cultural reviewer and dabbler in stylistic premonitions
E: old thinkpad gang input: take the time to reapply thermal grease to the cpu at some point. It makes a huge difference.
What’s a “gang input”?
😂 it’s an input to this discussion from a member of the group of people (“gang”) who have experience with old thinkpads. and yes, if your old thinkpad (or other laptop) is overheating and crashing, reapplying the thermal paste is a good next step after cleaning the fans.
xzbot from Anthony Weems enables to patch the corrupted liblzma to change the private key used to compare it to the signed ssh certificate, so adding this to your instructions might enable me to demonstrate sshing into the VM :)
Fun :)
Btw, instead of installing individual vulnerable debs as those kali instructions I linked to earlier suggest, you could also point debootstrap at the snapshot service so that you get a complete system with everything as it would’ve been in late March and then run that in a VM… or in a container. You can find various instructions for creating containers and VMs using debootstrap (eg, this one which tells you how to run a container with systemd-nspawn; but you could also do it with podman or docker or lxc). When the instructions tell you to run debootstrap, you just want to specify a snapshot URL like https://snapshot.debian.org/archive/debian/20240325T212344Z/ in place of the usual Debian repository url (typically https://deb.debian.org/debian/).
A daily ISO of Debian testing or Ubuntu 24.04 (noble) beta from prior to the first week of April would be easiest, but those aren’t archived anywhere that I know of. It didn’t make it in to any stable releases of any Debian-based distros.
But even when you have a vulnerable system running sshd in a vulnerable configuration, you can’t fully demo the backdoor because it requires the attacker to authenticate with their private key (which has not been revealed).
But, if you just want to run it and observe the sshd slowness that caused the backdoor to be discovered, here are instructions for installing the vulnerable liblzma deb from snapshot.debian.org.
Ok, you and @d3Xt3r@lemmy.nz are both mods of /c/linux@lemmy.ml now. Thanks!
Ok, I just stickied this post here, but I am not going to manage making a new one each week :)
I am an admin at lemmy.ml and was actually only added as a mod to this community so that my deletions would federate (because there was a bug where non-mod admin deletions weren’t federating a while ago). The other mods here are mostly inactive and most of the mod activity is by me and other admins.
Skimming your history here, you seem alright; would you like to be a mod of /c/linux@lemmy.ml ?
As of today, NixOS (like most distros) has reverted to a version slightly prior to the release with the Debian-or-Redhat-specific sshd backdoor which was inserted into xz just two months ago. However, the saboteur had hundreds of commits prior to the insertion of that backdoor, and it is very likely that some of those contain subtle intentional vulnerabilities (aka “bugdoors”) which have not yet been discovered.
As (retired) Debian developer Joey Hess explains here, the safest course is probably to switch to something based on the last version (5.3.1) released prior to Jia Tan getting push access.
Unfortunately, as explained in this debian issue, that is not entirely trivial because dependents of many recent pre-backdoor potentially-sabotaged versions require symbol(s) which are not present in older versions and also because those older versions contain at least two known vulnerabilities which were fixed during the multi-year period where the saboteur was contributing.
After reading Xz format inadequate for long-term archiving (first published eight years ago…) I’m convinced that migrating the many projects which use XZ today (including DPKG, RPM, and Linux itself) to an entirely different compression format is probably the best long-term plan. (Though we’ll always still need tools to read XZ archives for historical purposes…)
for those unfamiliar: Reflections on trusting trust by Ken Thompson
+1 to ctrl-alt-fsomething (start at f1 and go up to move through the different virtual terminals). once in a while there are graphics problems which this will fix.
If you’re using GNOME Shell on X you can reload the shell (and all of its extensions) with alt-f2 and then in the “Run a command” dialog that appears type r and hit enter. Unfortunately this doesn’t work in GNOME on Wayland.
So it will be only Systemd
what? no. did you read the linked post? Some desktop environments will have more functionality and work better if you do use it, but (for now, at least) you can still run even GNOME under OpenRC if you want.
The only thing I want that I don’t have right now is horizontal monitor splits for vertical monitors.
You can do that with this shell extension (which is the upstream of Ubuntu’s “gnome-shell-extension-tiling-assistant” package, which on Ubuntu is installed by default and called “Ubuntu Tiling Assistant” in the GNOME Extension manager).
Can containers boot on their own? Then they are hosts, if not they are guests.
It depends what you mean by “boot”. Linux containers are by definition not running their own kernel, so Linux is never booting. They typically (though not always) have their own namespace for process IDs (among other things) and in some cases process ID 1 inside the container is actually another systemd (or another init system).
However, more often PID 1 is actually just the application being run in the container. In either case, people do sometimes refer to starting a container as “booting” it; I think this makes the most sense when PID 1 in the container is systemd as the word “boot” has more relevance in that scenario. However, even in that case, nobody (or at least almost nobody I’ve ever seen) calls containers “guests”.
As to calling containers “hosts”, I’d say it depends on if the container is in its own network namespace. For example, if you run podman run --rm -it --network host debian:bookworm bash you will have a container that is in the same network namespace as your host system, and it will thus have the same hostname. But if you omit --network host from that command then it will be in its own network namespace, with a different IP address, behind NAT, and it will have a randomly generated hostname. I think it makes sense to refer to the latter kind of container as a separate host in some contexts.
You main OS is called the host and the container is called the guest
The word “guest” is generally used for virtual machines, not containers.
I considered putting logos of some of the many more user-friendly pre-ubuntu distros in the meme but was lazy.
Debian was intended to be for regular desktop users back then too, though.
What Linux distribution came before Ubuntu that was specifically designed to be user friendly for a non-technical user?
There were a bunch of distros advertising ease of use; several were even sold in physical boxes (which was the style at the time) and marketed to consumers at retail stores like BestBuy years before Ubuntu started.
Here are four pictures of the physical packaging for three of those pre-ubuntu desktop distros designed to be user friendly and marketed to the general public:
Ubuntu was better than what came before it in many ways, and it deserves credit for advancing desktop Linux adoption both then and now, but it was not “one of the first” by any stretch.
there were dozens of others in the 11 years between the first and ubuntu
Anil Dash is posting on threads?! lmao 🤡
Hi, I’m an admin on lemmy.ml. The account of the one existing mod of the session community here has apparently been deleted.
I’ve heard there are some bugs with moderation of remote communities, but, I just made you a mod there anyway. I don’t know the state of those bugs; it might work better if you made an account on this instance.
Btw, I recommend against using Session for a variety of reasons including the one I posted in your thread here.