00:00:42 you guys meet people IRL? :p 00:01:03 (i kid) 00:01:55 Should have just taken the L and thanked the person for bringing the broad language to their attention. The deflection looks terrible. 00:02:23 JAA: reading through marcan argument, maybe there's a problem in wording in agpl, but it's not a reason to trash it entirely. Again IANAL, and neither am I rms. 00:03:30 the comment by Wowfunhappy is interesting to me, and that's where i feel like marcan is going maybe too far on trying to fit a round peg in a square hole. 00:03:48 look, https://opensource.apple.com/ is fine to me 00:13:46 imer: i don't meet people IRL or online 00:13:55 what's IRL 00:17:54 is there a data archivist conference? 00:18:21 Wait, this isn't the data archivist conference? 00:18:52 this is the data hoarder conference 00:19:17 rewby: I met someone here at DebConf many times, but I wasn't involved here at the time 00:38:09 maybe you've all met me once ;) 01:28:19 >Results for people are limited 01:28:21 fuck you google 02:13:59 switch to bing! \o/ :) 02:19:06 x3 03:03:21 https://twitter.com/gtafocal/status/1773384083126542805 03:03:30 https://gbatemp.net/threads/wip-gta-5-rage-switch-port.650199/ 03:08:38 *Rockstar didn't like that* 03:28:19 Probably should save https://twitter.com/SuperstarS31668 and out links before Take-Two's lawyers wake up 03:30:08 currently no way to save twitter aiui 03:34:18 Yeah would have to be 'manual' 03:35:57 Threw the GitHub pages site into AB 05:15:39 smoke weed every day 05:35:27 Oh wow I somehow missed this https://www.truenas.com/blog/truenas-core-13-3-plans/ 05:37:14 I'm dreading the thought of migrating to Scale 06:19:00 nukke: i still haven't 06:19:13 don't want to migrate the jails T_T 06:19:16 "The race to replace Redis" https://lwn.net/SubscriberLink/966631/6bf2063136effa1e/ https://news.ycombinator.com/item?id=39858144 06:22:53 I literally just finished reading that article 06:23:16 Great stuff but sounds incredibly frustrating for everyone, especially package maintainers 06:23:54 Maybe computers were a mistake 06:24:31 nukke: not if that's how we met baby ;) 06:24:59 OwO 06:25:06 o3o 06:27:46 * pabs perusing the HN thread 06:31:02 * fireonlive peruses nukke 07:13:33 I found a way to highlight people, but bypass highlighting! 𝕁𝔸𝔸 🄹🄰🄰 🅹🅰🅰 𝙹𝙰𝙰 07:17:35 f‍ireonlive 07:18:45 Fun fact, you can use 𝕋𝕣𝕦𝕖 in Python. You can also redefine it! 07:23:41 grr, GitHub went back to JS for READMEs 07:29:16 nice :D 07:29:22 (not the github thing) 07:33:28 https://dl.fireon.live/irc/216beea7714469eb/JAA.png 07:33:36 🤔 o_O 07:33:57 Not enough emojis. 07:35:41 these were a couple other suggestions 07:35:43 🍫 ⋆ 🍉 🎀 𝒥𝒜𝒜 🎀 🍉 ⋆ 🍫 07:35:46 🍫 ⋆ 🍬 🎀 𝒥𝒜𝒜 🎀 🍬 ⋆ 🍫 07:36:03 * fireonlive asks chatgpt 07:37:08 "Unexpected server error" x 5 07:37:19 ƒιяєσηℓινє 07:37:29 :3 07:38:31 * pabs lol at https://www.cnbc.com/2024/03/28/reddit-shares-on-a-two-day-tumble-after-post-ipo-high.html 07:41:12 https://status.openai.com/ 07:41:13 ahh 07:45:39 you broke it :( 07:51:28 <_< 07:51:29 >_> 09:24:35 Interesting, I got a phishing email linking to a page using Buttflare's IPFS gateway. Not sure I've seen that before. 09:40:00 * pabs has had multiple, IIRC CF do block them 13:59:52 https://xkcd.com/963/ Finally, I did rm my xorg.conf that i generated years ago with "X -configure". 14:58:50 Had to remove a Firefox extension named 'Disable JavaScript' on the suspicion of being sold (and that there were some new permissions being asked but the extension wasn't updated...?) - https://github.com/dpacassi/disable-javascript/issues/118 17:31:50 https://www.openwall.com/lists/oss-security/2024/03/29/4 17:32:01 "Subject: backdoor in upstream xz/liblzma leading to ssh server compromise" 17:32:11 goddamn 17:32:36 https://news.ycombinator.com/item?id=39865810 interesting comment on the matter by rwmj 17:36:59 interesting 17:47:46 the dude claiming he got a pr to update the go library, too 17:47:55 >Good afternoon! A recent exploit has been identified in xz/liblzma. Libera is not affected by this vulnerability, but many other systems might be. You can read more about the incident here: https://www.openwall.com/lists/oss-security/2024/03/29/4 . Have a good weekend. 17:48:28 damn taht was a quick announcement 17:49:34 Ryz: FYI you can disable JS with uBlock Origin https://github.com/gorhill/uBlock/wiki/Per-site-switches#no-scripting 17:50:11 Oh? Huh, and it's per website too? 17:50:35 yeah and it looks like there is an option to disable globally by default if you prefer 17:52:39 Oh, huh, thanks for that tech234a; I think the only reason I use that other extension is that it has an easy right-click option to disable it from there~ 17:53:27 And it really makes it easy to tell if I disabled it since the previous extension doesn't explicitly inform me in comparsion 17:53:46 nukke: always those patches during bank holidays :D 17:54:09 congratz to debian finding it 18:06:04 * nukke dabs 18:06:21 thankfully only unstable/upstream is affected so no need to patch shit this weekend for the rest of us 18:15:25 i have 2 fedora vms at work though 18:15:45 are you running rawhide? 18:15:52 last stable iirc 18:16:05 ok, that's 39 so you're good. fedora 40 beta came out like 2-3 days ago 18:16:06 so i'm safe i think, anyhow i'm running an update everytime i boot it 18:16:20 only 40/rawhide are affected 18:16:33 congratz to all those package maintainers catching it early 18:17:52 xz team might bit the bullet for all other open source projects 19:13:03 https://security.archlinux.org/ASA-202403-1 19:14:22 https://archlinux.org/news/the-xz-package-has-been-backdoored/ 19:14:31 https://lwn.net/Articles/967180/ 19:14:39 it starts popping everywhere in my feeds lol 19:16:23 oh sweet protonmail finally supports passkeys 19:17:11 err protonass* 19:17:31 proton ass? 19:17:34 damn 19:18:14 gotta protect your ass from the dick corporations 20:09:58 > Accepted xz-utils 5.6.1+really5.4.5-1 (source) into unstable 20:10:02 :-) 20:11:39 scary stuff. 20:17:24 Oh fun! 20:17:47 Too bad I don't update my systems that often :D 20:19:00 Too good I am a debian testing user :( 20:22:28 is this the first 10.0 CVE of the year? 21:34:01 CISA Alert is already out: https://www.cisa.gov/news-events/alerts/2024/03/29/reported-supply-chain-compromise-affecting-xz-utils-data-compression-library-cve-2024-3094 21:50:54 Good guys cisa 22:05:24 https://gist.github.com/thesamesam/223949d5a074ebc3dce9ee78baad9e27 22:05:34 from a dev on the project 22:08:53 ugh/neat tho 22:13:07 Oh, oof with Linux backdoor: https://www.bleepingcomputer.com/news/security/red-hat-warns-of-backdoor-in-xz-tools-used-by-most-linux-distros/ 22:13:41 Or to make a fake clickbait article, "Why Windows is Better than Linux" o.o; 22:15:15 Windows comes with backdoors included out of box as a feature 22:17:55 this might sound like doing a fork of xz might be necessary to clean things up 22:19:23 Terbium: More like frontdoor, really. 22:21:09 Barto: I suppose, but how many key projects are there like this that qualify for https://xkcd.com/2347/ ? I bet the number is much higher than we'd like, and all of those are vulnerable to the same kind of thing. :-/ 22:25:11 i was expecting this xkcd anytime 22:25:14 :-) 22:25:21 i haven't even clicked on it 22:25:35 yeap, that's the one 22:26:38 prolly we'd need a list of infrastructure-critical projects and them make them join a common group, kinda owasp-like. 22:27:04 owasp is far from perfect, mind you, but you get the idea 22:29:35 it's kinda the same disease that got us heartbleed in openssl 22:31:40 Also funding. Lots of funding. 22:32:43 yeah 22:36:40 there was an article like 2-3 weeks ago about how microsoft _still_ doesn't know how bad their recent hack was 22:46:24 Oh boy: https://bugs.launchpad.net/ubuntu/+source/xz-utils/+bug/2059417 22:47:39 Note the date. :-) 22:48:38 Is that the suspected backdoor person? 22:49:28 nukke, this is a good writeup: https://boehs.org/node/everything-i-know-about-the-xz-backdoor 22:52:18 lol 22:52:52 You know what makes me grin: the person is now damn quiet about this :D 22:54:08 Oh shit it is 22:54:20 :-) 23:04:36 That was a great read. 23:07:40 The Gist linked an hour ago is also quite good. 23:13:46 JAA: it looks like yesterday (when Jia Tan filed that launchpad bug) Debian was already aware of the backdoor 23:18:23 Yes, it was in the works behind the scenes for a day, apparently. 23:21:31 crazy timing 23:27:29 https://dl.fireon.live/irc/98e77e309132563d/starbucks.png 23:27:43 heyyyyyyy gaaaaaaaaalssss 💅🏻 23:28:06 i come to you with the hottest starbz tea 🍵 🫖 23:28:11 🧋🧋🧋 23:28:20 coming soon 🤩🤩🤩 23:33:18 * that_lurker Cries as the nearest Starbucks is too far away 23:35:02 hackaday picked the news https://hackaday.com/2024/03/29/security-alert-potential-ssh-backdoor-via-liblzma/ 23:35:28 it add https://bugs.gentoo.org/925415 23:37:12 comment 6 is funny 23:38:07 Jia shows up in comment 16 23:38:50 also, yeah, dates 23:38:57 🍿 23:42:25 that_lurker: perkele :(