Damn I love Don Rosa comics.
Is this from the one where they found Croesus' vault to make the amulet from his lucky coin?
Life and Times of Scrooge McDuck is also not only a happy story about him getting rich, but also about becoming lonely and somewhat bitter in the later stories.
Highly recommend reading them, Disney likes sweep them under the rug for whatever reason.
The treasure hunt series (where I think this picture is from) is a bit more light-hearted in nature, but still very good.
Debian is not really the problem, but rather the target, just read the original announcement at https://www.openwall.com/lists/oss-security/2024/03/29/4:
== Affected Systems ==
Running as part of a debian or RPM package build:
if test -f "$srcdir/debian/rules" || test "x$RPM_ARCH" = "xx86_64";then
...
openssh does not directly use liblzma. However debian and several other
distributions patch openssh to support systemd notification, and libsystemd
does depend on lzma.
Initially starting sshd outside of systemd did not show the slowdown, despite
the backdoor briefly getting invoked. This appears to be part of some
countermeasures to make analysis harder.
Observed requirements for the exploit:
a) TERM environment variable is not set
b) argv[0] needs to be /usr/sbin/sshd
c) LD_DEBUG, LD_PROFILE are not set
d) LANG needs to be set
e) Some debugging environments, like rr, appear to be detected. Plain gdb
appears to be detected in some situations, but not others
So if you were using Arch, you were unaffected by this vulnerability because
/usr/sbin/sshdwhich doesn't happen in Arch because they don't patch OpenSSH to support systemd (which in turn pulls in xz).This doesn't mean that Arch saved you because it's super secure or anything, but this was a supply chain attack that hit Arch (and Debian Sid, where the backdoor was actually caught because ssh logins took so long…), but it didn't trigger because it wasn't targeted.
Meaning there's no immediate need to be concerned, but you should update ASAP even though the Arch package probably doesn't contain backdoored artifacts.
Nein! Erwachsene müssen Erwachsenensachen machen! Was hier akzeptabel ist, entscheide ich! Auto als Hobby - sehr gut! In der Kneipe anhängen - sehr reif! Lego bauen - NEIN!
In addition to what was already said - use Firefox instead of anything chromium-based - I think it's equally important to stop using the services offered by big tech companies and not just try to keep using them on our terms. Google wants me to watch a ton of ads on YouTube? Fine, I'll stop watching it. In fairness, on my smart TV, YouTube ads have been what I consider adequate, while Twitch can be a disaster. The alternatives already exist with Peertube and Owncast. Are they perfect yet? Far from it probably but there won't be big improvements if nobody uses it.
Rumors say it might be possible to run Pokemon games without absymal frame rates
Dafür bei Lemmy Inhalt pfostiert, ein wahrer ~~Mehrtürer~~ Märtyrer
There's an interesting discussion about the whole topic on the Phoronix forums about this. Some people claim that removing them and Nvidia's current behavior is a DMCA violation:
It also raises the question why you'd remove checks that only prevent a possible GPLv2 violation if you're not violating GPLv2 anyways as Nvidia claims.
Zudem ist der Heizwert von Braunkohle als der von anderen Kohlearten.
Es ist einer der Heizwerte aller Zeiten 🙃
It's the same for Linux though, if you mount any drive, your user or rather UID/GID needs appropriate permissions to perform any action. Can even happen that you mount a disk with your old home directory somewhere and can't access it because your UID changed between installations (though it's 1000 for most people).
Es ist schon fast Knochenschmerzensaft
Or maybe a Dota-inspired collectible card game? 🙃