HomeSearchPrevious dayNext day

00:00:42<imer>you guys meet people IRL? :p
00:01:02<imer>(i kid)
00:01:55<nulldata>Should have just taken the L and thanked the person for bringing the broad language to their attention. The deflection looks terrible.
00:01:59Ruthalas59 quits [Quit: END OF LINE]
00:02:23<Barto>JAA: reading through marcan argument, maybe there's a problem in wording in agpl, but it's not a reason to trash it entirely. Again IANAL, and neither am I rms.
00:03:30<Barto>the comment by Wowfunhappy is interesting to me, and that's where i feel like marcan is going maybe too far on trying to fit a round peg in a square hole.
00:03:48<Barto>look, https://opensource.apple.com/ is fine to me
00:13:46<Terbium>imer: i don't meet people IRL or online
00:13:46Ruthalas59 (Ruthalas) joins
00:13:55<fireonlive>what's IRL
00:17:54<nukke>is there a data archivist conference?
00:18:21<Terbium>Wait, this isn't the data archivist conference?
00:18:51<nukke>this is the data hoarder conference
00:19:17<pabs>rewby: I met someone here at DebConf many times, but I wasn't involved here at the time
00:24:44BearFortress joins
00:38:09<fireonlive>maybe you've all met me once ;)
00:56:49programmerq (programmerq) joins
01:28:19<fireonlive>>Results for people are limited
01:28:21<fireonlive>fuck you google
02:13:59<pabs>switch to bing! \o/ :)
02:19:06<fireonlive>x3
03:03:21<fireonlive>https://twitter.com/gtafocal/status/1773384083126542805
03:03:30<fireonlive>https://gbatemp.net/threads/wip-gta-5-rage-switch-port.650199/
03:08:38<Terbium>*Rockstar didn't like that*
03:28:19<nulldata>Probably should save https://twitter.com/SuperstarS31668 and out links before Take-Two's lawyers wake up
03:30:08<fireonlive>currently no way to save twitter aiui
03:34:17<nulldata>Yeah would have to be 'manual'
03:35:57<nulldata>Threw the GitHub pages site into AB
03:44:40zhongfu (zhongfu) joins
05:15:39<fireonlive>smoke weed every day
05:35:26<nukke>Oh wow I somehow missed this https://www.truenas.com/blog/truenas-core-13-3-plans/
05:37:14<nukke>I'm dreading the thought of migrating to Scale
05:47:12qwertyasdfuiopghjkl quits [Quit: Ping timeout (120 seconds)]
05:49:28Guest85 quits [Ping timeout: 258 seconds]
05:51:46qwertyasdfuiopghjkl (qwertyasdfuiopghjkl) joins
06:08:07BlueMaxima quits [Read error: Connection reset by peer]
06:19:00<fireonlive>nukke: i still haven't
06:19:13<fireonlive>don't want to migrate the jails T_T
06:19:16<pabs>"The race to replace Redis" https://lwn.net/SubscriberLink/966631/6bf2063136effa1e/ https://news.ycombinator.com/item?id=39858144
06:22:53<nukke>I literally just finished reading that article
06:23:16<nukke> Great stuff but sounds incredibly frustrating for everyone, especially package maintainers
06:23:54<nukke>Maybe computers were a mistake
06:24:30<fireonlive>nukke: not if that's how we met baby ;)
06:24:59<nukke>OwO
06:25:06<fireonlive>o3o
06:27:46pabs perusing the HN thread
06:31:02fireonlive peruses nukke
07:13:33<fireonlive>I found a way to highlight people, but bypass highlighting! 𝕁𝔸𝔸 πŸ„ΉπŸ„°πŸ„° πŸ…ΉπŸ…°πŸ…° 𝙹𝙰𝙰
07:17:35<@JAA>f‍ireonlive
07:18:45<@JAA>Fun fact, you can use 𝕋𝕣𝕦𝕖 in Python. You can also redefine it!
07:23:41<pabs>grr, GitHub went back to JS for READMEs
07:29:16<fireonlive>nice :D
07:29:22<fireonlive>(not the github thing)
07:33:28<fireonlive>https://dl.fireon.live/irc/216beea7714469eb/JAA.png
07:33:36<fireonlive>πŸ€” o_O
07:33:57<@JAA>Not enough emojis.
07:35:41<fireonlive>these were a couple other suggestions
07:35:43<fireonlive>🍫 ⋆ πŸ‰ πŸŽ€ π’₯π’œπ’œ πŸŽ€ πŸ‰ ⋆ 🍫
07:35:46<fireonlive>🍫 ⋆ 🍬 πŸŽ€ π’₯π’œπ’œ πŸŽ€ 🍬 ⋆ 🍫
07:36:03fireonlive asks chatgpt
07:37:08<fireonlive>"Unexpected server error" x 5
07:37:19<DigitalDragons>ƒιяєσηℓινє
07:37:29<fireonlive>:3
07:38:31pabs lol at https://www.cnbc.com/2024/03/28/reddit-shares-on-a-two-day-tumble-after-post-ipo-high.html
07:41:12<fireonlive>https://status.openai.com/
07:41:13<fireonlive>ahh
07:45:39<DigitalDragons>you broke it :(
07:51:28<fireonlive><_<
07:51:29<fireonlive>>_>
08:05:04razul quits [Read error: Connection reset by peer]
08:06:54razul joins
08:25:25qwertyasdfuiopghjkl quits [Client Quit]
08:56:27BornOn420 quits [Ping timeout: 272 seconds]
09:00:01Bleo182600 quits [Client Quit]
09:01:28Bleo182600 joins
09:08:50BornOn420 (BornOn420) joins
09:24:35<@JAA>Interesting, I got a phishing email linking to a page using Buttflare's IPFS gateway. Not sure I've seen that before.
09:28:26f_ (funderscore) joins
09:30:47f_ quits [Remote host closed the connection]
09:31:32f_ (funderscore) joins
09:33:18f_ quits [Remote host closed the connection]
09:36:53f_ (funderscore) joins
09:40:00pabs has had multiple, IIRC CF do block them
10:08:19qwertyasdfuiopghjkl (qwertyasdfuiopghjkl) joins
10:13:35zhongfu quits [Client Quit]
10:14:03Hackerpcs quits [Quit: Hackerpcs]
10:16:52Hackerpcs (Hackerpcs) joins
11:33:25jacksonchen666 (jacksonchen666) joins
11:35:39SootBector quits [Ping timeout: 255 seconds]
11:36:28zhongfu (zhongfu) joins
11:37:54sec^nd quits [Ping timeout: 255 seconds]
11:38:04SootBector (SootBector) joins
11:38:10zhongfu quits [Client Quit]
11:41:05zhongfu (zhongfu) joins
11:44:42sec^nd (second) joins
12:36:42SootBector quits [Remote host closed the connection]
12:37:06SootBector (SootBector) joins
12:56:31icedice quits [Client Quit]
13:02:06SootBector quits [Remote host closed the connection]
13:02:31SootBector (SootBector) joins
13:59:52<Barto>https://xkcd.com/963/ Finally, I did rm my xorg.conf that i generated years ago with "X -configure".
14:02:56icedice (icedice) joins
14:14:48Guest88 joins
14:15:13Arcorann quits [Ping timeout: 255 seconds]
14:37:28sec^nd quits [Remote host closed the connection]
14:37:49sec^nd (second) joins
14:41:46Ruthalas59 quits [Ping timeout: 255 seconds]
14:47:08HP_Archivist (HP_Archivist) joins
14:58:50<Ryz>Had to remove a Firefox extension named 'Disable JavaScript' on the suspicion of being sold (and that there were some new permissions being asked but the extension wasn't updated...?) - https://github.com/dpacassi/disable-javascript/issues/118
15:34:09eroc19904 (eroc1990) joins
16:08:48lunik1 quits [Client Quit]
16:09:13lunik1 joins
16:12:35lunik1 quits [Client Quit]
16:13:02lunik1 joins
16:47:52rappet quits [Quit: https://quassel-irc.org - Komfortabler Chat. Überall.]
16:49:50rappet (rappet) joins
17:31:49<that_lurker>https://www.openwall.com/lists/oss-security/2024/03/29/4
17:32:01<that_lurker>"Subject: backdoor in upstream xz/liblzma leading to ssh server compromise"
17:32:11<Barto>goddamn
17:32:36<that_lurker>https://news.ycombinator.com/item?id=39865810 interesting comment on the matter by rwmj
17:34:58PredatorIWD quits [Read error: Connection reset by peer]
17:36:59<Barto>interesting
17:41:05PredatorIWD joins
17:47:46<Barto>the dude claiming he got a pr to update the go library, too
17:47:55<nukke>>Good afternoon! A recent exploit has been identified in xz/liblzma. Libera is not affected by this vulnerability, but many other systems might be. You can read more about the incident here: https://www.openwall.com/lists/oss-security/2024/03/29/4 . Have a good weekend.
17:48:28<nukke>damn taht was a quick announcement
17:49:34<tech234a>Ryz: FYI you can disable JS with uBlock Origin https://github.com/gorhill/uBlock/wiki/Per-site-switches#no-scripting
17:50:11<Ryz>Oh? Huh, and it's per website too?
17:50:35<tech234a>yeah and it looks like there is an option to disable globally by default if you prefer
17:50:37pixel leaves
17:50:38pixel (pixel) joins
17:52:39<Ryz>Oh, huh, thanks for that tech234a; I think the only reason I use that other extension is that it has an easy right-click option to disable it from there~
17:53:27<Ryz>And it really makes it easy to tell if I disabled it since the previous extension doesn't explicitly inform me in comparsion
17:53:46<Barto>nukke: always those patches during bank holidays :D
17:54:09<Barto>congratz to debian finding it
18:06:04nukke dabs
18:06:21<nukke>thankfully only unstable/upstream is affected so no need to patch shit this weekend for the rest of us
18:15:25<Barto>i have 2 fedora vms at work though
18:15:45<nukke>are you running rawhide?
18:15:52<Barto>last stable iirc
18:16:05<nukke>ok, that's 39 so you're good. fedora 40 beta came out like 2-3 days ago
18:16:06<Barto>so i'm safe i think, anyhow i'm running an update everytime i boot it
18:16:20<nukke>only 40/rawhide are affected
18:16:33<Barto>congratz to all those package maintainers catching it early
18:17:52<Barto>xz team might bit the bullet for all other open source projects
18:18:46HP_Archivist quits [Client Quit]
18:32:58decky_e joins
18:35:19decky quits [Ping timeout: 255 seconds]
19:02:10Lord_Nightmare quits [Quit: ZNC - http://znc.in]
19:13:03<Barto>https://security.archlinux.org/ASA-202403-1
19:14:22<Barto>https://archlinux.org/news/the-xz-package-has-been-backdoored/
19:14:31<Barto>https://lwn.net/Articles/967180/
19:14:39<Barto>it starts popping everywhere in my feeds lol
19:16:23<nukke>oh sweet protonmail finally supports passkeys
19:17:10<nukke>err protonass*
19:17:31<Barto>proton ass?
19:17:34<Barto>damn
19:18:14<nukke>gotta protect your ass from the dick corporations
19:28:43d10n_ quits [Quit: why all the #hashtags]
19:29:24d10n joins
19:41:11andrew quits [Quit: ]
19:47:01andrew (andrew) joins
19:58:55emberquill080 quits [Quit: The Lounge - https://thelounge.chat]
19:59:42emberquill080 (emberquill) joins
20:09:58<@JAA>> Accepted xz-utils 5.6.1+really5.4.5-1 (source) into unstable
20:10:02<@JAA>:-)
20:11:39<imer>scary stuff.
20:17:24<kiska>Oh fun!
20:17:46<kiska>Too bad I don't update my systems that often :D
20:19:00<yzqzss>Too good I am a debian testing user :(
20:22:27<nukke>is this the first 10.0 CVE of the year?
20:33:52emberquill080 quits [Client Quit]
21:34:01<Terbium>CISA Alert is already out: https://www.cisa.gov/news-events/alerts/2024/03/29/reported-supply-chain-compromise-affecting-xz-utils-data-compression-library-cve-2024-3094
21:50:54<Barto>Good guys cisa
22:05:24<fireonlive>https://gist.github.com/thesamesam/223949d5a074ebc3dce9ee78baad9e27
22:05:34<fireonlive>from a dev on the project
22:08:53<fireonlive>ugh/neat tho
22:13:06<Ryz>Oh, oof with Linux backdoor: https://www.bleepingcomputer.com/news/security/red-hat-warns-of-backdoor-in-xz-tools-used-by-most-linux-distros/
22:13:40<Ryz>Or to make a fake clickbait article, "Why Windows is Better than Linux" o.o;
22:15:15<Terbium>Windows comes with backdoors included out of box as a feature
22:17:55<Barto>this might sound like doing a fork of xz might be necessary to clean things up
22:19:23<@JAA>Terbium: More like frontdoor, really.
22:21:09<@JAA>Barto: I suppose, but how many key projects are there like this that qualify for https://xkcd.com/2347/ ? I bet the number is much higher than we'd like, and all of those are vulnerable to the same kind of thing. :-/
22:25:11<Barto>i was expecting this xkcd anytime
22:25:14<Barto>:-)
22:25:21<Barto>i haven't even clicked on it
22:25:34<Barto>yeap, that's the one
22:26:38<Barto>prolly we'd need a list of infrastructure-critical projects and them make them join a common group, kinda owasp-like.
22:26:54Church (Church) joins
22:27:04<Barto>owasp is far from perfect, mind you, but you get the idea
22:29:35<Barto>it's kinda the same disease that got us heartbleed in openssl
22:31:40<@JAA>Also funding. Lots of funding.
22:32:43<Barto>yeah
22:36:40<nukke>there was an article like 2-3 weeks ago about how microsoft _still_ doesn't know how bad their recent hack was
22:46:24<@JAA>Oh boy: https://bugs.launchpad.net/ubuntu/+source/xz-utils/+bug/2059417
22:47:39<@JAA>Note the date. :-)
22:48:38<nukke>Is that the suspected backdoor person?
22:49:28<katia>nukke, this is a good writeup: https://boehs.org/node/everything-i-know-about-the-xz-backdoor
22:52:18<Barto>lol
22:52:52<Barto>You know what makes me grin: the person is now damn quiet about this :D
22:54:08<nukke>Oh shit it is
22:54:20<Barto>:-)
23:04:36<nukke>That was a great read.
23:07:40<@JAA>The Gist linked an hour ago is also quite good.
23:13:46<nicolas17>JAA: it looks like yesterday (when Jia Tan filed that launchpad bug) Debian was already aware of the backdoor
23:18:23<@JAA>Yes, it was in the works behind the scenes for a day, apparently.
23:21:31<nicolas17>crazy timing
23:27:29<fireonlive>https://dl.fireon.live/irc/98e77e309132563d/starbucks.png
23:27:43<fireonlive>heyyyyyyy gaaaaaaaaalssss πŸ’…πŸ»
23:28:06<fireonlive>i come to you with the hottest starbz tea 🍡 πŸ«–
23:28:11<fireonlive>πŸ§‹πŸ§‹πŸ§‹
23:28:20<fireonlive>coming soon 🀩🀩🀩
23:33:18that_lurker Cries as the nearest Starbucks is too far away
23:33:44Arcorann (Arcorann) joins
23:35:02<Barto>hackaday picked the news https://hackaday.com/2024/03/29/security-alert-potential-ssh-backdoor-via-liblzma/
23:35:28<Barto>it add https://bugs.gentoo.org/925415
23:37:12<Barto>comment 6 is funny
23:38:07<Barto>Jia shows up in comment 16
23:38:50<Barto>also, yeah, dates
23:38:57<nukke>🍿
23:42:25<fireonlive>that_lurker: perkele :(

HomeSearchPrevious dayNext day