but one should never be forced into online services or lured into them. Any computer should work fine without having to use OS online services, except basic services, like updates and the like.

#Windows #Linux #Microsoft

https://www.reuters.com/technology/us-congress-bans-staff-use-microsofts-ai-copilot-axios-reports-2024-03-29/

GNU + Linux 🔥

#gnu #linux

Are you experienced with GTK and Rust ? :gnome: ❤️ :rust:

We are looking to contract someone to work on the new GNOME Password Manager 🔑

We want it to become a core/default app and help secure millions of users.

You'll be working with the GNOME Foundation, a non-profit dedicated to building emancipatory technologies for everyone.

Please send resume / portfolio to stf@gnome.org

Boosts welcome :boost_love:

#GTK #Rust #rustlang #GNOME #Linux #Ubuntu #Linux #Fedora #OpenSUSE #Debian

Microsoft, wait, what? 😱

https://news.itsfoss.com/microsoft-ubuntu/

#ubuntu #linux #microsoft

Regarding xz-utils backdoor (liblzma5): Right now no Debian stable versions are known to be affected.
Compromised packages were part of the Debian testing, unstable and experimental distributions, with versions ranging from 5.5.1alpha-0.1 (uploaded on 2024-02-01), up to and including 5.6.1-1. The package has been reverted to use the upstream 5.4.5 code, which we have versioned 5.6.1+really5.4.5-1. Debian #Linux 12/11/10 appears safe. Taken from https://lists.debian.org/debian-security-announce/2024/msg00057.html #infosec #security

Unfolding now: https://news.ycombinator.com/item?id=39865810

- https://www.openwall.com/lists/oss-security/2024/03/29/4
- https://github.com/tukaani-project/xz/commit/cf44e4b7f5dfdbf8c78aef377c10f71e274f63c0

An incredibly technically complex #backdoor in xz (potentially also in libarchive and elsewhere) was just discovered. This backdoor has been quietly implemented over years, with the assistance of a wide array of subtly interconnected accounts:

- https://github.com/tukaani-project/xz/commit/ee44863ae88e377a5df10db007ba9bfadde3d314
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1067708
- https://github.com/jamespfennell/xz/pull/2

The timeline on this is going to take so long to unravel

#security #linux

https://boehs.org/node/everything-i-know-about-the-xz-backdoor

I have begun a post explaining this situation in a more detailed writeup. This is updating in realtime, and there is a lot still missing.

#security #xz #linux

Backdoor in upstream xz/liblzma leading to ssh server compromise https://www.openwall.com/lists/oss-security/2024/03/29/4 #unix #linux #openssh #infosec #security

I'll start, Myth : Linux is mostly for coders 😉

#linux

It’s very cool that Bluefin have managed to get homebrew working in an rpm-ostree environment without conflicting with host paths.

https://universal-blue.discourse.group/t/bluefin-is-feature-complete/703

I always thought homebrew would be perfect for atomic Linux but ran into the same issues. Today, I run Rust-based CLI apps installed with cargo and/or, less favourably, Go apps. I only use a container when I have to build something from source.

So, yeah, I’ll be keeping an eye on Bluefin. They seem to get it.

#design #OS #linux #blueFin

How do you know someone who uses Arch #Linux ?

Don't worry; they'll show you their neofetch command output even though you didn’t ask for it.

How to change the colour of your shell prompt on #Linux or #unix https://www.cyberciti.biz/faq/bash-shell-change-the-color-of-my-shell-prompt-under-linux-or-unix/

Learning coding/devops or #Linux #sysadmin work by trial and error be like ... credit https://theycantalk.com/post/150288574840/trial-and-error

Grandma is using #Linux and got her own channel too. Check it out
https://youtube.com/@AndreaBorman?si=ShS4VAMeimYrGAsX

A new project to resume development on the formerly open-source Redis project. This project was forked from the open source Redis project right before the transition to their new source available licenses. https://github.com/valkey-io/valkey Linux Foundation is behind this project. #opensource #unix #linux