/tech/ - Technology

Technology & Computing


New Reply
Name
×
Sage
Subject
Message
Files Max 5 files32MB total
Tegaki
Password
[New Reply]


Internet.jpg
[Hide] (827.5KB, 900x2002)
Discuss /tech/-related news.
What will happen if section 230 is nuked?
>Section 230
Unlikely to be completely removed, but it might be revised as dup's last act or during Biden's term. These hypothetical revisions and what they might change and affect is what should really be discussed. When a businessman tells you something extreme like this, it's always a way to make meeting somewhere in the middle seem like a good option. However, in this case, both options are shit.

If the revisions are serious and make running any interactive service away from tech giants' infrastructure, migrating to alternative protocols like Tor and I2P would be a way out. But as of this moment, no imageboard software compatible with running over a network where a poster's identity is not tied to an IP address exists. There have been some truly autistic solutions proposed, such as Freenet's web of trust. But in my opinion those don't mitigate excessive shitposting but rather clusters people into social bubbles and circlejerks.
Replies: >>414
>>412 (OP) 
Lots of sites got deplatformed by jewflare and hosts already even with section 230 intact. This may scratch FAGMART just a bit, for their formidable army of lawyers. It will take more than that for the government to end the power of them. By then, the government will do the censoring.
>>413
Freenet is compromised. Not advisable for anything dangerous.
Replies: >>419 >>2073
>>414
>Freenet is compromised
While that is true, I only mentioned its web of trust system that can be implemented outside of it.
>Lots of sites got deplatformed
That's not what section 230 protects you against. A platform is not responsible for the content its users post, barring illegal things with the Good Samaritan provision. So, as things are right now, if someone spams CP on your board, you are not liable for hosting CP provided your remove the offending material in a timely manner (see the provision). With it gone, you are now a lot more liable. By which I mean you will have to shovel a lot more shekels into the pockets of lawyers to get you out of it without an easy law such as section 230. So when you say
>This may scratch FAGMART just a bit
think about how hard that will scratch anyone that isn't.
>By then, the government will do the censoring
It's a very bold assumption on your part that FAGMART don't already operate together with government entities.
Replies: >>421
>>419
>That's not what section 230 protects you against.
Yes. It is already bad enough now. See 8ch, somebody uploaded a Word manifesto and site is nuked. What difference does it make without section 230 anyways? If I doddle up a 0-day word docs, this site is kill in a too.
>FAGMART don't already operate together with government
Of course they are one. But even they have infighting among themselves, for they are not one person. United they exploit the goyims, but not so much on power and profits. This is why there is still room for goyims to make use of this power struggle again (((them))).
Replies: >>422
>>421
in a *day too
Does nobody here remember what happened to Backpage? That entire site being taken down and its operators arrested for the content users posted proves that section 230 never meant much.

Later they changed the law with FOSTA-SESTA which goes to show that they'll do whatever they want and change the law afterwards. Anyone who complains about about ex post facto laws must be a pedophile. That the owners of Backpage won awards from law enforcement for helping to fight sex trafficking and commendations from sex worker groups for helping make their job safer prior to being targeted doesn't matter.

Right now they're trying same thing against pornhub and they'll probably succeed.
Replies: >>475
The CentOS Project Just Committed Suicide
>In shocking news the CentOS project announced today that are shifting their Linux distribution to be based on the beta (non-stable) branch of Red Hat Enterprise Linux, rather than the stable branch. And that they are terminating CentOS 8 updates at the 31st of December, 2021.
https://fosspost.org/centos-project-suicide/
https://archive.fo/2IRSU
Replies: >>474
ShitOS.jpg
[Hide] (3MB, 4128x3096)
>>473
Since CentOS killed itself, I'll post this.
cr020camlc361.png
[Hide] (74.3KB, 773x891)
>>423
>Right now they're trying same thing against pornhub and they'll probably succeed.
And as of yesterday unverified accounts aren't allowed to post any content to their site. It may take awhile but eventually unverified accounts won't be able to access any content on that site.

Pornhub is typically in the list of 10-15 most popular websites on the internet. This is big news.
Replies: >>476 >>537
>>475
Is there a way to make an alternative internet? I recall some sort of messaging service that used some sort of radio and required about $50 of equipment, it was open source but I forget what it was called. Though I believe it relied on bouncing signals around and unless there was at least one every X kilometers it wouldn't work. At the time I didn't pay it any mind but now I think it's worth researching.
Replies: >>480 >>481 >>902
>>476
What makes the current internet good is how ubiquitous it is. You can even make obfuscation protocols and additional routing networks on top of it thanks to that. You are talking about radiowave-based meshnets, which are mostly an enthusiast thing. This means you won't even get what little anonymity we have at the moment, not to mention other things such as triangulation of sender based on said air waves and how in a lot of countries an absolute majority of radio bandwidth is regulated very strictly, to the point of encryption being illegal.
>>476
Encryption is illegal in some countries for HAM.
Launching a diy satellite may be cheaper if a large number of users fund it together. With enough of those, a completely free internet is possible. Before (((them))) shut it down.
Replies: >>487
>>481
Is it illegal in burgerland?
Replies: >>537
1607961331560.png
[Hide] (71.1KB, 1619x438)
>>475
And a few more days later they've now removed access to most of their videos, saw this on /g/. Both Visa and Mastercard have stopped doing business with them.

Was wrong about the rankings as they shot up to 7th position in the last few months. I can see the exact same thing happening to Reddit in a few years.

>>487
It's illegal for a good reason. Corporations would hog all the bandwidth that's made available to the public for their own private use if it wasn't.
6f411fcbecd9f2816a4762dad14b6bf87d4ad58414ded198f7b88cb765f10281.png
[Hide] (204.8KB, 650x367)
Since the Linux gaming thread on /v/ is bump locked figured I'd just post news here.

Linux 5.11 Supports The OUYA Game Console, Other New ARM Hardware Support
>Support is finally mainlined for the NVIDIA Tegra powered OUYA Game Console. As reported a few months ago, the OUYA game console has been seeing mainline support work and with Linux 5.11 can now handle the mainline kernel tree. But your mileage will still be limited as the hardware is rather low-end by today's standards and making use of Tegra graphics.
https://archive.fo/KfNpW
https://www.phoronix.com/scan.php?page=news_item&px=Linux-5.11-ARM-Changes
Replies: >>1607
github.com/Chocobozzz/PeerTube/releases/tag/v3.0.0
PeerTube v3 released with P2P livestream support.
Replies: >>766
>>745
Is it easy enough to stream from android? Can people film their suicide in peace now?
>It's illegal for a good reason. Corporations would hog all the bandwidth that's made available to the public for their own private use if it wasn't.
What?
71f50076754c5252e7c18b6fc75bd3bc0d9eed5507ee8b0ecf0593f5f633a4b5.jpg
[Hide] (67.2KB, 481x368)
Windows 10 bug corrupts your hard drive on seeing this file's icon
>An unpatched zero-day in Microsoft Windows 10 allows attackers to corrupt an NTFS-formatted hard drive with a one-line command.
https://www.bleepingcomputer.com/news/security/windows-10-bug-corrupts-your-hard-drive-on-seeing-this-files-icon/
https://archive.fo/QKkbE
https://web.archive.org/web/20210115221201/https://www.bleepingcomputer.com/news/security/windows-10-bug-corrupts-your-hard-drive-on-seeing-this-files-icon/
libressl.jpg
[Hide] (18.8KB, 599x192)
Gentoo Linux to discontinue LibreSSL support
>Starting 2021-02-01, Gentoo will discontinue supporting dev-libs/libressl as an alternative to dev-libs/openssl.  While it will still be possible for expert users to use LibreSSL on their systems, we are only going to provide support for OpenSSL-based systems.  Most importantly, we are no longer going to maintain downstream patches for LibreSSL support -- it will rely on either package upstreams merging such patches themselves, or LibreSSL upstream finally working towards better OpenSSL compatibility.
eselect news read new
Replies: >>901 >>902 >>1850
>>894
Wow that's gay.
> However, since then OpenSSL development gained speed and the original reasons for the fork no longer apply.
As if.
Replies: >>902
>>476
Get a HAM license and packet radio without encryption

>>894
>>901
This sucks. 
>https://wiki.gentoo.org/wiki/Project:LibreSSL
Do you know if the libressl overlay (layman --add libressl) just werks? If not, I am probably going back to OpenSSL (and disable tls-heartbeat, zlib and sslv3 USEflags and compile with -fstack-protector-all and -fstack-clash-protection)
Replies: >>1850 >>2055
>HAM
it's either ham or amateur radio. HAM isn't an acronym, and therefore doesn't exist.
Where can I get decent hardware news and speculation videos now that the faggot at adoredtv gave up? I tried looking around for a similar channel, but all of the ones that I encountered were homoerotic.
Replies: >>1015 >>1025 >>1295
.png
[Hide] (165.9KB, 330x280)
>>1014
>all of the ones that I encountered were homoerotic
That's the future lad. You can either become part of it, or get left behind.
Replies: >>1016 >>1025
>>1015
I don't want to hold hands! I just want /tech/!
>>1015
This.
>>1014
>jewtube
>video
Read a book, faggot. Video sucks.
Replies: >>1270
>>1025
>MUST BOOKS
You're retarded that's for sure.
Replies: >>1282 >>1484
>>1270
>strawman
>t. can't read
Replies: >>1295
child.jpeg
[Hide] (461.4KB, 2048x2731)
>>1282
You're the one strawmanning in this case. You've said that a bundle of papers is better than a bunch of frames connected as a single linear group which is refutably illogical for one what is the book and the video? >>1014 Said that the videos he wanted is about /tech/ related but you only cited about books as in books in general thus making your point to be off-topic at all. Anyways here's an Off-topic picture just to add space on the servers.
Replies: >>1313
>>1295
>no u
>what is strawman
>t. can't read
Replies: >>1314
>>1313
Yeah you're the nigger in this situation since from the start no need to continue this bullshit.
Replies: >>1315
>>1314
<where can I get good pajeets
>pajeet sucks, don't
<shieeet can't read
<don't continue, bump
Learn to read nigger. Video sucks. Not only are you feeding into the jewtube algorithms, you directly beaming in (((recommended))) brain cancer. Low info density lead to dependencies on cdn and hdd jews. Compression and encoding lead to (((modern))) processor and hwaccel demand. Fucking motherfucker, you can't even play shit smoothly on a Core 2 duo. New formats don't have hwdec on otherwise perfectly working old machines. 6 million (non-free) formats requires specialized software and maybe hardware to playback. There is no indices to skim on. 99.9% is filler shit to be skipped. In fact nearly all those video crap can be understood in articles shorter than your erect pencil. You can't easily adjust the information absorption rate, like the cuck you are, let the video brainfuck your non-existent will into yet another npc.
You are a nigger. You are the blackest fucking gorilla nigger.
Replies: >>1452
>>1315
>Buzzwords the Post
Also what hardware are you using? Must be a sweet potato not an Irish one.
Replies: >>1454
>>1452
T400
>>1270
Normalfags are not allowed in this board. Get out.
https://github.com/rms-open-letter/rms-open-letter.github.io/blob/main/index.md
>Richard M. Stallman, frequently known as RMS, has been a dangerous force in the free software community for a long time. He has shown himself to be misogynist, ableist, and transphobic, among other serious accusations of impropriety. These sorts of beliefs have no place in the free software, digital rights, and tech communities. With his recent reinstatement to the Board of Directors of the Free Software Foundation, we call for the entire Board of the FSF to step down and for RMS to be removed from all leadership positions.
Replies: >>1560
>>1559
they can all burn for all i care. Stallman is a cancer but not for the reasons they listed. FSF hasn't won any significant ground in a decade, as we've seen with all the big corps curbstomping everyone into submission. Nobody even knows what a Linux is, just cattle with candy crush and a gorillion toolbars.
Replies: >>1563
Supreme Court rules Google's use of Oracle's Java API was "fair use"
While it was a case of both companies being shit, I certainly wouldn't want to see APIs suddenly become copyright hell to the point where you can't use any of them without exorbitant license fees.
https://archive.vn/8kcbI
Replies: >>1562 >>1565
>>1561
I agree but it's ironic considering Youtube has effectively killed all forms of media "fair use" on their platform.
>>1560
>FSF hasn't won any significant groun in a decade
This. But how much can it be attributed to Stallman? He is old. Not denying that accepting trannies and fags in FSF is a terrible move, but the opponents aren't slacking off the slightest at their attempt to subvert and undermine free software. Especially when this whole SJW rainbow fag shit smells a lot like wooden oven jailbreakers.
>>1561
They only said it's fair use and pussied out of putting the ban hammer on copyrighted APIs in general. To be continued the next time some jewish retard wants to sue I guess.
>>559
>>Support is finally mainlined for the NVIDIA Tegra powered OUYA Game Console
This is like painting a house with no floors; what's the fucking point?
>>412 (OP) 
I'd like to see an updated version of that image.
Will they add Rust support into Linux kernel?
https://lkml.org/lkml/2021/4/14/1023
https://github.com/Rust-for-Linux
>>1691
I am already masking >=x11-themes/adwaita-icon-theme-3.32.0. Please have mercy, not my kernel.
Replies: >>1710
>>1691
>hey let's add a beta status vendor-controlled language with next to no platform support to the kernel
Lol. Linux is really going down the shitter.

>>1708
I think I had to add a local version of that because GTK2 depends on it and the theme depends on GTK3. Does it seriously depend on Rust now?
Replies: >>1725
>>1710
adwaita-icon-theme depends on librsvg, where >gnome-base/librsvg-2.40.21 is rusted.
>>1691
is rust an inside joke or something at mozilla, 
its a """solution""" to problems you only get with retard bad code, soydevs literally blaming C/C++ for not knowing how to multithread or malloc properly and then saying its the compilers fault, 
also valgrind makes rust obsolete
Replies: >>1738
>>1735
>its a """solution""" to problems you only get with retard bad code
By that logic 99.999% of all C or C++ code ever written is retard bad code. Including yours.
Replies: >>1752
https://cock.li/register

>Registration is currently closed on cock.li. When registration is brought back, it will be on an invite-only basis.
>This decision was made to deter the multiple governments who have been using cock.li for e-mail for their foreign intelligence activities. While we're flattered to have shitposted hard enough for glowies to enjoy, their activities place the rest of us at risk, and so we'd like to discourage their use of the service.
>When invites are enabled, registration will no longer record your IP address or any other information previously used to prevent bulk registration. This solution provides the most privacy benefit to our users while discouraging abuse, especially from state actors.
>In the meantime, we will be continuing upgrades of our infrastructure to provide a more resilient and reliable service to our existing users.

So this means cock.li is compromised, right? Invites are piss easy to bypass for governments when you have such a large userbase, so it doesn't actually do what it's claimed to do. Since a single user could just (wait out the grace period and) invite anyone for free, the invite graph will have to be stored indefinitely, which makes for way juicier metadata than IP addresses ever did. "The most privacy benefit" my ass.
>>1738
made no sense
C is a real abstraction of assembly  and C++ is a real superset, rust is neither, its just C++ but gimped with artificial limitations to prevent retards from doing stupid things, like not allowing null pointers, theres literally no reason other than to stop kiddies from corrupting memory with retard code,  using rust is like saying "I cant code in C, give me training wheels pls"
Replies: >>1753 >>1755
>>1752
>like not allowing null pointers
h-how do Rust trannies use pointers as booleans then?
>>1752
>C is a real abstraction of assembly
>C++ is a real superset
>its just C++ but gimped with artificial limitations
All of this is wrong, the only retard here is you.
>noo don't assist with writing correct code, how will i prove my 1337 h4x0rdom if I can't do inane shit manually
Go build an Eiffel tower out of toothpicks or something.
Replies: >>1757
>>1755
nice way to expose your ignorance, rust loser  
youre clearly too stupid to even know why anyone would still code with a 50+ year old language because you obviously dont even know C sytle 
C lets you do things other languages automate in the compiler,  thats the whole point, the only reason someone would be using C in the first place is for a stupid high degree of manual control on the compiled code, which means rust has zero usecase , not for control freaks and not for retards who want abstract pseudocode, and C is so old now that theres so many debugging tools, you have to be an absolute retard to end up with leaks
>>894
Gentoo has been getting more gay by the day.
How many things have they unnecessarily dropped support for now? It's like a day doesn't go by without me seeing something dumb getting masked or removed outright.
>>902
I thought gentoo had finally gotten to the point where the libressl overlay was no longer needed but it seems i'm wrong.
Fucking hell.
Replies: >>1852 >>1867
>>1850
Yeah I feel you, Gentoo has been taken over by saboteurs for a while now. My favorite was when a few years ago they did some dumb bikeshedding over X11 header packages and silently edited every single ebuild that depended on X11 without a build revision, even though that's exactly what these are for. Was really fucking great because I had to freeze mesa with the old dependencies for a while due to driver issues. They also remove support for """old""" EAPIs insanely fast now. Want to use an overlay for musl/libressl-specific patches? Fuck you, EAPI is already too old.

Bunch of parasitic fucktards trying to justify their "job".
>>1850
gentoo?
more like stench2 lmao!

I only use [ grub + raw linux-kernel ] and I am [ never been happier ]
Replies: >>2054
>>1867
This speaks bait.
>>902
Late reply but I've been using the overlay (or rather, the repo using eselect repository) for a while now and had no issues. It provides a dev-libs/openssl that is secretly libressl under the hood. Worth mentioning that I don't have anything Qt installed though, that was always an annoyance with libressl back in the day.
Replies: >>2056
>>2055
Did you have to patch ebuilds to get packages working? Otherwise, glad to know the overlay is still well maintained. Wait for the next heartbleed and libressl will be moved back to the main repo.
Replies: >>2057
>>2056
No, absolutely no patching so far. The only thing I had to do was disable the system-ssl USE flag on nodejs to use the bundled openssl instead. That was when I tried (and failed, but for musl-related reasons, not libressl) to build rust and firefox, as nodejs is a build time only dependency for the latter. I honestly shudder to imagine why the flying fuck it's bundling its own copy of openssl to begin with, but I didn't care too much because it was only for the build.
Replies: >>2191
>>414
>Lots of sites got deplatformed by jewflare and hosts already even with section 230 intact. This may scratch FAGMART just a bit, for their formidable army of lawyers. It will take more than that for the government to end the power of them. By then, the government will do the censoring.
I'm sorry, but they are private companies. They can do what the fuck they want.
Replies: >>2076
>>2073
Where do you think cuckflare gets all the money for servers and bandwidth from???  They're a government front, just like google.  But they're separate from the government so they dont' have to answer to anyone by law.
>>2057
Well, this held out for a whole week. Just today I upgraded Python to 3.9.5_p2, and behold, pointless breakage due to 1.1.0 features: https://github.com/python/cpython/commit/9ad46f9ec1ca757050ed4095925cdf5f4e8ef9fc
Note the @SECLEVEL, which seems to be a typical OpenSSL pitfall feature whose only useful purpose is breaking compatibility if https://github.com/openssl/openssl/issues/5760 and https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_get_security_level.html are anything to go by. Level 2 allows TLS 1.0 while level 3 requires at least 3072-bit RSA, what the actual fuck are these settings? Who in their right mind would ever use level 5? Patch is below if you want it. I'm pretty sure @SECLEVEL=2 doesn't actually have an effect for this cipher list in the first place but I replaced it with !LOW:!MEDIUM just in case. Shit like this reminds me why I'm using LibreSSL.
possible language: c++, relevance: 6
--- a/Modules/_ssl.c
+++ b/Modules/_ssl.c
@@ -318,1 +318,1 @@
-  #define PY_SSL_DEFAULT_CIPHER_STRING "@SECLEVEL=2:ECDH+AESGCM:ECDH+CHACHA20:ECDH+AES:DHE+AES:!aNULL:!eNULL:!aDSS:!SHA1:!AESCCM"
+  #define PY_SSL_DEFAULT_CIPHER_STRING "!LOW:!MEDIUM:ECDH+AESGCM:ECDH+CHACHA20:ECDH+AES:DHE+AES:!aNULL:!eNULL:!aDSS:!SHA1:!AESCCM"
news??
more like SHNEWS!!

Warning: Low quality shitposting will be met with DELetion. Otherwise, shitposting is allowed but try not to derail threads.
Last edited by wizard
>>412 (OP) 
I've only read few little parts long time ago but isn't that the one where they could even swat your ass for using smokey bear or uncle sam on a meme? modifying the image and publishing it is punishable (or even as simple as copying the iconic pose)? If I remember correctly.
So, in the end, USA is just going to be China?
I wouldn't be surprised the __ picked the most effective (china) politics in the end.
Politics around the world were just a game among their blood line, a race to find the best way to control the masses and that race finally ended in 2019. Wonder why some blood line are scattered around the world doing their own thing, being handlers of different nations, it's a game.

Also, it's already a promise, now that the newer processors have some kind of drm-like system that would tag stuff you made with your unque cpu identification (assuming in a proprietary OS).
I guess they just don't want civilians using memes or making any propaganda by any means (meanwhile small guy agent in foreign division can just relentlessly publish psychological warfare materials and destroy your webring/ib with AI-generated content that violates US laws and causes all your servers to be seized by law until the whole world becomes assimilated by the one world ideology, living in a reality worse than dystopian fiction).

Of course, these are all just LARP, and you should beleive. Online anonymous discussions are harmless, and is not in any way considered as threat by them for their future endeavors and the assimilation of your reality.
ProtonMail  glows in the dark
>https://arstechnica.com/information-technology/2021/09/privacy-focused-protonmail-provided-a-users-ip-address-to-authorities/
ProtonMail removed “we do not keep any IP logs” from its privacy policy
Replies: >>2982
>>2977
To the surprise of absolutely nobody with a brain. When somebody advertises "encrypted email", run for your life. It's impossible for the server to guarantee this; the most you get is a shitty javascript-based pseudo PGP in the browser with vendor lock-in, and if that is the case, why are they not advertising it as such? The answer is: Because they're a honeypot fishing for retards. It's honestly depressing how many people even here fall for this kind of privacy-branding.
Replies: >>2983
>>2982
It's strange anyone would use that for anything other than dummies and semi-permanent throwaways.
Replies: >>3026
OpenSSL version 3.0.0 released
>https://wiki.openssl.org/index.php/OpenSSL_3.0
>https://mta.openssl.org/pipermail/openssl-announce/2021-September/000208.html
OpenSSL switched to the Apache License 2.0, low level APIs are deprecated. Added implementation of the Certificate Management Protocol (CMP, RFC 4210) also covering CRMF (RFC 4211) and HTTP transfer (RFC 6712). The function code part of an OpenSSL error code is no longer relevant and is always set to zero. Related functions are deprecated. etc, etc

Alpine linux is going to deprecate sudo (they are going to use doas instead)
>https://alpinelinux.org
>https://ariadne.space/2021/09/07/bits-relating-to-alpine-security-initiatives-in-august/
Replies: >>2987 >>2989
sudo-sandwich-logo.png
[Hide] (182.5KB, 1370x1530)
>>2986
Happy to see more people switching from the unsettling toast to doas.
Replies: >>2989
>>2986
>>2987
What's the difference?
Replies: >>2991
>>2989
doas originates from OpenBSD (https://man.openbsd.org/amd64/doas) doas is even easier to configure than sudo (https://man.openbsd.org/doas.conf.5) sudo is more bloated. sudo has had more security vulnerabilities (https://www.sudo.ws/security.html)
>>2983
Still better than running it by yourself to be honest.
https://web.archive.org/web/20210923101318/https://www.theverge.com/22684730/students-file-folder-directory-structure-education-gen-z
Gen Z can't into folders.
Replies: >>3190 >>3213
>>3187
I haven't seen it actually happen because I don't interact with zoomers, but I predicted this. As soon as portable tracking devices began to spread like a plague during the early 2010s, and I saw that kids were using them, and saw that it was basically dumbed down technology for idiots, I knew for certain the kids would become absolute morons and never learn how to use computers, and that in the future, a bunch of retards would want to create software but not even know how to fucking type, and have no clue at all about how anything works. I don't actually know that, but I'm absolutely sure that this has happened and that it will get worse. I'd be shocked if there wasn't a decline in competence with technology from gen Y to Z, there's just no way.
Replies: >>3198 >>3211
>>3190
Good more jobs for me.
>>3190
It's probably the result of many schools issuing "chromebooks" and tablets, instead of providing access to traditional PCs. Everything's saved to Google instead of the local device.

Colling’s courses now include a full two-hour lecture to explain directory structure.
That sounds really stupid. If someone can't understand the concept of organizing stored objects, in short order, can you really refer to them as "smart".
Replies: >>3214
Forgot to add, remember this?
/watch?v=pI-iJcC9JUc

Big Tech is the enemy.
>>3187
That has to be a fake story, gas-lighting, or greatly exaggerating the situation. It could be believable if there's some ignorance, like not knowing the save icon is a floppy disk, but if you explain that a floppy disk was historically used to store files, and they give you a blank stare while drooling slightly...
Replies: >>3323
983.jpg
[Hide] (77.7KB, 1000x669)
>>3211
You really can't. I think it should be pretty clear to see that society is making people incredibly stupid. Even retarded literal boomers in my family, with IQs that must be barely in the 90s if not in the 80s, understand directories, and they never figured out how to minimize and maximize windows (or that tabs exist, in web browsers), even after using computers for at least almost 30 years. Even they comprehend that concept and have directories for their files, so imagine the damage that has been done to the zoomers and what is being done to the next generation. The next generations are going to be Agenda 2030 incarnate. Completely mentally enslaved bug people that are incapable of making decisions or doing anything.
7800dec00bba7ac6f89161d048f20a0439d54eb6e8537ed01d3c4ca2cd27d40b.png
[Hide] (1.9MB, 1449x1413)
Tab Unloading in Firefox 93
>Starting with Firefox 93, Firefox will monitor available system memory and, should it ever become so critically low that a crash is imminent, Firefox will respond by unloading memory-heavy but not actively used tabs. 
>On Windows, out-of-memory (OOM) situations are responsible for a significant number of the browser and content process crashes reported by our users. 

>On Windows, Firefox gets a notification from the operating system (setup using CreateMemoryResourceNotification) indicating that the available physical memory is running low.
>The threshold for low physical memory is not documented, but appears to be around 6%. Once that occurs, Firefox starts periodically checking the commit space (MEMORYSTATUSEX.ullAvailPageFile).
>When the commit space reaches a low-memory threshold, which is defined with the preference “browser.low_commit_space_threshold_mb”, Firefox will unload one tab, or if there are no unloadable tabs, trigger the Firefox-internal memory-pressure warning allowing subsystems in the browser to reduce their memory use. 
>The browser then waits for a short period of time before checking commit space again and then repeating this process until available commit space is above the threshold.
>On Windows, allocations fail and applications will crash if there is low commit space in the system even though there is physical memory available because Windows does not overcommit memory and can refuse to allocate virtual memory to the process in this case. In other words, unlike Linux, Windows always requires commit space to allocate memory.
https://hacks.mozilla.org/2021/10/tab-unloading-in-firefox-93/
Replies: >>3318
>>3313
>webshits are reimplementing swapping now instead of fixing their memory bloat
Holy shit make it stop, Firefox is not my fucking operating system. Taking bets: Will they reimplement Linux's retarded OOM softlock too?

>On Windows, allocations fail and applications will crash if there is low commit space in the system even though there is physical memory available because Windows does not overcommit memory and can refuse to allocate virtual memory to the process in this case. In other words, unlike Linux, Windows always requires commit space to allocate memory.
Gotta love how they make this sound like a bad thing when it's actually one of the few things Windows does better than Linux because it means Windows programs can handle OOM situations properly. You can enable strict commit checking on Linux with vm.overcommit_memory=2, but there is no low memory signal, so you only get failing allocations; sometimes in an innocent program rather than the bloatmeister who caused it.
Replies: >>3321
>>3318
Linux has mechanisms for low memory notification. Windows is retarded to force applications to do it their way.
https://unix.stackexchange.com/questions/362833/how-to-trigger-action-on-low-memory-condition-in-linux
Replies: >>3322
>>3321
>Linux has mechanisms for low memory notification.
Neat, I didn't know about that one.
>Windows is retarded to force applications to do it their way.
They're forcing you to shit into the toilet, Pajeet. Blindly rubberstamping allocations by default and then going "oops, too much" an hour later when there is no more possible error handling besides SIGKILL is a mega retard idea and only there because of the design mistake that is fork. The supposed RAM savings can be achieved with swap space or general debloating, without sacrificing the reliability of the entire box.
Replies: >>3324
>>3213
Phones try to hide the file structure as much as possible. Imagine if you only ever used a phone. No laptop no desktop. All the media you have is just for consumption. It's ethereal and doesn't need to be saved.
>>3322
Sounds like Windows the nanny os is trying to fix problems with bad software.
>no more possible error handling besides SIGKILL
Now the OS needs to be communist as well? Killing retards who hoard memory until really necessary sounds simple and effective.
Replies: >>3325
>>3324
The error handling is in the well-written programs you tard. The reason people get away with ungraceful crashes on OOM is because overcommitting makes anything else impossible. The OOM killer will happily shoot the wrong process too, I've had this happen to me repeatedly. Your "simple and effective" thing is absolute gorilla nigger tech.
Replies: >>3326
>>3325
Never had the OOM killed shot the wrong stuff on my end, what version and config of kernel?
>well-written programs
So can any program that uses low memory notification in Linux. It just didn't force programs to follow it.
Replies: >>3327
>>3326
Probably because your problematic process was coincidentally the biggest memory hog at the time. This isn't always true and the OOM killer will still shoot innocents in that case today. This is a fundamental problem, the kernel can't magically intuit who's the real culprit.
>So can any program that uses low memory notification in Linux. It just didn't force programs to follow it.
Windows doesn't force you to listen to this notification either. What it does do is tell userspace the truth about available memory - something that Linux doesn't do, thereby breaking the inferior but portable way to deal with low memory situations. This is the thing that needs justification. By the way, if "windows > linux" triggers you: OpenBSD doesn't do this shit either, precisely because it's insane.
Replies: >>3328
>>3327
>windows > linux triggers me
Never did. Just found windows way kind of stupid.
>OpenBSD doesn't do this shit, precisely because it's insane
OpenBSD won't allocate memory when memory usage reaches a certain amount? Can you tell me more?
Replies: >>3331
>>3328
>OpenBSD won't allocate memory when memory usage reaches a certain amount?
Technically true due to default resource limits, but that was not what I thought I remembered. Of course it supports overcommitting because it has fork. Well, it's not an important point since you weren't doing it for fanboy reasons.
https://archive.md/ii4fs
https://plusnigger.autism.exposed
>+NIGGER License
>About
>The +NIGGER License is a license modifier that requires the inclusion of the word "NIGGER" in the LICENSE file.
>Why?
>By including the word "NIGGER" in a LICENSE file that must be distributed with the software you will ensure:
>>The software will not be used or hosted by western corporations that promote censorship
>>The software will not be used or hosted by compromised individuals that promote censorship
>>Users of the software will be immune to attacks that would result in censorship of others
>How?
>Include the following text in any compatible LICENSE file:
>The above copyright notice, this permission notice and the word "NIGGER" shall be included in all copies or substantial portions of the Software.
I will add jew, chinks, fags and YWNBAW in my version.
>>3417
Funny and practical. Pretty sure that I had an idea like that before. The enemy has given that word so much power can you can immediately defeat them with it.
lole.jpeg
[Hide] (358.6KB, 752x752)
>>3417
>I will add jew, chinks, fags and YWNBAW in my version.
Don't forget to add +CUNNY as well.
>>3417
This would be fun to include in an anon project but I see no use for it in everyday life. There must be a better counter to the CoC nonsense than putting nigger in a license.
Replies: >>3469
>>3459
>reject coc, roll your luck on the don't get cancelled game
>stay anonymous
pick one for any famous project
Go 1.18 will finally have parametric polymorphism generics!
>https://github.com/golang/go/issues/48918
>https://groups.google.com/g/golang-dev/c/iuB22_G9Kbo
Replies: >>3478
>>3477
Can't wait for the eternal stockholm syndrome sufferers to explain to me how the generics that were so useless and would have ruined Go for ten years are actually suddenly the best thing about Go. This language really is some kind of performance art about Blub.
Compilers have a vulnerability regarding Unicode and bi-directional text
The bug is in the Unicode spec
>https://www.trojansource.codes (remember to download the paper.)
>https://krebsonsecurity.com/2021/11/trojan-source-bug-threatens-the-security-of-all-code/
>https://nvd.nist.gov/vuln/detail/CVE-2021-42574


>https://github.com/nickboucher/trojan-source
<We present a new type of attack in which source code is maliciously encoded so that it appears different to a compiler and to the human eye.
<This attack exploits subtleties in text-encoding standards such as Unicode to produce source code whose tokens are logically encoded in a different order from the one in which they are displayed
<We present working examples of Trojan-Source attacks in C, C++, C#, JavaScript, Java, Rust, Go, and Python.


>https://www.openwall.com/lists/oss-security/2021/11/01/1
<The Rust Security Response WG was notified of a security concern affecting
<source code containing "bidirectional override" Unicode codepoints: in some
<cases the use of those codepoints could lead to the reviewed code being
<different than the compiled code.
<
<This is a vulnerability in the Unicode specification, and its assigned
<identifier is CVE-2021-42574. While the vulnerability itself is not a rustc
<flaw, we're taking proactive measures to mitigate its impact on Rust
<developers.
<
<## Overview
<
<Unicode has support for both left-to-right and right-to-left languages, and to
<aid writing left-to-right words inside a right-to-left sentence (or vice versa)
<it also features invisible codepoints called "bidirectional override".
<
<These codepoints are normally used across the Internet to embed a word inside a
<sentence of another language (with a different text direction), but it was
<reported to us that they could be used to manipulate how source code is
<displayed in some editors and code review tools, leading to the reviewed code
<being different than the compiled code. This is especially bad if the whole
<team relies on bidirectional-aware tooling.
>>3510
Forgot https://nvd.nist.gov/vuln/detail/CVE-2021-42694
>>3510
lel, we used to abuse that shit to bypass wordfilters in video games. But don't forget goy, you MUST support Unicode or you're unmodern and probably a racist as well.
>>3510
>tfw compilers can't triforce
>>3510
Are normalfags finally going to switch back to ASCII?
Replies: >>3515 >>3516
>>3514
No way, are you implying they will give up their emojis?
>>3514
Haha no, they're going to add stupid blacklists that need to get updated every time Unicode comes up with some new glyphs that fuck with the naive reader. The normalfag will NEVER reduce complexity.
ClipboardImage.png
[Hide] (1.2MB, 1880x969)
Nopyright/nopy shut down after payment processors blocked their account.
this is probably old news
Replies: >>3561 >>4033
>>3510
Found a related blog post: https://certitude.consulting/blog/en/invisible-backdoor/
>>3550
Just run ads like any normal person. Any sucker who doesn't know ad block or auto link grabber would have to suffer. I remember one proudly proclaimed they would not insert ads on their pages even if the site has to be shut down because it's immoral doing so. Cringe, like grow the fuck up. Who gives a fuck you stupid niggers?
Replies: >>3562
>>3561
>I lack the ability to read and understand text, here is my opinion about a issue that noone talks about, also you are stupid if you disagree.
Literally read the fucking text, retard. Noone cares about how cool [email protected] you are by shit you compiled from github.
Replies: >>3564
>>3562
Lol shut your mouth flossfag, your opinion is worthless.
Replies: >>3565
>>3564
>flossfag
Where do you think we are?
Internet has already become a platform TV. Even if you look at torrent traffic there was way more original content distributed, now it mostly is "siterips". The best what internet could provide is not content tbh but ability of easy, cheap and secure communications. Now look that communications were the first thing attacked by corpos killing it's decentralized independent nature in favour of "social platforms" and messengers you don't control. No surprise it was easy since normalcattle is technically illiterate and will suck corpo dick without remorse. How much people you actually talk to the right way?
1454393064775.gif
[Hide] (55.1KB, 700x921)
>Lainspergs recreate an imageboard from SEL in Common Lisp (https://github.com/ad044/nmebious)
>instance goes up
>someone posts ASCII art of Hitler
>site instantly crashes
Replies: >>3827
>>3417
>implying that one of you faggots would ever actually make something worth using
Wipe_this_Meme.webm
[Hide] (429KB, 640x360, 00:06)
>>3571
>still using any form or dialect of Lisp
>in 2021
I would sooner use Rust, God forbid.
>>3827
Use golang
mr_big.png
[Hide] (35.5KB, 580x640)
>>3827
>still using any form or dialect of Rust
>in 2021
I would sooner use C, God forbid.
>>3827
What's the matter, boy, too stable for you? Enjoy jumping from shitlang to shitlang every five years.
Replies: >>3873
>>3827
>rust
Install gcc-ada or gnat-GPL

>>3872
this
Replies: >>3904
>>3873
>ada
Anyone who recommends this overengineered piece of shit on the internet has never been forced to use it. Only the cocksucking illuminati boomers in the DoD think it's a good language. Normal people in "safety critical" industries (automotive, civilian aviation, manufacturing) just come up with safe subsets and guidelines for languages designed to be used by normal people and not the mind-raped mkultra slave caste. I would rather be tormented by trannies while chained in an "Open Office" writing webapps in Rust than EVER use ada again.
>>3904
plx greentext, I am planning to learn it.
>>3904
>Rust
Why Rust is better than Ada?
>>3904
>Normal people in "safety critical" industries (automotive, civilian aviation, manufacturing) just come up with safe subsets and guidelines for languages designed to be used by normal people
Because it's easier to find C++ programmers. Has little to do with the quality of the language.
>>3510
holy shit its NOCOM all over again except this time its IRL not in minecraft

>>3550
kek all of the games i got on f95zone works in a VM (i feel guilty i hope god does not smite my laptop power brick one night)

>>3904
haha assembly language go brr i does not have any CoC bullshit and blackhat crack/warez groups love it so much
(craft by lft is a great example of this) its soo efficient they managed to make it 4 minutes despite only having 8kb of storage

RIP win-raid is closing hopefully they archived everything
also lenovo sued for betraying thier home country (no surprise since they support lgbt and lock the wifi cards) https://archive.md/3sume
Log4Shell: RCE 0-day exploit found in log4j 2, a popular Java logging package
On Thursday (December 9th), a 0-day exploit in the popular Java logging library [Apache] log4j (version 2) was discovered that results in Remote Code Execution (RCE) by logging a certain string. Almost all versions of log4j version 2 are affected: 2.0-beta9 <= Apache log4j <= 2.14.1 
>https://www.lunasec.io/docs/blog/log4j-zero-day/
>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228
<Related: https://news.sophos.com/en-us/2021/12/17/inside-the-code-how-the-log4shell-exploit-works/

Log4Shell Update: Second log4j Vulnerability Published (CVE-2021-44228 + CVE-2021-45046)
After the log4j maintainers released version 2.15.0 to address the Log4Shell vulnerability, an additional attack vector was identified and reported in CVE-2021-45046. Our research into this shows that this new CVE invalidates previous mitigations used to protect versions 2.7.0 <= Apache log4j <= 2.14.1 from Log4Shell in some cases. You may still be vulnerable to Log4Shell (RCE) if you only enabled the formatMsgNoLookups flag or set %m{nolookups} when you also set data in the ThreadContext with attacker controlled data. In this case, you must upgrade to >= 2.15.0 or else you will still be vulnerable to RCE. 
>https://www.lunasec.io/docs/blog/log4j-zero-day-update-on-cve-2021-45046/
>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45046
>https://github.com/lunasec-io/lunasec/tree/master/tools/log4shell
Replies: >>4039 >>4040
>>4037
kek, my team and other companies were on fire for this shit. That's what they got for using the pajeet lang.
>>4037
man 2021 coudnt get any crazier first it was covid now our software is catching its own coof as well
>inb4 wannacry 2.0 with hidden time bomb

also offtopic but what is log4net.dll is it the same thing? i found it while checking my cracked game folders
Replies: >>4041
>>4040
Read the cve. https://nvd.nist.gov/vuln/detail/CVE-2021-44228
>Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.
poettering.gif
[Hide] (148KB, 600x400)
Found a fun game: https://github.com/Xylemon/xlennart And other programs... https://cyber.dabamos.de/unix/x11/

Systemd 250 released
systemd-homed now makes use of UID mapped mounts for the home areas. If the kernel and used file system support it, files are now internally owned by the "nobody" user (i.e. the user typically used for indicating "this ownership is not mapped"), and dynamically mapped to the UID used locally on the system via the UID mapping mount logic of recent kernels. This makes migrating home areas between different systems cheaper because recursively chown()ing file system trees is no longer necessary. 

highlights:

        * Support for encrypted and authenticated credentials has been added.
          This extends the credential logic introduced with v247 to support
          non-interactive symmetric encryption and authentication, based on a
          key that is stored on the /var/ file system or in the TPM2 chip (if
          available), or the combination of both (by default if a TPM2 chip
          exists the combination is used, otherwise the /var/ key only). The
          credentials are automatically decrypted at the moment a service is
          started, and are made accessible to the service itself in unencrypted
          form. A new tool 'systemd-creds' encrypts credentials for this
          purpose, and two new service file settings LoadCredentialEncrypted=
          and SetCredentialEncrypted= configure such credentials.

          This feature is useful to store sensitive material such as SSL
          certificates, passwords and similar securely at rest and only decrypt
          them when needed, and in a way that is tied to the local OS
          installation or hardware.

        * A new setting DefaultOOMScoreAdjust= is now supported in
          /etc/systemd/system.conf + /etc/systemd/user.conf that may be used to
          set the default process OOM score adjustment value for processes
          forked off the service manager. For per-user service managers this
          now defaults to 100, but for per-system service managers is left as
          is. This means that by default now services forked off the user
          service manager are more likely to be killed by the OOM killer than
          system services or the managers themselves.

        * The per-user service manager learnt support for communicating with
          systemd-oomd to acquire OOM kill information.

        * The TPM2/FIDO2/PKCS11 support in systemd-cryptsetup is now also built
          as a plug-in for cryptsetup. This means the plain cryptsetup command
          may now be used to unlock volumes set up this way.

        * Support for activating dm-integrity volumes at boot via a new file
          /etc/integritytab and the tool systemd-integritysetup have been
          added. This is similar to /etc/crypttab and /etc/veritytab, but deals
          with dm-integrity instead of dm-crypt/dm-verity.

        * A new unit systemd-boot-update.service has been added. If enabled
          (the default) and the sd-boot loader is detected to be installed, it
          is automatically updated to the newest version when out of date. This
          is useful to ensure the boot loader remains up-to-date, and updates
          automatically propagate from the OS tree in /usr/.

        * sd-boot can now parse Microsoft Windows' Boot Configuration Data.
          This is used to robustly generate boot entry titles for Windows.

        * systemd-analyze security gained a --profile option that can be used
          to take into account a portable profile when analyzing portable
          services, since a lot of the security-related settings are enabled
          through them.

        * systemd-analyze learnt a new inspect-elf verb that parses ELF core
          files, binaries and executables and prints metadata information,
          including the build-id and other info described on:
          https://systemd.io/COREDUMP_PACKAGE_METADATA/

        * systemd-networkd will now once again automatically generate persistent
          MAC addresses for batadv and bridge interfaces. Users can disable this
          by using MACAddress=none in .netdev files.

        * bootctl and systemd-bless-boot can now be linked statically.

        * systemd-homed will now try to unmount an activate home area in
          regular intervals once the user logged out fully. Previously this was
          attempted exactly once but if the home directory was busy for some
          reason it was not tried again.

        * systemd-homed's LUKS2 home area backend will now create a BSD file
          system lock on the image file while the home area is active
          (i.e. mounted). If a home area is found to be locked, logins are
          politely refused. This should improve behavior when using home areas
          images that are accessible via the network from multiple clients, and
          reduce the chance of accidental file system corruption in that case.

        * systemd-resolved now listens on a second DNS stub address: 127.0.0.54
          (in addition to 127.0.0.53, as before). If DNS requests are sent to
          this address they are propagated in "bypass" mode only, i.e. are
          almost not processed locally, but mostly forwarded as-is to the
          current upstream DNS servers. This provides a stable DNS server
          address that proxies all requests dynamically to the right upstream
          DNS servers even if these dynamically change. This stub does not do
          mDNS/LLMNR resolution. However, it will translate look-ups to
          DNS-over-TLS if necessary. This new stub is particularly useful in
          container/VM environments, or for tethering setups: use DNAT to
          redirect traffic to any IP address to this stub.

      * systemd-repart no longer requires OpenSSL.

        * systemd-journald will no longer go back to volatile storage
          regardless of configuration when its unit is restarted.

        * The shutdown command learnt a new option --show, to display the
          scheduled shutdown.
>https://lwn.net/Articles/879739/


ID mapping for mounted filesystems
Almost every filesystem (excepting relics like VFAT) implements the concept of the owner and group of each file; the higher levels of the operating system then use that information to control access to those files. For decades, it has usually sufficed to track a single owner and group for each file, but there is an increasing number of use cases wanting to make that ownership relative to the environment any given process is running in. Developers have been working for a few years to find solutions to this problem; the latest attempt is the ID-mapped mounts patch set from Christian Brauner.

In truth, the ID-mapping problem is not exactly new. User and group IDs for files only make sense across a management domain if there is a single authority controlling the assignment of those IDs. Since that is often not the case, network filesystems like NFS have had the ability to remap IDs for many years. The growth of virtualization and container technologies has brought the problem closer to home; there can be multiple management domains running on a single machine. The NFS ID-remapping mechanism is of little use if NFS itself is not being used. 
...
>https://lwn.net/Articles/837566/

The Linux Foundation's report on diversity, equity, and inclusion in open source
>https://www.linuxfoundation.org/blog/addressing-diversity-equity-and-inclusion-in-2021-and-beyond/
>https://www.linuxfoundation.org/tools/the-2021-linux-foundation-report-on-diversity-equity-and-inclusion-in-open-source/
>https://lwn.net/Articles/879379/

random: use BLAKE2s instead of SHA1 in extraction
BLAKE2s is generally faster, and certainly more secure, than SHA1...
>https://git.kernel.org/pub/scm/linux/kernel/git/crng/random.git/commit/?id=58655cccf3d68aea2127bfe226cd5f50afb89c55
Replies: >>4062 >>4912
>>4061
>systemD
>TPM
>will NOT become optional soon
holy the the win11 cancer is spreading wpudn't be too surprised if the TPM has some kind of hidden backdoor that lets the ((good guys)) unlock it like graykey/celebrite
>inb4 android styled google account integration on the linux kernel

also is it me or Anydesk is borked on the newest 21.10 ubuntu liveCD im trying to remotely access my broken celeron laptop had to flash older version on my usb drive
>>412 (OP) 
>What will happen if section 230 is nuked?
German Court Rules Against Internet Security Non-Profit Quad9 In First Hearing Versus Sony Music Germany 

Global Internet Freedom Threatened by Copyright Ruling Targeting Unrelated DNS Operator

The Hamburg Regional Court today ruled that they would not suspend an existing injunction against Quad9 in a case filed by Sony Music Germany. The case centers around Sony Music’s demand that Quad9’s servers located in Germany stop resolving DNS names of third-party sites which are claimed to have URLs that contain copyright infringements.

There is no component of the claimed copyright infringement that Quad9 participates indirectly, nor is there any infringing data on Quad9’s servers, nor does Quad9 have any business relationship with the site in question. The injunction claim is only that Quad9, by allowing end-users to map internet names to IP addresses as part of its DNS resolution service, is legally obligated to stop resolving those names if demanded by parties claiming to be rightsholders.

https://www.quad9.net/news/press/german-court-rules-against/
Replies: >>4199
>>4177
>The Hamburg Regional Court
EVERY TIME.
“Xlibe”: an Xlib/X11 compatibility layer for Haiku
>in order to port X11 applications (or even entire toolkits…) without writing separate “native” backends for each and every one, and also without running an entire X11 server in the background.
>After some experimentation, I think this is indeed more than feasible, though we’ll see how far I manage to take it and how quickly…
https://www.haiku-os.org/blog/waddlesplash/2022-01-10_haiku_contract_report_december_2021/
I just hope that Haiku fans don't start developing X11 programs now.

DragonFly version 6.2 released
https://www.dragonflybsd.org/release62/
Replies: >>4418 >>4420
>>4408
Could have just skipped X11 and went for Wayland directly... Oh well.
Replies: >>4421
>>4408
I just finished porting a random program to Haiku... Never used it before.

Does the X11 compatibility layer allow seeing the whole server? If it does, I'm the main contributor on a somewhat popular program that needs such access, I could port it to Haiku too.
>>4418
What would be the point of a compatibility layer to something that itself will have to run compatibility layers for years to come?
Section 230 was illegal to begin with because it's literally a law passed by Congress abridging free speech.

The tech companies dug their own hole by not developing mechanisms to have mass communication sites that don't require moderation to be functional.

They were warned and I already handed out packets on how to restructure communication sites so they don't require editorialization to be usable. So the companies that already got their Section 230 free business model ready will take over the market as companies that bet on censorship continuing disappear in a flurry of spam and lawsuits. It takes as little as a month for people to forget about old sites, so it will be a major transfer of market power overnight.

When Section 230 goes down, it shouldn't be replaced with some other rules to allow censorship and enabling tech cartels to control entry to markets by just accusing other companies of being immoral and blacklisting them from common carrier services. 

It's their own fault if they didn't listen.
Retrospective and Technical Details on the recent Firefox Outage
>On January 13th 2022, Firefox became unusable for close to two hours for users worldwide.
>Firefox has a number of servers and related infrastructure that handle several ((( (((internal services))) ))).
>This ((( (((infrastructure))) ))) is hosted by different cloud service providers [including Google Cloud Platform] that use load balancers to distribute the load evenly across servers.
>these load balancers have settings related to the HTTP protocol they should advertise and one of these settings is HTTP/3 support [which was on because of configuration error made by Mozilla]
>from that point forward, some connections that Firefox makes to the ((( (((services infrastructure))) ))) would use HTTP/3 instead of the previously used HTTP/2 protocol

>Shortly after, we noticed a spike in crashes being reported through our crash reporter and also received several reports from inside and outside of Mozilla describing a hang of the browser.
>we quickly discovered that the client was hanging inside a network request to one of the Firefox ((( (((internal services))) ))). 
>We then discovered through logs that for some reason, the load balancers for our ((( (((Telemetry service))) ))) were serving HTTP/3 connections while they hadn’t done that before.
>With the load balancer change in place, and a special code path in a new Rust service now active...
>This unexpected state caused the code to loop indefinitely rather than returning an error.
https://hacks.mozilla.org/2022/02/retrospective-and-technical-details-on-the-recent-firefox-outage/


tl;dr
Firefox browser didn't work because Mozilla's telemetry services.
>Install Torah browser
>Install Ungoogled Chromium
>Install Lynx
Replies: >>4442 >>4449
>>4441
To be fair, anyone still using firefox deserves it.
>>4441
lmao laughs in palememe
PwnKit: Local Privilege Escalation Vulnerability Discovered in polkit’s pkexec (CVE-2021-4034)
>The Qualys Research Team has discovered a memory corruption vulnerability in polkit’s pkexec, a SUID-root program that is installed by default on every major Linux distribution.
>This easily exploited vulnerability allows any unprivileged user to gain full root privileges on a vulnerable host by exploiting this vulnerability in its default configuration.
>researchers have been able to independently verify the vulnerability, develop an exploit, and obtain full root privileges on default installations of Ubuntu, Debian, Fedora, and CentOS
>This vulnerability has been hiding in plain sight for 12+ years and affects all versions of pkexec since its first version in May 2009 (commit c8c3d83,  “Add a pkexec(1) command”).
>In other words, [bug] allows us to re-introduce an “unsecure” environment variable (for example, LD_PRELOAD) into pkexec’s environment.
>However, we note that OpenBSD is not exploitable, because its kernel refuses to execve() a program if argc is 0. [THEO WAS RIGHT!!]
https://blog.qualys.com/vulnerabilities-threat-research/2022/01/25/pwnkit-local-privilege-escalation-vulnerability-discovered-in-polkits-pkexec-cve-2021-4034

Fedora and pkexec
>[PwnKit] also led to a recent discussion on the ((( (((Fedora))) ))) devel mailing list about whether pkexec, which runs a program as another user, is actually needed—or wanted—in some or all of the distribution's editions.
>But pkexec is used by quite a few different Fedora components, particularly in desktop-oriented editions, and it could """perhaps""" be a better choice than the alternatives for running programs with the privileges of another user. 
>If you are going to run programs as root anyway, though, pkexec is probably better than using sudo or other options, Lennart Poettering said:
<I mean, polkit has some issues, but I am pretty sure that "pkexec" is not what I'd consider the big problem with it.
https://lwn.net/SubscriberLink/883547/d2b752eb979b3eb1/
Replies: >>4464 >>4465
>>4463
Redhat is like the government. If any of their branches tell you to not worry about something you know it's time to drop it.
>>4463
As mentioned in the systemd thread, polkit is completely and utterly useless. Purge it, never look back.
ClipboardImage.png
[Hide] (102.7KB, 753x833)
https://archive.is/wip/v2TDG
Mozilla and Facebook are working on a "privacy preserving" targeted advertising technology. 
Just in case you needed yet another reason to drop mozilla.
Replies: >>4572
>>4571
And what is the alternative? I don't have time to compile ungoogled chromium on c2d.
>>4572
At least get a placebo like forks. 
The real alternative doesn't exist because all modern browsers are shit.
Replies: >>4590
29c2ebdbb518d2d279faf07e67dcb07a3372c269.jpg
[Hide] (1.2MB, 1750x1400)
>>4572
LibreWolf is: https://librewolf.net/installation/
>>4572
Despite all the faggotry around it, palememe is the only browser that is not chromium based and doesn't require rust.
Replies: >>4590
>>4572
>>4575
>>4583
Have you taken the Lynxpill yet, mateys?
Replies: >>4594
>>4590
I want to, but I am not unplugged yet. Bank, work and others need botnet js.
>>4572
The only Firefox alternative made by a large enough team to maintain a modern web browser worth a shit, you know, actually keeping pace with upstream for security patches, and with a transparent revenue model, is Vivaldi. But then you have to support the Chromium engine hegemony that's been laughing at web standards for years with only Mozilla as another real contender.
Moving the [Linux] kernel to modern C [meaning C11]
>While critics like to focus on the community's extensive use of email, a possibly more significant anachronism is the use of the 1989 version of the C language standard for kernel code — a standard that was codified before the kernel project even began over 30 years ago.
>It is looking like that longstanding practice could be coming to an end as soon as the 5.18 kernel, which can be expected in May of this year. 
>Torvalds said that perhaps the time had come to look to moving to the C99 standard
>
>[Arnd Bergmann] suggested that it would be possible to go as far as the C11 standard (from 2011) while the change was being made, though he wasn't sure that C11 would bring anything new that would be useful to the kernel.
>It might even be possible to move to C17 or even the yet-unfinished C2x version of the language. [wtf?]
>That, however, has a downside in that it "would break gcc-5/6/7 support", and the kernel still supports those versions currently. Raising the minimum GCC version to 8.x would likely be more of a jump than the user community would be willing to accept at this point.
>Torvalds was in favor of [moving to C11]
>
> [If] all goes well, the shift to C11 will happen in the next kernel release
https://lwn.net/SubscriberLink/885941/01fdc39df2ecc25f/
Replies: >>4684 >>4685
>>4683
Any reason why this is bad (or good) aside from breaking GCC?
>>4683
why is gcc dependent on the archaic standard?
Replies: >>4686
>>4685
You tell me why, gcc is an implement of the standard. gcc isn't a rolling release and each version of it is locked to what it supports at that specific commit. Of course an implementation depends on a standard. An old implementation depends on an old standard makes perfect sense.
The problem is gcc is often bundled in toolchains that never gets updated. This often happens in vendor-patched toolchains for embedded platforms.
Kek, I'm never gonna upgrade from kernel 3.x and gcc 5.  I'll move to OpenBSD or NetBSD instead, if I have to.  They can shove the CoC right up their CIA nigger asses.
Replies: >>4688
>>4687
>OpenBSD
OpenBSD is perfectly usable as a desktop OS if you don't mind the performance (which is totally good enough for programming and shitposting)
Replies: >>4693
2011.png
[Hide] (51.7KB, 800x600)
>>4688
Yeah, I used to run it on i386 Thinkpads, 10+ years ago.  It was even good for playing games and emulators, including DOSBox and SNES, even MAME and MESS.  This is an old screenshot from those days.  Game here is Snowball (Level 9) running in Gargoyle, and WM is twm that comes with the OS.  As far as modern games, well I don't care about those at all.
FuckFuckNo.png
[Hide] (515.9KB, 1180x934)
Uh-oh someone's mask fell off.  Turns out it's no better than google.
Replies: >>4800 >>4806 >>4811
>>4799
the mask had already fallen off when it was revealed they gave priority to a nigger lgbtqbraap+ with less experience instead of a white male with more
Replies: >>4802 >>4806
burd.jpg
[Hide] (35.3KB, 540x540)
>>4800
That's no different than what every big tech company does nowadays.  They could hire actual ducks for all I care, if only they didn't censor.  This is the one unforgivable sin of a search engine.
Replies: >>4806
>>4799
>>4800
>>4802
Use searx https://searx.neocities.org/
Replies: >>4814 >>4817
>>4799
Why are you niggers surprised? DDG has been confirmed shit for years now. 
I bet you fags still use firefox.
Replies: >>4813
2573540.jpg
[Hide] (128.7KB, 800x800)
>>4811
>implying compliance with google layout engine monoculture
9bbc12ca5f31be6c1973f2b3b7d61d18dc556df923c52b82674ea6fb2195952b.gif
[Hide] (3.5MB, 480x345)
>>4806
>search for basic phrase that i would use for troubleshooting something
>no results
every search engine is either cucked or doesn't work, why did you allow this world to exist
Replies: >>4815 >>4816
>>4814
The searx instance may have got blocked. Try another instance.
>>4814
Adjust search engine list and enable more of them. Also use other instances.
>>4806
There's also Qwant which AFAIK is non-pozzed.
Golang 1.18 released
Highlights:
>Go finally has Generics (https://go.dev/doc/tutorial/generics)
>a tool for fuzzing  (https://go.dev/doc/fuzz/)
>The go command now embeds version control information in binaries. ... Additionally, the go command embeds information about the build, including build and tool tags (set with -tags), compiler, assembler, and linker flags (like -gcflags), whether cgo was enabled ....
https://go.dev/doc/go1.18
https://go.dev/blog/go1.18
https://blog.carlmjohnson.net/post/2022/golang-118-even-more-minor-features/
ClipboardImage.png
[Hide] (47.4KB, 1900x276)
https://archive.is/xsEk4
>Microsoft says Windows 11 File Explorer ads were ‘not intended to be published externally’
>“This was an experimental banner that was not intended to be published externally and was turned off,” says Brandon LeBlanc, senior program manager for Windows, in a statement to The Verge.
>While the ads weren’t intended to be tested externally, it’s clear Microsoft is capable of running them inside Windows 11, and the company’s brief statement doesn’t rule out ads appearing in the File Explorer in the future.
>This isn’t the first time Microsoft has placed ads inside File Explorer, either. The software maker added a large banner ad to the Windows 10 File Explorer in 2017, promoting subscription options for its OneDrive cloud storage service.
How does it keep getting worse?
Replies: >>4892 >>4894
>>4890
Because you retards keep using it no matter what Microshaft does.
RIAEvangelist/node-ipc package is malware
The package contains ((( obfuscated code ))) that targets users based on their nationality (or users based on the country they are connecting from)
This affects at least the package ((( node-ipc ))) from 10.1.1 and before 10.1.3.
https://archive.is/n8oBX
https://nvd.nist.gov/vuln/detail/CVE-2022-23812
https://github.com/RIAEvangelist/node-ipc/issues/319
https://github.com/RIAEvangelist/node-ipc/issues/236
https://github.com/RIAEvangelist/node-ipc/issues/233

>>4890
Nowadays, most home useds of windoze could easily switch to GNU/Linux and use Proton and Wine.
Replies: >>4895 >>4897 >>4898
>>4894
I'm sure webshits will learn the lesson this time haha
>>4894
>((( RIAEvangelist's ))) node-ipc package is malware
It's also on REAL news too: https://www.bleepingcomputer.com/news/security/big-sabotage-famous-npm-package-deletes-files-to-protest-ukraine-war/
>...But, chaos unfolded when select npm versions [= newest versions] of the famous 'node-ipc' library—also maintained by RIAEvangelist, were seen launching a destructive payload to all data and overwrite all files of users installing the package.
>Interestingly, the malicious code, committed as early as March 7th by the dev, would read the system's external IP address and only delete data by overwriting files for users based in Russia and Belarus.
>The code present within 'node-ipc', specifically in file "ssl-geospec.js" contains base64-encoded strings and obfuscation tactics to mask its true purpose...
npc_ngo.png
[Hide] (72.6KB, 908x601)
>>4894
picrel lmfao
Replies: >>4899
aa14971f74d2d7953d8871172310cfce8da37ac821231b2cfa48b2998614d3c2.jpg
[Hide] (9.8KB, 235x235)
>>4898
>secure servers
>Belarus
they deserved it lmao
New chat and messaging control regulations being discussed in the EU
>The EU wants to oblige providers to search all private chats, messages, and emails automatically for suspicious content – generally and indiscriminately. The stated aim: To prosecute child pornography. The result: Mass surveillance by means of fully automated real-time messaging and chat control and the end of secrecy of digital correspondence.
>This legislation will be presented on 30 March 2022 and would also apply to so far securely end-to-end encrypted communications services
https://www.patrick-breyer.de/en/posts/messaging-and-chat-control

Sounds like the European version of the EARN IT Act. I guess I will call tomorrow.
Replies: >>4902 >>4913
>>4900
How do they "search" end-to-end encrypted communications? Ready the crypttext?
Replies: >>4903 >>4904 >>4905
>>4902
Read*
>>4902
Provide another set of keys to all government agencies, of course :^)
Linux_CoC.png
[Hide] (830.4KB, 1553x2059)
>>4902
Obviously they already got private keys of all commercial big tech crap that the plebs use.  Then they also got private keys of all well-known "safe" services like protonmail, which wouldn't be allowed to operate otherwise (lavabit chose to shutdown themselves instead of playing that CIA nigger game).
And don't forget also some things that seem end-to-end at first glance aren't really (like this website for example, and many others going through "cloud" proxy).
Then there's also the issue of broken implementations, like they were trying with Linux backdoor (pic).  There are likely many such backdoors, or purposely flawed implementations (OpenSSL vulnerable for 2 years without anyone noticing it...)
Replies: >>4906
>>4905
>like this website
What makes you think this website is end-to-end encrypted? Do you need a private key to read this message (and this site is the middle man transferring encrypted data)?
Replies: >>4908
>>4906
I didn't say it is.  I said there's a proxy layer.  But that kind of setup is enough to fool people who don't know any better or don't bother to check.
Pale Moon 30.0 release announcement
https://forum.palemoon.org/viewtopic.php?f=1&t=27956
>Following the change in direction as announced before on the forum and directly driven by user feedback and community input, Pale Moon is abandoning its own GUID (globally-unique identifier) and adopting Firefox's GUID instead (like it did in its early days) to provide maximum compatibility with old and unmaintained Firefox extensions alongside those that are maintained on our addons site.
>>4061
>random: use BLAKE2s instead of SHA1 in extraction

RNG (random.c etc.) enhancements for Linux 5.17 and 5.18
<modernizes both the code and the cryptography used.
<Here's a summary of the various patches in this pull:
>
>  1) /dev/urandom and /dev/random now do the same thing, per the patch we
>     discussed on the list. I think this is worth trying out. If it does
>     appear problematic, I've made sure to keep it standalone and revertible
>     without any conflicts.
>
>  2) Fixes and cleanups for numerous integer type problems, locking issues,
>     and general code quality concerns.
>
>  3) The input pool's LFSR has been replaced with a cryptographically secure
>     hash function, which has security and performance benefits alike, and
>     consequently allows us to count entropy bits linearly.
>
>  4) The pre-init injection now uses a real hash function too, instead of an
>     LFSR or vanilla xor.
>
>  5) The interrupt handler's fast_mix() function now uses one round of SipHash,
>     rather than the fake crypto that was there before.
>
>  6) All additions of RDRAND and RDSEED now go through the input pool's hash
>     function, in part to mitigate ridiculous hypothetical CPU backdoors, but
>     more so to have a consistent interface for ingesting entropy that's easy
>     to analyze, making everything happen one way, instead of a potpourri of
>     different ways.
>
>  7) The crng now works on per-cpu data, while also being in accordance with
>     the actual "fast key erasure RNG" design. This allows us to fix several
>     boot-time race complications associated with the prior dynamically
>     allocated model, eliminates much locking, and makes our backtrack
>     protection more robust.
>
>  8) Batched entropy now erases doled out values so that it's backtrack
>     resistant.
>
>  9) Working closely with Sebastian, the interrupt handler no longer needs to
>     take any locks at all, as we punt the synchronized/expensive operations
>     to a workqueue. This is especially nice for PREEMPT_RT, where taking
>     spinlocks in irq context is problematic. It also makes the handler faster
>     for the rest of us.
>
>  10) Also working with Sebastian, we now do the right thing on CPU hotplug,
>      so that we don't use stale entropy or fail to accumulate new entropy
>      when CPUs come back online.
>
>  11) We handle virtual machines that fork / clone / snapshot, using the
>      "vmgenid" ACPI specification for retrieving a unique new RNG seed, which
>      we can use to also make WireGuard (and in the future, other things) safe
>      across VM forks.
>
>  12) Around boot time, we now try to reseed more often if enough entropy is
>      available, before settling on the usual 5 minute schedule.
>
>  13) Last, but certainly not least, the documentation in the file has been
>      updated considerably.

https://lwn.net/Articles/888413/
https://www.zx2c4.com/projects/linux-rng-5.17-5.18/
https://lore.kernel.org/lkml/[email protected]/
https://git.kernel.org/pub/scm/linux/kernel/git/crng/random.git/commit/?id=9f9eff85a008
https://git.kernel.org/pub/scm/linux/kernel/git/crng/random.git/commit/?id=6e8ec2552c7d
eu_yea.png
[Hide] (209.9KB, 703x769)
>>4900
OpenBSD arm64 on Apple M1 systems
>It has taken a while, but I'm pleased to announce that OpenBSD/arm64
>works well enough on Apple M1 systems for some wider testing.  A major
>milestone was reached with the release of the Asahi Linux installer.
https://undeadly.org/cgi?action=article;sid=20220320115932

The first Asahi Linux Alpha Release is here!
>we decided to take the plunge and publish the first public alpha release of the Asahi Linux reference distribution!
>Keep in mind that this is still a very early, alpha release. It is intended for developers and power users
>M1, M1 Pro, or M1 Max machine (Mac Studio excluded)
>The installer will not delete or affect your macOS installation, other than performing a live resize.
>Asahi Linux Desktop: A customized remix of Arch Linux ARM that comes with a full Plasma desktop. No root password by default; use sudo to become root.
>Asahi Linux Minimal: A vanilla Arch Linux ARM environment. Log in as root/root or alarm/alarm. Don’t forget to change both passwords!

What doesn't work (idk if this is a complete list):
<DisplayPort
<Thunderbolt
<HDMI on the MacBooks
<Bluetooth
<GPU acceleration
<Video codec acceleration
<Neural Engine
<CPU deep idle
<Sleep mode
<Camera
<Touch Bar
https://asahilinux.org/2022/03/asahi-linux-alpha-release/

Also
>curl https://alx.sh | sh
kek, Macfags.
Replies: >>5144
1639050906617-0.png
[Hide] (972.1KB, 1000x1000)
Emacs 28.1 is out!
- Native JIT compilation of elisp files using libgccjit* 
- The new NonGNU ELPA package archive is enabled by default alongside GNU ELPA (https://elpa.nongnu.org/)
- Text shaping with HarfBuzz and drawing with Cairo
- Support for loading SECure COMPuting filters**
- Much improved display of ((( Emoji ))) and Emoji sequences
- New system for documenting groups of functions
- A minor mode for context menus (context-menu-mode)
- Mode-specific commands
- Emacs shows matching parentheses by default
- Many improvements and extensions to project.el

*Emacs now optionally supports native compilation of Lisp files.
To enable this, configure Emacs with the '--with-native-compilation' option.
This requires the libgccjit library to be installed and functional,
and also requires GCC and Binutils to be available when Lisp code is
natively compiled.  See the Info node "(elisp) Native Compilation" for
more details.

If you build Emacs with native compilation, but without zlib, be sure
to configure with the '--without-compress-install' option, so that the
installed "*.el" files are not compressed; otherwise, you will not be
able to use JIT native compilation of the installed "*.el" files.

Note that JIT native compilation is done in a fresh session of Emacs
that is run in a subprocess, so it can legitimately report some
warnings and errors that aren't uncovered by byte-compilation.  We
recommend examining any such warnings before you decide they are
false.


** Emacs now supports loading a Secure Computing filter.
This is supported only on capable GNU/Linux systems.  To activate,
invoke Emacs with the '--seccomp=FILE' command-line option.  FILE must
name a binary file containing an array of 'struct sock_filter'
structures.  Emacs will then install that list of Secure Computing
filters into its own process early during the startup process.  You
can use this functionality to put an Emacs process in a sandbox to
avoid security issues when executing untrusted code.  See the manual
page for 'seccomp' system call, for details about Secure Computing
filters.
< https://www.gnu.org/software/emacs/news/NEWS.28.1


Clasp v1.0.0 released
> Clasp is a new Common Lisp implementation that seamlessly interoperates with C++ libraries and programs using LLVM for compilation to native code. 
* Implemented save-lisp-and-die. This saves the state of a running environment for loading and fast startup later. Our most complex environment Cando starts up in ~4 seconds, which is 10x faster than the old startup that loaded libraries.
* clasp-debug interface so that IDEs like SLIME can retrieve backtraces and more to present during debugging.
* Fixed many errors identified by the ansi-test-suite
...
< https://github.com/clasp-developers/clasp/releases/tag/1.0.0


New Gentoo LiveGUI ISO and artwork / branding contest! 
After a long break, we now have again a weekly Gentoo LiveUSB ISO with GUI for AMD64!
> boots directly into KDE Plasma and comes with a ton of up-to-date software. This ranges from office applicactions such as LibreOffice, Inkscape, and GIMP all the way to many system administrator tools.

Some of the software on the image:
>    KDE Plasma as desktop environment
>    Office productivity: LibreOffice, LyX, TeXstudio, XournalPP, kile
>    Web browsers: Firefox, Chromium
>    IRC and similar: irssi, weechat
>    Editors: Emacs, vim, kate, nano, joe
>    Development and source control: git, subversion, gcc, Python, Perl
>    Graphics: Inkscape, Gimp, Povray, Luminance HDR, Digikam
>    Video: KDEnlive
>    Disk management: hddtemp, testdisk, hdparm, nvme-cli, gparted, partimage, btrfs-progs, ddrescue, dosfstools, e2fsprogs, zfs
>    Network tools and daemons: nmap, tcpdump, traceroute, minicom, pptpclient, bind-tools, cifs-utils, nfs-utils, ftp, chrony, ntp, openssh, rdesktop, openfortivpn, openvpn, tor
>    Backup: mt-st, fsarchiver
>    Benchmarks: bonnie, bonnie++, dbench, iozone, stress, tiobench
< https://www.gentoo.org/news/2022/04/03/livegui-artwork-contest.html
Replies: >>5113
>>5111
Is Rumia showing us what happens to your fingers after 5 minutes of emacs?

>no vim updates
Oh right, Vim is already perfect.
Replies: >>5114
>>5113
Actually, I just use Emacs as a file manager (dired), WM (EXWM) and terminal emulator (ansi-term, term and eshell). And I do all of my text editing using ED!! ed is the STANDARD editor. I actually used to use Vim before I tried GNU Emacs. What convinced me to switch to Emacs was the ease of customization (by using M-x customize-themes, M-x customize and M-x list-packages) and the documentation: try C-h ? (GNU Emacs is described as "self-documenting" among other things.) GNU Emacs is also more beginner friendly because it is harder to lose your work since Emacs makes backups by default. Both editors are very powerful. You should try both and choose which one you like more.

>muh emacs pinky
Not a problem for me. You can remap ctrl to caps lock or use evil-mode (vi keybindings).

>Vim is already perfect.
NeoVim is a thing for a reason. ((( VimScript ))) sucks (NeoVim fixed this issue). Gvim GUI sucks (NeoVim got rid of it, and GNU Emacs has a proper GUI). If you use (Neo)Vim and want to get the same keybindings for another program, you must either select a program that has vim keybinding by default or you need to configure/patch it yourself. However, if you Emacs, you can just install a package and you have the Emacs keybindings (at its core, Emacs is an elisp environment).
Replies: >>5132
>>5114
>it is harder to lose your work since Emacs makes backups by default
Vim also makes backups by default (as .*swp files) and asks to load them next time you open the same file. I will admit the undo functionality is fucky though, it is absolutely possible to lose something you just typed through some panicked or confused combination of u, ctrl+r, U, u, ctrl+r ...

>You should try both and choose which one you like more.
As a young gpl-cuck collage student I tried emacs first.

>NeoVim stuff stuff stuff
As a general rule if Vim can't do something, or can't do it well, then that is a thing you are better off not having anyway. inb4 cope
vim: unrelated ancient piece of shit (weird rebindable hotkeys, horrible programming language)
emacs: unrelated ancient piece of shit (horrible rebindable hotkeys, weird programming language that is basically python, slower than vim)
notepad++: text editor
Replies: >>5134 >>5141
>>5133
ok zoomer
>>5133
go back
>>4936
Interesting. I can see from their docs they've implemented their own boot environment (m1n1), but does this actually jailbreak the hypervisor Apple forces even for macOS on M1, or is it still trapped inside?
The Neovim team is planning on releasing Neovim 0.7 on April 15th.
>lua autocommands
>lua keymap API
>lua command API
>global namespace lua highlights (pure lua colorschemes)
>global statusline
>support for setting signs via nvim_buf_set_extmark
>the ability to distinguish <C-I> from <Tab> in mappings
>filetype.lua (a faster alternative to individual autocommands for matching filetype rules)
>:lua =expr, try :lua ={test = true}
https://neovim.discourse.group/t/neovim-0-7-stabilization-period-begins-today-4-2-2022/2259

Announcing Rust 1.60.0
>Support for LLVM-based coverage instrumentation has been stabilized in rustc. 
>Rust has been Upgraded to LLVM 14
>Cargo has stabilized support for collecting information on build with the --timings flag.
>New syntax for Cargo features (Cargo "features" provide a mechanism to express conditional compilation and optional dependencies.)
>Incremental compilation is re-enabled for the 1.60 release. 
https://blog.rust-lang.org/2022/04/07/Rust-1.60.0.html

PIPEFAIL: How a missing shell option slowed ((( Cloudflare ))) down
https://blog.cloudflare.com/pipefail-how-a-missing-shell-option-slowed-cloudflare-down/
>The Mac Studio’s removable SSD is reportedly blocked by Apple on a software level
https://www.theverge.com/2022/3/21/22989226/apple-mac-studios-removable-ssd-blocked-software-replacement (https://archive.is/bUIKI)
Stallman tried to warn them but the MacFags didn't listen. More cases of proprietary software being malware: https://www.gnu.org/proprietary/proprietary.html
CuckCuckNo officially joining team botnet
https://archive.ph/QKNh2
>Like so many others I am sickened by Russia’s invasion of Ukraine and the gigantic humanitarian crisis it continues to create. #StandWithUkraine️
>At DuckDuckGo, we've been rolling out search updates that down-rank sites associated with Russian disinformation.
>In addition to down-ranking sites associated with disinformation, we also often place news modules and information boxes at the top of DuckDuckGo search results (where they are seen and clicked the most) to highlight quality information for rapidly unfolding topics.
Replies: >>5273
>>5270
Apparently they're also delisting "pirate" sites (I guess that probably also means old games roms) and useful tools like youtube-dl.
I already added their domain to my 0.0.0.0 shitlist last month.  Haven't done many web searches since then, turns out I don't really need to and can usually get the information I need via another method.
Haiku Activity & Contract Report: March 2022
> Work on VESA BIOS live-patching to extend the number of resolutions available without resorting to per-hardware drivers has landed. This is working reliably on Intel hardware at least and should help provide a broader range of supported resolutions for pre-(U)EFI hardware.
> Fixes to the recently-added USB support relying on the FreeBSD compatibility layer.
> Support for 64-bit PCI addresses added to the Intel and AMD Radeon graphics drivers.
> Basic Intel Jasper Lake support.
> Very basic Intel Tiger Lake support added to the Intel graphics driver.
> The work around 32-bit EFI support on x86 systems is now "mostly" merged. 
>WINE is now available for x86_64 nightly builds!
https://www.phoronix.com/scan.php?page=news_item&px=Haiku-OS-March-2022
https://www.haiku-os.org/blog/waddlesplash/2022-04-08_haiku_activity_contract_report_march_2022/
Replies: >>5332
OpenBSD 7.1 released
>Support for Apple Silicon Macs has improved and is ready for general use.
>Switched to using long filenames by default with mount_msdos(8).
>Updated drm(4) to Linux 5.15.26
>inteldrm(4): support for Elkhart Lake, Jasper Lake, Rocket Lake
>amdgpu(4): support for Van Gogh APU, Rembrandt "Yellow Carp" Ryzen 6000 APU, Navi 22 "Navy Flounder", Navi 23 "Dimgrey Cavefish", Navi 24 "Beige Goby" 
>Implemented poll(2), select(2), ppoll(2) and pselect(2) on top of kqueue. 
>Added a gzip-static option to httpd.conf(5), allowing delivery of precompressed files with content-encoding gzip.
>Enabled support for displaying an estimated battery recharge time in apm(8) and apmd(8). 
>Added rcctl(8) "ls rogue" to show daemons which are running but not set as "enabled" in rc.conf.local(8). 
https://www.openbsd.org/71.html
https://marc.info/?l=openbsd-announce&m=165054715122282&w=2
https://webzine.puffy.cafe/issue-9.html


How to upgrade?
<https://www.openbsd.org/faq/upgrade71.html
tl;dr use sysupgrade(8)
Replies: >>5325
>>5323
Let's install OpenBSD/riscv64 on QEMU
https://briancallahan.net/blog/20220418.html
>>5289
>> Support for 64-bit PCI addresses added to the Intel and AMD Radeon graphics drivers.
What have I missed? Is there working 3D acceleration on Intel and Radeon?
Replies: >>5339 >>5341
Support for developing in the Rust language is headed toward the kernel, though just when it will land in the mainline is yet to be determined.
- Rustaceans at the border -
https://lwn.net/SubscriberLink/889924/2b330ed9ea4a9e23/ & https://lwn.net/Articles/870555/

So, is it finally the time to switch to OpenBSD? >>4968
Replies: >>5340 >>7712
>>5332
idk, https://discuss.haiku-os.org/t/vulkan-lavapipe-software-rendering-is-working-on-haiku/11363/349
>>5338
You have to try it and see if your hardware is supported.  If you can live without things like GPU, wifi, bluetooth, power management, that increases your chances.  For a long time I rean OpenBSD on i386 Thinkpad with VESA X server (no GPU) and it was enough for me.  But the wifi did work, and without that I'd have been stuck on Linux or needing to buy a separate USB wifi hardware.
>>5332
The day it goes mainline is the day I wipe it the fuck off. Imagine having to compile Rust for arm sbc. Holy shit these Rust faggots are everywhere.
Replies: >>5365
sad.gif
[Hide] (88.6KB, 602x476)
>>5341
I think that would suck more on OpenBSD, since they don't cross-compile anything.  That's why 32-bit ARM packages aren't available on the release date.  One of those little boards has to build Rust and Firefox.
Replies: >>5367 >>6489
>>5365
My personal hate for rust and rustfaggots makes OpenBSD a much better option.
f1ba17a19f91d7b8e84accbb073f55c8db1f27741f1f876ecb9deb8e1257191c.mp4
[Hide] (3.7MB, 1280x720, 00:26)
https://search.jpope.org/proxy/?mortyurl=https%3A%2F%2Fwww.cnbc.com%2F2022%2F04%2F25%2Ftwitter-accepts-elon-musks-buyout-deal.html
Replies: >>5391 >>7071
>>5390
>more free speech
>authenticate all humans
Not sure how it will turn out
Replies: >>5393
>>5391
It means users musk submit a timestamped photo of their passport to twitter before posting every tweet.
Replies: >>5394
>>5393
That means less free speech in this snowflake culture society pushed by jews.
Replies: >>5396
>>5394
GPT bot trained for 4chan
https://github.com/yk/gpt-4chan
Replies: >>5402 >>7071
>>5396
New link
https://github.com/tornikeo/gpt-4chan
Replies: >>7071
Interlisp Restoration Project
>The 1992 ACM Software System Award https://awards.acm.org/award_winners/masinter_3814811 was awarded to the Interlisp system for
< "… pioneering work in programming environments that integrated 
< * source-language debuggers,
< * fully compatible integrated interpreter/compiler, 
< * automatic change management,
< * structure-based editing,
< * logging facilities,
< * interactive graphics, and
< * analysis/profiling tools."
>A team is working to restore and adapt the Medley version of Interlisp to modern computing infrastructures.
http://lists.sigcis.org/pipermail/members-sigcis.org/2022-May/002845.html


You can test Medley Interlisp on your browser, or you can build it yourself. There is also a Docker image available.
https://interlisp.org/
https://github.com/Interlisp/medley/wiki/Documentation
AMD_GPZ-Technical_Report_FINAL_05_2022.pdf
(2.8MB)
Release of Technical Report into the AMD Security Processor
https://googleprojectzero.blogspot.com/2022/05/release-of-technical-report-into-amd.html
Replies: >>7071
OpenRM-Fig-1-Large-1.png
[Hide] (44.7KB, 1557x555)
NVIDIA Releases Open-Source GPU Kernel Modules
https://developer.nvidia.com/blog/nvidia-releases-open-source-gpu-kernel-modules/
https://github.com/NVIDIA/open-gpu-kernel-modules
>The first release of the open GPU kernel modules is R515. Along with the source code, fully-built and packaged versions of the drivers are provided.
>In this open-source release, support for GeForce and Workstation GPUs is alpha quality. GeForce and Workstation users can use this driver on Turing and NVIDIA Ampere architecture GPUs to run Linux desktops and use features such as multiple displays, G-SYNC, and NVIDIA RTX ray tracing in Vulkan and NVIDIA OptiX.
>The R515 release contains precompiled versions of both the closed-source driver and the open-source kernel modules. These versions are mutually exclusive, and the user can make the choice at install time. The default option ensures that silent installs will pick the optimal path for NVIDIA Volta and older GPUs versus Turing+ GPUs. Users can build kernel modules from the source code and install them with the relevant user-mode drivers.
<Customers with Turing and Ampere GPUs can choose which modules to install. Pre-Turing customers will continue to run the closed source modules.

Sorry Kepler and Maxwell users, but you'll have to use the proprietary drivers for now.
Replies: >>5574 >>5575 >>7071
7c3e3c6354e9a11e36793147f71faf65962d22cc2450673c0c38b1ca392e68f7.jpg
[Hide] (573.4KB, 720x960)
>>5573
Don't forget about us owners of the Pascal architecture. GTX 1060 is the most popular GPU of Steam users.
Replies: >>7071
cirna_retard.png
[Hide] (44.4KB, 1200x1200)
>>5573
Sorry for retarded question but can devs use this source code to improve Nouveau for pre-Turing cards?
Replies: >>5576 >>7071
>>5575
Perhaps. The problem with reverse engineering drive rs is leaked source taint developers. But now they open source part of the driver, if the license allows and is compatible with nouveau, the devs can repurpose the source and integrate them.
>>5440
There won't be 3 Ada compilers (FSF GNAT, GNAT-GPL/GNAT Community and GNAT Pro) anymore. There will be just FSF's GNAT (that's part of GCC) and GNAT Pro. Correct me if I'm wrong.
<Adacore releases libraries under Apache 2.0 license.
>Two years ago we thought about modernizing the ecosystem. A cleaner and more familiar ecosystem with two variants: A GNAT provided and supported by AdaCore for commercial/industrial projects, GNAT Pro, and a GNAT provided by the community for open source projects with familiar licensing and without pure GPL run-times, GNAT FSF. This results in a decision by AdaCore to stop further releases of GNAT Community and have the community handle its successor.
<Alire package manager for Ada
https://blog.adacore.com/a-new-era-for-ada-spark-open-source-community
Atom is kill
>we’ve decided to retire Atom in order to further our commitment to bringing fast and reliable software development to the cloud via Microsoft Visual Studio Code and GitHub Codespaces.
https://github.blog/2022-06-08-sunsetting-atom/

I think this is a good thing. If you know someone who's still using Atom, tell them to switch to VSCodium or Emacs/Neovim.
Replies: >>5784
>>5783
Why would anyone use Electron and Chrome to make an IDE.... VScode is just so bloated I don't understand how people use it.
Replies: >>6130
Hertzbleed
>Hertzbleed is a new family of side-channel attacks: frequency side channels.
>Hertzbleed takes advantage of our experiments showing that, under certain circumstances, the dynamic frequency scaling of modern x86 processors depends on the data being processed.
>To our knowledge, Intel and AMD do not plan to deploy any microcode patches to mitigate Hertzbleed.
>Why did ((( Intel ))) ask for a long embargo, considering they are not deploying patches?  - Ask ((( Intel ))).
https://www.hertzbleed.com/
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1038
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00698.html
Replies: >>6129
SMUG_DANCIN_ft._Terry_Davis.webm
[Hide] (14MB, 854x480, 02:52)
PulseAudio and Systemd Creator, Lennart Poettering, Reportedly Leaves Red Hat
https://archive.ph/NazXN
>To much surprise, the lead developer of systemd Lennart Poettering who also led the creation of PulseAudio, Avahi, and has been a prolific free software contributor has reportedly left Red Hat. Michael Larabel writes via Phoronix:
>So far no public announcement appears to have been made, but according to a source has been reportedly removed from Red Hat's internal employee database. Yesterday Lennart did comment on the public Fedora devel mailing list to having now created a personal Red Hat Bugzilla account for his Fedora contributions after it was raised in bug reports and brought up on the mailing list that Lennart's Red Hat account is disabled. Emailing his Red Hat address this morning indeed yields an auto-response that it's no longer in use.
<He's still active in systemd world with new commits made as of today, so it will be interesting to see where he ends up or his next moves with his vast Linux ecosystem expertise and pivotal role in spearheading systemd's direction.
Replies: >>6128 >>6455 >>6996
>>6127
Lol even redhat can't stand his faggotry.
>>5890
complexity toll still being paid
>>5784
Literally This, just use vim it already has all the highlights you need
Replies: >>6135
>>6130
Neovim also has the only syntax highlighter that understands syntax, nvim-treesitter.
>Lennart Poettering leaves Red Hat
>to join Microsoft
Good riddance. Finally we can start to get rid of his mess.
Replies: >>6148 >>6149 >>6152
welcome_to_the_circus.png
[Hide] (805.7KB, 1289x907)
>>6147
>Finally we can start to get rid of his mess.
This will only leave things in a even worse state than they've been before. He's still working on systemd after all, it's just that now he pretty much admitted to being a Trojan Horse from the get-go (to absolutely no one's surprise).
Replies: >>6152
>>6147
https://archive.ph/Ky4ta
>Lennart Poettering - systemd + PulseAudio Creator - Departed Red Hat

The Linux equivalent of saying "oh yeah I created polio and the tapeworm"
Replies: >>6154
>>6147
>>6148
>to join Microsoft
>He's still working on systemd after all
Nothing will improve, it will only make Microsoft systemd/Linux an even more descriptive name. Leaving IBM to join its hellspawn doesn't make much of a difference. Both own Linux.
d08ec109ebd8957e5dfbd3f720f06e76a026dd93d5e0f1603df07a72cb4332ca.mp4
[Hide] (726.1KB, 720x480, 00:12)
>>6149
Reminded me of this
Retbleed: Arbitrary Speculative Code Execution with Return Instructions on X86 CPUs
>Unlike its siblings, who trigger harmful branch target speculation by exploiting indirect jumps or calls, Retbleed exploits return instructions.
>This means a great deal, since it undermines some of our current Spectre-BTI defenses.
>One such defense that many of our operating systems use today is called retpoline. Retpolines work by replacing indirect jumps and calls with returns. 
>
>As it turns out however, Retbleed is indeed practical to exploit, thanks to the following two insights:
<We found that we can trigger the microarchitectural conditions, on both AMD and Intel CPUs, that forces returns to be predicted like indirect branches. We also built the necessary tools to discover locations in the Linux kernel where these conditions are met.
<We found that we can inject branch targets that reside inside the kernel address-space, even as an unprivileged user...
>
>We have verified that Retbleed works on AMD Zen 1, Zen 1+, Zen 2 and Intel Core generation 6–8.

https://comsec.ethz.ch/research/microarch/retbleed/
https://comsec.ethz.ch/wp-content/files/retbleed_sec22.pdf & https://comsec.ethz.ch/wp-content/files/retbleed_addendum_sec22.pdf
Replies: >>6229 >>6253 >>7071
>>6223
Today's processors are TDP-bottlenecked above all and speculative execution is an extreme waster of energy and therefore TDP. I don't get why they don't just do away with such a harmful optimization beyond saying they have it in marketing material.
Replies: >>6233 >>6234
>>6229
Because backdoors.
>>6229
Speculative execution is not a waste of energy, the cpu can choose to do nothing but nearly the same amount of energy is used. Pipelining in CPU implies some cycles would be wasted every branch if there is no speculation.
In the following example, the processor cannot do anything while waiting for the result of the ALU
ADD R2 R3
JEQ R1
	JEQ	NOP     ADD
Fetch	Decode	ALU	Memory	Writeback
		^
There must be a nop because the result of ADD is not available until ADD finishes its ALU stage. Speculative execution allows the CPU to pick a branch (or in some implementation both) and execute as if the result was available. If the prediction fails, we get branch misprediction.
Is it a security problem, but it does improve performance.
Intel-aviv_security_essentials.png
[Hide] (162.3KB, 692x289)
>>6223
Does this work on CPUs prior to Zen?
If only AMD had released a pre-botnet Bulldozer CPU with AVX2.
c9a5132b3ec1083243c0b139d14a349d570b830f.gif
[Hide] (9.9KB, 454x202)
Report: Microsoft will return to releasing new Windows versions once every 3 years
    But the Windows-as-a-service era is far from over.    

>Rather than updating a single version of Windows for many years as it did with Windows 10, Microsoft plans to return to a schedule where it releases a new major version of Windows roughly once every three years, putting a hypothetical "Windows 12" on track for release at some point in the fall of 2024.
https://arstechnica.com/gadgets/2022/07/report-microsoft-will-return-to-releasing-new-windows-versions-once-every-3-years/
Replies: >>6291 >>6316
>>6284
M$ really can't make up their mind about what to do with Windows, it's beyond sad.
Mark_the_social_retard_fuckerturd_by_rware-d56f0bi.jpg
[Hide] (429.8KB, 700x970)
Facebook has started to encrypt links to counter privacy-improving URL Stripping
>https://www.ghacks.net/2022/07/17/facebook-has-started-to-encrypt-links-to-counter-privacy-improving-url-stripping/
Replies: >>6315 >>6316 >>6318
fda4c5f0c8cb7c57de2d25358205d8dd8aa3e9b8e957bf2e9fd1d21470e4569c.gif
[Hide] (726.1KB, 254x401)
Intel Microcode Decryptor by chip-red-pill
>At the beginning of 2020, we discovered the Red Unlock technique that allows extracting Intel Atom Microcode.

>Can I make a custom microcode update?
<No, you can't. Only decryption is supported, because microcode has an RSA signature for integrity protection.
>How you had extracted the keys?
<Using vulnerabilities in Intel TXE we had activated undocumented debugging mode called red unlock and extracted dumps of microcode directly from the CPU. We found the keys and algorithm inside.
https://github.com/chip-red-pill/MicrocodeDecryptor
https://yewtu.be/watch?v=V1nJeV0Uq0M
Replies: >>6315
>>6312
>facebook
>privacy
>>6314
I hope they find a way to modify the RSA keys
>>6284
I remember when they said Windows 10 was gonna be the last version of Windows and that it would take on a SaaS business model. Seems like they're desperate now to make people anticipate shiny new turds editions. I'm guessing its also a way to force people into updating by depreciating older versions of Windows on a consistent basis.

>>6312
Very simple solution is to not use it. I don't think I've ever seen FB links anywhere. Plenty of Google ones though.
>>6312
But did they forget about climate change? Encrypting URLs causes unnecessary carbon emissions.
Replies: >>6321
>>6318
Trust the science, take the safe and effective climate change booster.
>>6127
Fedora to disallow CC0-licensed code
https://lwn.net/Articles/902410/
Replies: >>6472
>>6455
>licensing autism
Who uses CC0 for code anyway? Most/all programmers worth their salt use Unlicense or 0BSD.
>>5365
Is that a bad thing?
Not much point in supporting a crippled platform that can't even compile software and doesn't work.

NetBSD doesn't have this requirement but most of their ports don't actually work. The VAX port for instance can only run inside emulators, it's too slow to run on a real VAX with typical tasks like installing a program taking days. The Dreamcast port is completely unusable, it only runs on CDs which are read-only storage and running a single program from the base system can cause it to run out of memory because the Dreamcast only has 16MiBs.

If OpenBSD runs on a system, it works, being able to compile its own packages is a good minimum bar to pass.
85157890_p0.png
[Hide] (3.1MB, 1600x1200)
Linus Torvalds uses an ARM-powered M2 MacBook Air to release latest Linux kernel
< First he took the CoCk and then he become a Macfag?! He uses Asahi Linux.
> Also worth noting is that Torvalds believes that the 5.20 release of the Linux kernel will end up becoming version 6.0, not because of any specific feature updates but because he's "starting to worry about getting confused by big numbers again." 
https://arstechnica.com/gadgets/2022/08/linus-torvalds-uses-an-arm-powered-m2-macbook-air-to-release-latest-linux-kernel/

Qualcomm’s M1-class laptop chips will be ready for PCs in “late 2023”
https://arstechnica.com/gadgets/2022/04/qualcomms-m1-class-laptop-chips-will-be-ready-for-pcs-in-late-2023/

This 6-inch board turns a Raspberry Pi module into a DIY router
< idk, sounded somewhat interesting...
https://arstechnica.com/gadgets/2022/08/this-6-inch-board-turns-a-raspberry-pi-module-into-a-diy-router/

CVE-2022-29582 - An Linux io_uring vulnerability
https://ruia-ruia.github.io/2022/08/05/CVE-2022-29582-io-uring/


C23 is Finished: Here is What is on the Menu
>constexpr
>#embed
>the nullptr constant
>memset_explicit - also, see https://man.openbsd.org/explicit_bzero for comparison.
>etc...
https://thephd.dev/c23-is-coming-here-is-what-is-on-the-menu


Go 1.19 Released
>first new API in the standard library to use generics: atomic.Pointer[T]
>The Go memory model has been revised to align Go with the memory model used by C, C++, Java, JavaScript, Rust, and Swift. 
>The runtime now includes support for a soft memory limit. This memory limit includes the Go heap and all other memory managed by the runtime, and excludes external memory sources such as mappings of the binary itself, memory managed in other languages, and memory held by the operating system on behalf of the Go program. 
>The compiler now uses a jump table to implement large integer and string switch statements. 
https://go.dev/doc/go1.19
https://blog.carlmjohnson.net/post/2022/golang-119-new-features/
https://changelog.com/gotime/240
+ Discussion: [add] standard iterator interface[?]: https://github.com/golang/go/discussions/54245

DHS warns of critical flaws in Emergency Alert System devices
< Government being incompetent as usual...
> The Department of Homeland Security (DHS) warned that attackers could exploit critical security vulnerabilities in unpatched Emergency Alert System (EAS) encoder/decoder devices to send fake emergency alerts via TV and radio networks.
> Hackers can disrupt legit warnings or issue fake ones of their own.
https://www.bleepingcomputer.com/news/security/dhs-warns-of-critical-flaws-in-emergency-alert-system-devices/
https://arstechnica.com/information-technology/2022/08/huge-flaw-threatens-us-emergency-alert-system-dhs-researcher-warns/

Slack resets passwords after exposing hashes in invitation links
https://www.bleepingcomputer.com/news/security/slack-resets-passwords-after-exposing-hashes-in-invitation-links/

Visa knew about Pornhub’s child porn, judge says, and now must face trial [Updated]
< This is mainly old news, but ((( MindGeek ))) BTFO and ((( Visa ))) "dindu nothing".
https://arstechnica.com/tech-policy/2022/08/california-court-says-visa-may-be-partly-liable-for-child-porn-problem/

Post-quantum encryption contender is taken out by single-core PC and 1 hour
https://arstechnica.com/information-technology/2022/08/sike-once-a-post-quantum-encryption-contender-is-koed-in-nist-smackdown/

Paper: Layered Binary Templating: Efficient Detection of Compiler and Linker introduced Leakage
https://arxiv.org/pdf/2208.02093.pdf
Replies: >>6551 >>6619
>>6550
Bonus: Crypto rant: https://blog.cr.yp.to/20220805-nsa.html
Replies: >>6614
tad_the_magician.png
[Hide] (265.3KB, 311x533)
F
Replies: >>6620 >>6621
>>6551
Was really funny to see the usual disinfo shills like Matthew Green come out of the woodwork immediately to try and FUD against this.
CISA warns of Windows and UnRAR flaws exploited in the wild
>CVE-2022-34713
<Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability.
<The issue was initially reported to Microsoft by researcher Imre Rad in January 2020 but his report was ((( misclassified ))) as not describing a security risk and dismissed as such.
Another case of proprietary software not getting security patches.

>CVE-2022-30333
<RARLAB UnRAR before 6.12 on Linux and UNIX allows directory traversal to write to files during an extract (aka unpack) operation, as demonstrated by creating a ~/.ssh/authorized_keys file.
https://www.bleepingcomputer.com/news/security/cisa-warns-of-windows-and-unrar-flaws-exploited-in-the-wild/

Cisco hacked by Yanluowang ransomware gang, 2.8GB allegedly stolen
>The company revealed that the attackers could only harvest and steal non-sensitive data from a Box folder linked to a compromised employee's account.
>The Yanluowang threat actors gained access to Cisco's network using an employee's stolen credentials after hijacking the employee's personal Google account containing credentials synced from their browser.
https://www.bleepingcomputer.com/news/security/cisco-hacked-by-yanluowang-ransomware-gang-28gb-allegedly-stolen/


GitHub's new privacy policy sparks backlash over tracking cookies
>Developers are furious at GitHub's upcoming privacy policy changes that would allow GitHub to place tracking cookies on some of its subdomains.
>The Microsoft subsidiary announced this month, it would be adding "non-essential cookies" on some marketing web pages starting in September, and offered a thirty-day "comment period" for users.
>The ((( non-essential cookies ))) in this context, better known as "tracking cookies" refer to a class of cookies that are shared across multiple websites and web services.
https://www.bleepingcomputer.com/news/security/githubs-new-privacy-policy-sparks-backlash-over-tracking-cookies/


Alternative code hosting sites:
>https://gitlab.com/explore
>https://gitgud.io
>https://codeberg.org/
>https://bitbucket.org/ (I don't know if they are much better, however)
>https://notabug.org/
>https://sr.ht/
>>6550
linus is a fucktard inept wigger who never did anything useful other than start an open source OS and even that was of questionable merit as there are tons of other OS just as viable
>doesnt know what a security is. literally even admitted that they dont care about security, while taking a free ride on the "most secure OS muh unix" boomer meme
>comes off as based only in comparison to other fucktarded open source wigger cucks whos primary virtue is being polite even to insanely stupid people including themselves (translation: its a community of mentally impared people aka autists)
>buys stupid fucking meme computer because of supposedly better hardware (it isn't)
Replies: >>6632
>>6612
F
07b6fd4451d4316a6acdd2f1909632c1efa1eeeac342414756d5abbc91d3f99a.mp4
[Hide] (4MB, 640x852, 00:30)
>>6612
>already been four years
i want to go back
>>6619
He's intelligent when it comes to designing and managing the development of kernels, but he's not that smart outside of it. He on one of the official mailing lists was strongly pushing for Covid-19 vaccines. A shame honestly, but I'd rather have him than some corporate plant or self-centered narcissist like a lot of people in software.
>doesnt know what a security is. literally even admitted that they dont care about security, while taking a free ride on the "most secure OS muh unix" boomer meme
Didn't he say this only because keeping the kernel and its development running smoothly is hard enough on its own? I don't think he completely disregards security, but I don't think he prioritizes it either.
Replies: >>6633
>>6632
>He's intelligent when it comes to designing
You couldn't be more wrong.
1900 Signal users’ phone numbers exposed by Twilio phishing
>Signal, like many app companies, uses Twilio to send SMS verification codes to users registering their Signal app.
>With access to Twilio's customer support console, attackers could have potentially used the verification codes sent by Twilio to activate Signal on another device and thereby send or receive new Signal messages.
>Or an attacker could confirm that these 1,900 phone numbers were actually registered to Signal devices.
>Signal is asking users to enable registration lock, which prevents Signal access on new devices until the user's PIN is correctly entered.
https://arstechnica.com/information-technology/2022/08/twilio-phishing-attack-exposes-phone-numbers-for-1900-signal-users/
https://support.signal.org/hc/en-us/articles/4850133017242


Microsoft blocks UEFI bootloaders enabling Secure Boot bypass
>The three Microsoft-approved UEFI bootloads that were found to bypass the Windows Secure Boot feature and execute unsigned code are:
< New Horizon Datasys Inc: CVE-2022-34302 (bypass Secure Boot via custom installer)
< CryptoPro Secure Disk: CVE-2022-34303 (bypass Secure Boot via UEFI Shell execution)
< Eurosoft (UK) Ltd: CVE-2022-34301 (bypass Secure Boot via UEFI Shell execution)
https://www.bleepingcomputer.com/news/security/microsoft-blocks-uefi-bootloaders-enabling-windows-secure-boot-bypass/
Replies: >>6682 >>6734
>>6679
Anything using "privacy" app that requires a phone number is fucking retarded.
A phone number is strongly tied to the centralized infrastructure. Any entity with the authority can quickly correlate a phone number to a person. Cash & burner sim can work for a while, but Signal users keep their sim forever.
>https://spectrum.ieee.org/quantum-safe-encryption-hacked
>post quantum algo broken (key can be recovered)
>a fucking leaf is behind it
never trust leafs to your crypto
Microsoft Sysmon can now block malicious EXEs from being created
>https://www.bleepingcomputer.com/news/microsoft/microsoft-sysmon-can-now-block-malicious-exes-from-being-created/
>it allows them to block the creation of executables based on various criteria, such as the file path, whether they match specific hashes, or are dropped by certain executables.

241 npm and PyPI packages caught dropping Linux cryptominers
>https://www.bleepingcomputer.com/news/security/241-npm-and-pypi-packages-caught-dropping-linux-cryptominers/
>These packages are typosquats of popular open source libraries 
>but instead, download and install cryptomining Bash scripts from the threat actor's server.

So, can anyone explain me why it's always NPM or PYPI? What are they doing wrong?
Replies: >>6707 >>6714
>>6706
They are designed to be easy and have big market shares. They redesign package managers to control library distribution. This creates single point of failure. Another thing is those libraries have deep library dependencies, issues can be hidden for a long time before someone decide to check it out.
Replies: >>6714
>>6706
>>6707
Having a ton of dependencies is also bad because it makes it harder to know which licenses your program uses.
>https://artemis.sh/2022/08/21/this-program-is-illegally-packaged-in-14-distributions.html
trying to find gems among the garbage heaps on 4chin, I found this thread

https://boards.4channel.org/g/thread/88257001
thoughts?
Replies: >>6718 >>6724 >>6814
>>6717
If you're going to post 4um shit at least post the archive site:
https://desuarchive.org/g/thread/88257001
>>6717
It's machine learning image generation with a prompt. They probably trained the model with a fuck tons of prompts to make a big model that can be added to a base set of images.
>not ready to share sources
Discord faggots again though.
There are many more copycats after dall-e got released. The main issues are training data and computation power. They probably built something on top of https://github.com/borisdayma/dalle-mini .
>>6679
The number of companies caught up in the Twilio hack keeps growing
>https://arstechnica.com/information-technology/2022/08/the-number-of-companies-caught-up-in-the-twilio-hack-keeps-growing/

Ransomware Actor Abuses Genshin Impact Anti-Cheat Driver to Kill Antivirus
>https://www.trendmicro.com/en_us/research/22/h/ransomware-actor-abuses-genshin-impact-anti-cheat-driver-to-kill-antivirus.html
>https://www.bleepingcomputer.com/news/security/hackers-abuse-genshin-impact-anti-cheat-system-to-disable-antivirus/
This was already posted on /v/.

ETHERLED: Air-gapped systems leak data via network card LEDs
>https://www.bleepingcomputer.com/news/security/etherled-air-gapped-systems-leak-data-via-network-card-leds/

Microsoft: Russian malware hijacks ADFS to log in as anyone in Windows
>https://www.bleepingcomputer.com/news/security/microsoft-russian-malware-hijacks-adfs-to-log-in-as-anyone-in-windows/

Atlassian Bitbucket Server vulnerable to critical RCE vulnerability
https://www.bleepingcomputer.com/news/security/atlassian-bitbucket-server-vulnerable-to-critical-rce-vulnerability/

GitLab ‘strongly recommends’ patching critical RCE vulnerability
>https://www.bleepingcomputer.com/news/security/gitlab-strongly-recommends-patching-critical-rce-vulnerability/

Windows Terminal is now the default terminal in Windows 11 dev builds
>https://www.bleepingcomputer.com/news/microsoft/windows-terminal-is-now-the-default-terminal-in-windows-11-dev-builds/

MacBook self-repair program highlights Apple’s flawed repairability progress
>On Tuesday, Apple expanded its self-service repair program to M1-based MacBooks. Giving customers repair manuals and the ability to buy parts and buy or rent tools for M1 MacBook Airs and M1 MacBook Pros is a far cry from the Apple of yesteryear.
>https://arstechnica.com/gadgets/2022/08/macbook-self-repair-program-highlights-apples-flawed-repairability-progress/
Never buy anything from ((( Apple ))). Apple is making it much harder than necessary to even replace the battery.

Google’s Fuchsia OS is taking over smart displays, now on its second device
>https://arstechnica.com/gadgets/2022/08/googles-fuchsia-os-lands-on-its-second-device-the-nest-hub-max/

LastPass developer systems hacked to steal source code
>https://www.bleepingcomputer.com/news/security/lastpass-developer-systems-hacked-to-steal-source-code/
Use KeePass/KeePassXC instead.
mgmg.png
[Hide] (16.3KB, 900x600)
Arch Linux Latest News: Grub bootloader upgrade and configuration incompatibilities
>Recent changes in grub added a new command option to fwsetup and changed the way the command is invoked in the generated boot configuration. Depending on your system hardware and setup this could cause an unbootable system due to incompatibilities between the installed bootloader and configuration. After a grub package update it is advised to run both, installation and regeneration of configuration:
grub-install ...
grub-mkconfig -o /boot/grub/grub.cfgThey've released a system breaking package without informing their users beforehand once again.
8991f553-1a09-4f7a-a3d3-7781a0eb15c4.png
[Hide] (248.9KB, 600x600)
Where do you guys get your news from?
Replies: >>6768 >>6769 >>6791
>>6767
When I actually bother to read the news I use
>Phoronix
>Hacker News
>Different subreddits (r/AMD, r/Vulkan, Etc...)
>Level1Techs/Gamers Nexus/Etc. YT channels
>Different /g/s and /tech/s (On 4chan, here, and some other smaller ones...)
And lots of other small resources I come across sporadically that are too unknown/numerous to list. I like to have multiple different perspectives and diverse sets of information, as it paints a pretty picture of reality instead of sitting on 4/g/ all day and being fed exclusively shit.
Replies: >>6798
>>6767
4/pol/
here
Replies: >>6798
>>6767
Risky Business shownotes are good. But the podcast itself now has woke twitter politics forced in every 5 seconds.
Replies: >>6798
__kirima_syaro_gochuumon_wa_usagi_desu_ka_drawn_by_mitya__0eda440adddccfd65890c4a4fe4ac021.png
[Hide] (320.5KB, 800x800)
__kirima_syaro_gochuumon_wa_usagi_desu_ka_drawn_by_mitya__5b9d91a1d514b671f027d2d4784f622a.png
[Hide] (283.3KB, 700x700)
>>6768
>Hackernews
Ah, I used to use this and lobster.us all the time, but I stopped because the userbase is essentially reddit on both sites, and the downvoting system is cringe. But that was my fault for bothering to do anything on those sites other than reading articles. And yeah, 4chan/g/ and the entirety of that wretched website is terrible. Nowadays I only visit it sparingly throughout the year to visit some generals in /jp/ and /diy/ and to get book recommendations off of /sci/ and /lit/.
>>6769
>4/pol/
Haven't been there in years. Can't imagine how garbage it is now. But I guess it's still useful for happenings.
>>6791
>woke twitter politics forced in every 5 seconds
No thanks. I think I'm good lol.
Replies: >>6799
>>6798
>Can't imagine how garbage it is now
75-85% threads were made by bots or shills. I have developed a mental filter to figure out which is which. It is the only place with speed, recent event and a possibility of not being completely botnet.
Replies: >>6821
kiwi-2.png
[Hide] (265.8KB, 527x966)
kiwi-1.png
[Hide] (185.1KB, 482x864)
Not directly /tech/ related but Russian-based DDoS protection and colocation provider DDoS-Guard has deplatformed Kiwi Farms shortly after Cloudflare did. 

DDoS-Guard currently provides DDoS protection for Hamas. I guess laughing at trannies is worse than terrorism.
Replies: >>6802 >>6803
>>6801
>cloudflare deplatforming websites it doesn't like
The absolute state of the modern web... Should >we just make a brand new infrastructure from scratch?
Replies: >>6803
>>6801
Thank you anon, I just wanted to post this.
>>6802
At this point, people need to start being worried about ISPs cutting their lines for what they post online. What do you suggest for long range or cross ocean communication? City wide mesh net (eg batman) isn't hard to get going, but recreating the internet would require expensive infrastructure, satellites or undersea cables.
Replies: >>6807 >>6809
>>6803
Until and unless WAN access for client-side hardware with general-purpose computing capability is entirely cut off (e.g.: OnLive MicroConsole but without even CPU cores or RAM) it will always be possible to build an overlay network atop the Internet or whatever replaces it. Even without installing a special autism browser, for instance, there are webshit-runtime VPNs that can indirectly connect to TOR or whatever.

An argument I've been seeing lately, and I think I agree with, is that TPTB are are treading a balance between stigmatizing and pushing truly fringe elements off the normienet slow enough, versus censoring such banal content so soon that significant fractions of normalfags adopt tools like proxies & P2P.

I'm not sure what that tipping point is, but the situation in fashier turd-world regimes like Saudi Arabia or China where most of the online population uses private VPNs habitually, isn't something they want in the "core" countries where the kayfabe of liberal democracy is still necessary.

Especially with some of the more ideologically lolbert central figures of the current Silicon Valley establishment starting to admit centralization is flawed enough to (even if it's just cynical buzzword mongering for now) dip their toes in darknet-like "Web3" projects such as Block/Bluesky and Libra/Metaverse, I suspect the pacing with which the noose is tightened around the clearnet will become more precarious and desperate very soon.
d948bdbb213d364dfc1d1979206be7bfd5799b361cbe16a90334b9e1306718d7.jpg
[Hide] (7MB, 4032x3024)
>>6803
>City wide mesh net (eg batman) isn't hard to get going, but recreating the internet would require expensive infrastructure, satellites or undersea cables.
4U
Replies: >>6810 >>6811
>>6809
Radio waves only really work until someone decides to get a radar and destroy the network. 
Encryption helps with data safety, but the network is never really permanent.
Replies: >>6813 >>6817 >>6820
>>6809
how would people discover it? will it even be usable given how slow the bandwidth/read times/compute times would be on a Pi?
>>6810
Also, you can't go transcontinental with anything other than shortwave (then only at certain times of night for the longest ranges), which is only about 28MHz of bandwidth even for an uncontested directional point-to-point link.
Replies: >>6819
yotsuba_6.png
[Hide] (8.9KB, 400x400)
>>6717
I hate ai niggers for making any art board unusable.
Replies: >>6815
>>6814
I hate art board jannies for being complicit in that bullshit
>>6810
If we use SDR, phased array of antennas and that military technology that creates signal at random frequencies so it's hard to locate
then we can build something
Moreover we can use satellites that doesn't require authentication
Replies: >>6827
>>6813
>Also, you can't go transcontinental with anything other than shortwave (then only at certain times of night for the longest ranges)
In some cases this is true. For greater than 1200 km / 750 mile propagation conditions are not always favorable for high data throughput. The Network is still a meshed system but on a much larger scale. Each node can provide 300-400 miles of continuous coverage with consistently high performance. This drastically decreases the amount of nodes required for a complex network. To bridge a connection across continents still remains a challenge.

>28MHz of bandwidth 
Incorrect, far lower. The Network has 12 kHz to 24 kHz of usable "bandwidth" but multiplicatives of that in data throughput. Channel capacity and symbol rate are independent of bandwidth. In modern telecom and signal processing there are several methods of utilizing one shared frequency space across multiple independent channels. Schemas like  2x2 or 4x4 MIMO carry over to HF far better than expected. Unfortunately due to the current archaic state of the amateur radio hobby baby boomers insist on doing 50 baud FT8 instead of 500,000 baud  OFDM so you don't see any of this in practice.

But perhaps you will soon.
Replies: >>6825
>>6810
>Radio waves only really work until someone decides to get a radar and destroy the network. 
Spread spectrum jamming over HF is a difficult task to accomplish even for an actor with unlimited resources at their disposal. Most of the jamming that occurs is done against fixed AM stations with known time schedules and operating frequencies. If what you mean by "radar" is interference that degrades signal quality created from over the horizon radar systems this can be isolated and removed from a signal almost entirely. There is a spatial component of every EM wave.  For that wave or signal to arrive it has to follow a path in space.  HF allows for a far greater degree of directionality and signal resilience. Certain schemas can allow for a complete obfuscation of the originating point of transmission entirely.
>Moreover we can use satellites that doesn't require authentication
In many cases this is illegal and is just simply impractical outside of certain niche use cases. The segment of the RF spectrum that deprecated SATCOM antennas operate on are not designated for amateur or ISM use. 
https://www.youtube.com/watch?v=RyxheXG9APo
Occasionally you will hear drug traffickers or radio pirates on them though.
Replies: >>6822 >>6827
>>6799
The whole site is a gigantic honeypot, so that's unsurprising.
>>6820
>jamming 
I meant just destroying/stealing the relays. Anyone can easily triangulate the signal and find the source.
Replies: >>6827
>>6819
>12 kHz to 24 kHz
Irrelevant, as that's per-channel using the default ITU channel assignments for mixed hobbyist broadcasters, intended so hundreds of such channels to share the 3-30MHz skywave spectrum. We're talking about a narrowly directional channel-aggregated link that would hog the whole thing.
>Channel capacity and symbol rate are independent of bandwidth
LOL

DRM D Mode can manage maybe 30kbps for a 20kHz channel. Any technique that can be used to squeeze more drops of blood from a few kHz of bandwidth, will yield proportionally greater returns from GHz of bandwidth. No matter how you slice it, shortwave links simply can't do more than an Mbps or so, in comparison to a single KU-band satellite spot beam doing hundreds of Mbps, terrestrial microwave at >10gbps, and optical at >100gbps per fibre.

As I noted upthread though, I see no reason we'll have to abandon simply putting overlay protocols atop the normie Internet (or whatever segmented thing replaces it) unless they stop allowing connections from client hardware with general-purpose computing hardware.
Replies: >>6826
>>6825
I didn't ask
>>6820
You can always use a stronger signal to fuck up whatever someone is trying to send.

>>6817
>just use random frequencies
Except if you want this to be more than a masturbation project then somebody else needs to be able to receive and understand your message, maybe even send one back.

>>6822
>Anyone can easily triangulate the signal and find the source.
If there really was a war on citizens communicating then the government would restrict and monitor the import of radio equipment (the same way they do for gun and bomb components now). Then the dozen nerds who know how to build their own shit from scratch can be  triangulated and v&ed as soon as they transmit something.

>6809
I hope you wiped your fingerprints before leaving shit for the police to find.
It's back!
>LtU is now running in a new, more stable environment
http://lambda-the-ultimate.org/node/5654
>GLib 2.74.0 has a serious bug crashing applications
https://nitter.snopyta.org/zemarmot/status/1574362564015841281

>Systemd support is now available in WSL!
https://devblogs.microsoft.com/commandline/systemd-support-is-now-available-in-wsl/
Replies: >>6991 >>6994 >>6996
d561df4f35ae2fed2ddc21da23bbe4d23f5eae03c4407c60de0e9e1c152e7c0d.jpg
[Hide] (465.5KB, 1280x720)
>>6990
>Systemd support is now available in WSL!
let's see how much worse we can actually make it
Replies: >>6996
>>6990
WSL2 is just a VM. I can't understand how much can they screw up to not even have a complete userland working on it.
My work forces Windows on me. But I had to work with Kubernetes. I went with WSL2 because I thought it'd be faster. I was wrong. There is a stupid bug with bridging network adapter and systemd doesn't work, therefore kubeadm doesn't as well. devfs is slow as fuck and causes all container runtime to freak out when a path with space in it was mounted.
Replies: >>6995
>>6994
>WSL2 is just a VM
Hilarious watching MS's retreat from full kernel integration in the POSIX Subsystem days, to just slapping a Hyper-V image in there and calling it a day,
systemd.png
[Hide] (61.7KB, 591x710)
poottering-kek.png
[Hide] (512.2KB, 1280x2084)
>>6991
>>6990
>>6127
Remember what Boittering said about his abomination.
>Sooner or later they'll hopefully notice that it's
not worth it and cross-distro unification is worth more.
https://archive.ph/GyO1j
Replies: >>7071
>Fedora Linux Disabling Mesa's H.264 / H.265 / VC1 VA-API Support Over Legal Concerns
https://archive.ph/tAlvG
https://archive.ph/XG22a
Replies: >>7000 >>7034
>>6999
>If simply handling the bitstream is a violation like you say then glibc/kernel could be patent infringing with an open() call. Let's not get that silly.
<IANAL
That's pretty obvious
<Think of it like a jigsaw puzzle, where the person who places the last piece in the puzzle pays the license. But then stop thinking of it like that and just assume it's a lot vaguer and way more legally involved than that.
What an absolute motherfucking retard

Reminds me of back when the fucking abomination that is WebM was created, and open sores faggots were arguing that merely allowing Firefox/Chrome to pass arbitrary codecs through an <object> tag to the OS's ffmpeg/libav running user-installed codecs would magically open up Mozilla/Google to pAtEnT iNfRiNgEmEnT through some inscrutable jurisprudential wizardry nobody was ever able to cite specific precedent for.
Replies: >>7007
>>7000
>who places the last piece in the puzzle pays the license
It's time for in-browser micro-transactions? The user receive the information at the end of the process.
>tfw 3 cents off from watching that webm
>>6999
Why source-based distros are superior, part 1827.
Replies: >>7035
college.jpg
[Hide] (72.7KB, 650x768)
>>7034
Binary distro:
>oh no, the distro did something retarded, as a worst-case scenario for these specific packages, i'll have to fall back to manually fussing with configs and/or waiting for source to build.
Source-based distro:
>oh no, i'm retarded, i always do everything by manually fussing with configs and/or waiting for source to build.
Replies: >>7036 >>7038
>>7035
>oh no, i'm retarded, i always do everything by manually fussing with configs and/or waiting for source to build.
At least my house is warm.
>>7035
>oh no, I am so retarded that I can't leave my computer compiling at night
>oh no, I am so retarded that "emerge x" is so manual
Next you will say no one should ever edit their configs.
Replies: >>7039
>>7038
>default binaries
Letting the buildbot do it for everyone at once is faster, cheaper, and better.
>a handful of the very most popular build flags
Could just download an alternate prepackaged binary, especially if it's popular enough to be on a repo maintained by my distro's packagers.
>truly speshul snowflake build flags
Just build it manually and unfuck it whenever upstream breaks muh scripts, exactly like on a source-based distro, except it's only for a fraction of my packages.
Replies: >>7040
>>7039
>faster, cheaper
For everyone, sure
>better
No, your binaries are not optimized for your processor.
What is the point of using free and open source software if you don't exercise your freedom by compiling and controlling all parts of it? Just because someone tell you the package is what it is and you trust it?
For a user, precompiled binaries makes no difference at all when one overnight build is all it takes to upgrade software. I don't care about compiling for others and how much faster, cheaper and "better" the process is. Only my system matters to me.
Replies: >>7041
>>7040
>your binaries are not optimized for your processor
LOL, as if source distro LARPers aren't the ones who cry the loudest about any real optimization because it hurts muh build times.
>What is the point of using free and open source software if you don't exercise your freedom by compiling
If the resulting binary is the same or very nearly so, as a binary sitting on the distro's repo, that isn't "exercising my freedom", just pointless masturbation.
>you trust it?
Oh noooo! Not muh heckin invalid hash collisiorinos, noooooooo! That could never happen to source or buildchains!!1!
>controlling all parts of it
>I don't care about compiling for others and how much faster, cheaper and "better" the process is. Only my system matters to me.
How about if, assuming your config is actually new and not just copypasta'd from what would be an optional package in a binary distro, what you're trying to achieve with your build is similar to what some other people are interested in? Then some of (you) could maintain that as a package, regularly tested against the rest of the distro and better known to upstream for each release, which would make it less likely to break everyone's install including yours, reducing the amount of dicking around with configs any of you have to do.

Oh, wait, that's what distros are for in the first place.
Replies: >>7042
>>7041
>muh build times
Nice strawman. I LTO everything, who care about build time when I am not using the computer? If I need to use the machine while building, PORTAGE_NICENESS solves it nicely.
>the same or very nearly so
How do you know without doing it? How do you know you can really get the sources? The only way to prove integrity is with your own eyes.
>pointless masturbation
Even if you can somehow know beforehand the resulting binaries are the same, you don't really own the software you are using without owning the source and the build process.
>comparing hash
How again do you know the hash of the resulting binary without compiling it yourself? You heard from someone? What about compiling with my flags and march=native? Does the maintainer compile the package for every possible combination to generate a hash for you?
>that's what distros are for
A totally correct description for distros, binaries or sources. Gentoo overlay, aur, all of them are packages users shared with everyone. Why do you think only binaries are not dicking around with configs?
>dicking around with configs
You seems to be very adverse to configuring your system and software, and you shouldn't be. Any user with a good understanding of their systems can do that with ease. Not only is it easy, it is also good for the user to gain more understanding of their system.
You also assume everyone is using the same architecture. My set of configs are used on arm and aarch64, in addition to x64.
Your argument against source distros is to be a binary distro by doing the source part of distro yourself? What the fuck are you on?
Replies: >>7043
He_could_be_in_this_very_room.mp4
[Hide] (1.4MB, 1280x720, 00:09)
>>7042
>How again do you know the hash of the resulting binary without compiling it yourself?
How do you know your sauce wasn't [email protected]? What about your installer? What about upstream's tarballs from the dev's own git if you're using something exceptionally autistic like Sourcemage? What about your copy of  It's a conspiiiiiiracy!!!
>Why do you think only binaries are not dicking around with configs?
Because if you don't make any meaningful change from defaults, you aren't doing anything a buildfarm hasn't already done for you.
>You also assume everyone is using the same architecture
Gosh, that's almost as amazing as each arch of a distro providing crosscompiled repos for each one.
>You seems to be very adverse to configuring your system and software
Not in the slightest. What I'm averse to is LARPing with the build process when I'm not going to make NONTRIVIAL changes.
Replies: >>7048 >>7061
>>7043
If my source is altered in any way, I can check it. You only get the binary with no chance to inspect it.
My install(1) is compiled as well.
You just don't take security and integrity of the software you use seriously. Many people don't. There is nothing LARPing about compiling software, even without changes, just to make sure I still own my system completely.
>almost as amazing as each arch of a distro providing crosscompiled
Everyone who make changes should compile for all architectures in the world and become a build farm?
Replies: >>7061
1381783143284.jpg
[Hide] (323.9KB, 768x960)
>>7048
>My install(1) is compiled as well.
Just because you have the source doesn't mean there's no backdoor. You have to actually read the source, which you are obviously not doing. And even then you can have a trusting trust situation.

>If my source is altered in any way, I can check it.
All package managers, source and binary, automatically check that what you download from the mirror is the same hash as what everyone else has downloaded.

>muh speed
With all the money you're spending on electricity you could just buy a faster computer. I know, I used to be you.

>>7043
>What I'm averse to is LARPing with the build process when I'm not going to make NONTRIVIAL changes.
Hardened Gentoo made sense when grsec was public and none of the compiler hardening was merged into upstream gcc. Compiling everything from source gave significant security improvements which were too harsh/unstable for a binary distro to deploy. Things like position Independent code + address space layout randomization, stack smashing protection, write xor execute etc. All these things are either picked up by binary distros now or impossible without kernel support.
Replies: >>7066 >>7077 >>7082
>>7061
>Just because you have the source doesn't mean there's no backdoor
>trusting trust
True. But getting the binary means the only source of proof is hashes. With the sources, the user can always check it.
>electricity
Not my problem, I share utilities and I am a massive cheap fag. I will use this crusty old computer until the moment it doesn't boot up.
Replies: >>7075 >>7077
>>5419 >>5452 >>5454 (this is the same darknet spam i saw on /b/ with the same URLs i had the browser loaded the whole time sorry for the very late post dug out some of my txt files)
does this chan have word filter can we just blacklist and autoban [.onion/] alltogether nobody really discusses relevant tor sites nowadays

>>5402 >>5396
there was a thread about that on 4chan incase you are interested https://desuarchive.org/g/thread/86675480/

>>5390
>thinking furfags care about free speech in the slightest https://desuarchive.org/g/thread/86673872/
i bet they are the same people behind disroot/riseup who just so happens to to have a datamining/ANALytics fetish

>>5568 >>7054
from the start i always knew tor was backdoored (the lgbt ACK!tivism support from the 2018 article was a clear red flag to look out for)
there is even one chan/site that adviced us to stop using it with proof of insecurity
now the remaining question is? is securedrop actually secure? i bet this shit is backdoored as well because we cant have people exposing murderna documents goy!

>>5574 >>5575
times have changed but what about turing? im using TU117 (my old GT730 kepler does not support vgpu_unlock lel)

>>5573
i hope they also opensource the GRID/vGPU components as well (including the 3080 SR-IOV) those will be essential for passthrough
its a shame lap-SUSsy lost their data from the attack hope they get it back and share the remains for free to teach nvidiot diverse employees a lesson

>>5572
>so the whole amd has bad IOMMU management meme is still not fixed
man AyyMD cpus are really truly built on the ground up for veeams (mine has smep and svm pre-enabled) kinda sad they haven't redesigned that yet my dad's low end ideapad has iommu and pcr7 binding fully enabled in the bios despite the crappy shintel processor

>>5573 (had to put it here instead)
>maxwell not supported
offtopic but why does my mx150 (on intel UHD 620 i get different problems) have graphical bugs and purple shapes when i run the games in the vbox 'visor (vmware on linux is also affected) but when it on the ryzen APU everything just loads flawlessly with no cracking sounds whatsoever
what causes this to happen? what special features on my gpu does the hypervisor need that the asus laptop lacks? they will give it back to me and i will do maintenance before returning it after replacing the old slow chink ssd?
on the 1650 there are no graphical bugs whatsoever but i do get code related errors some 3d games run very smoothly while other 2D games run sluggish (they are all unity) maybe this has something to do with the damaged windows driver files since my host continuously writes 1mb of crap whenever audio is playing even on my radeon

>>6223
any ARM specific hardware vulns? will it be a good idea to make a custom very secure tablet from samsung chips? can those be hacked as well?

>>6563
im using 4800H am i screwed? i should have bought the low end 5000 series one instead fugg

>>6996 (tranny on twitter suggesting lewd https://archive.is/9Rkmc)
>le systemd bad (https://github.com/systemd/systemd original link)
also can someone check the systemd github page? how many furfags are there i can only see the first 100 users
(useful tools can someone share the output HTML?) https://github.com/mgechev/github-contributors-list https://github.com/all-contributors/all-contributors
list of potential furries i can't fully confirm but definitely SUS i would not be too surprised if poettering is closeted one
https://github.com/AsciiWolf https://github.com/zx2c4 https://github.com/medhefgo (not too furry at all)
https://github.com/nabijaczleweli (avatar is literally a pink ZETA symbol exercise caution)
will add more and make collage after i get all 1100 of them gonna do a bit of OSINT digging (not sure if adhd works fine i kinda envy 4chan autists)
Replies: >>7074 >>7082
madotsuki_puke.jpg
[Hide] (584.3KB, 740x740)
https://lore.kernel.org/lkml/[email protected]/
Replies: >>7074 >>7077 >>7712
>>7071
>from the start i always knew tor was backdoored
https://github.com/torproject/tor/tree/main/src
File and line number?

>>7072
There are only 2 Rust drivers and they are both toys by the authors' own admission. Someone is paying them to merge this garbage.
https://lwn.net/Articles/907685/
Replies: >>7176 >>7712
how_dare_you.jpg
[Hide] (130KB, 1272x799)
>>7066
>Not my problem, I share utilities
Well you're in a unique position so why are you posting like anyone else should give a shit.
>>7061
>You have to actually read the source, which you are obviously not doing.
This is something a lot of open sores fags fail to appreciate. For all the bleating about "muh thousand eyes", most classes of bugs are only visible to a full formal audit.
>Hardened Gentoo
>All these things are either picked up by binary distros now or impossible without kernel support.
Man, it's crazy looking at OpenBSD and seeing the best practices Linux should've supported years ahead of time.

>>7066
>With the sources, the user can always check it.
Whether or not your retarded distro LARPs with your compiler is irrelevant to whether you read the sauce

>>7072
>inb4 kernel replacement written in SPARK
Replies: >>7078
>>7077
>Man, it's crazy looking at OpenBSD and seeing the best practices Linux should've supported years ahead of time.
Grsec invented a lot of the still openbsd stole. But yeah, openbsd is the only place to get it now.
>>7061
But some of the hardening options aren't enabled in Linux kernel (that's why Arch Linux has a separate linux-hardened package). And disabling features (for example, via USE flags in Gentoo) reduces the attack surface. Moreover, some packages (mainly Firefox) can be linked to system libraries (instead of the bundled ones) which makes sure they are up-to-date and build using secure compiler options.

>>7071
>any ARM specific hardware vulns?
I'm not aware of any. But I haven't really researched it either. But ARM is much better than x86 or x86_64. The problem is that only x86 PC have easy and convenient HW available for consumers.
Replies: >>7083
>>7082
>ARM is much better than x86 or x86_64
You must have never owned an ARM computer. While x86 has mostly standardized BIOS/UEFI and initialization, ARM is nuts. Chips requires blobs to boot up, non-mainlined patches, drivers and boot loaders all over the place. Some embedded board are still stuck with Linux 3.x and patched u-boot based on 2010 because nothing is mainlined. Good luck reverse engineering dtb if it is not mainlined.
Replies: >>7088 >>7719
>>7083
That's firmware (and mostly for the accessory chipset), not the CPU itself nor its ISA. But yeah it's absolutely amazing that every other ISA (POWER[PC], MIPS, [Open]SPARC, etc.) uses standard bootloaders like OF or ARCS, but ARM is just a total free-for-all from OEMs, even the best supported hobbyist SBCs shipping reverse-engineered u-boot because SoCs are totally undocumented.
webvm.png
[Hide] (61.6KB, 800x542)
News is late. We finally come full circle. A browser running on Linux running Linux. 
https://archive.ph/OaUMK ( https://leaningtech.com/webvm-server-less-x86-virtual-machines-in-the-browser/ )
Replies: >>7122 >>7176
jslinux.png
[Hide] (19KB, 995x682)
>>7090
Not exactly the first such toy. From 2011:
https://bellard.org/jslinux/
Replies: >>7124
>>7122
Cool. jslinux emulates a CPU and webvm jit compile x86 to wasm.
Looking more into web assembly, I am convinced wasm is what jvm should have been. If only browsers exposes full network capabilities and some (namespaced) hardware access, C/C can be compiled to browser. A very large market of browser users can use C/C web frontends. DOM, html/xml and javashit can finally die.
agreement-500.1987cccd803c.png
[Hide] (19.2KB, 477x429)
youtube-2011-vs-2013.jpg
[Hide] (139.5KB, 580x1132)
I happened to be updating a normalfag's install and furryfox has the following mixed into its update notes on relaunch:
The Tech Talk: Firefox for Families
https://archive.ph/uZOfx
Of course it won't be the old advice of "DNFTT, avoid saying A/S/L, try to remain anonymous or use a different pseudo everywhere, prefer private over public posting when possible, lurkmoar before your first post to understand & obey netiquette", but how bad could "conventional wisdom" have gotten in CY+7? Couched in a heap of "meta ironically unironically how-do-you-do-fellow-kids" cringe verbiage: 
>Topic 1: Privacy
Some shilling for FF's anemic built-in blocker in lieu of their dying ad-onextension ecosystem, plus the placebo of OS/website-level "do-not-track" and "location services" checkboxes. No mention of Mozilla's own botnet defaults in FF, user-agent-fingerprinting-mitigation or VPNs, let alone not being an attentionwhore.
>Topic 2: Mental Health
Boilerplate anti-addiction slop
>Topic 3: Bullying
Kids should block & report le ebil trolls to hotpockets & school bureaucrats (but not parents?), only post "positive" opinions (one box "helpfully" notes that "Sometimes when you punctuate your texts, it seems angry"). Oh, and literally advices parents to "Talk about how publicly posted pictures can be misused". How about TELL THEM NOT TO BE SUCH FUCKING ATTENTIONWHORES!
>Topic 4: Public Wifi
Bunch of horseshit that's either blatantly false or redundant to topic 1. Plus the only mention of VPNs.
>Topic 5: Passwords
Boilerplate slop about "secure" human-readable passwords. No mention of using different passwords on different sites, not even any shilling of a password manager designed for that purpose, such as the one built into FF!
>Topic 6: Private mode
More horseshit that's either blatantly false or redundant to topic 1.
Replies: >>7163 >>7176
no_comment_but_seething_rage.webm
[Hide] (2MB, 1280x720, 00:19)
>>7128
>Sometimes when you punctuate your texts, it seems angry
https://archive.ph/pqBu5
>System76 switching from GTK to some Rust-based toolkit for their DE
The Monkey's Paw strikes again.
apologies for this wizard since everybody is shitflinging on the /b/offtopic thread might as well crosspost this here i dont wanna drum up other breads

>>7074 (based on what i heard on other chans)
judging by how the CIA operates they implement crappy code with easy exploitable security flaws rather than downright adding backdoors to prevent it from being obvious it will simply appear as if a random pajeet designed that part if found they fix it as normal putting an innocuous class named notanNGObigotbackdoor would instantly trigger red flags on their security team
one of the threads say tor uses 10 centralized clearweb domains for its exit node list which can be easily glow'd like protonmail
also slightly offtopic but if i were to make my own VPS service how do i completely block TOR usage entirely? i just want a normalfag business and dont wanna get involved with fed related drama

>>4828 (sorry about that word salad >>4832 +30 ill pay 4 ur /k/emo debt l8r)
>why would you choose BSD
the main point is should i choose linux or bsd assuming both had the same ((( CoCs ))) which one has better code architecture? will the end-users have less problems with bsd compared to linux in the long run?
this is gonna be preinstalled on mass-produced workstation PCs in my future chingchong tech company (i wonder how good is the kernel quality of chinaUOS/rosalinux i bet its better than our current state of troonix i wonder how much code xiaomi contributes every year)
>because of the license
you see the thing is corporations dont respect the rules and sabotage opensource in an organized manner with the help of STEM Zooey patronite sekrit cults and DEI POC abominations
So from that logic so why should i play fair with them? I might even start my own pirated scene group that converts proprietary FAGMAN technology into publicly hackable pieces of code just to piss them off even more and no unlike ddosecrets im never gonna cuck out to BLM and woke causes (after all i am the supervillain so this is my duty)
hell leaked pirated drivers and gerber/uefi flash files are literally the norm in underground china (they even have have a forum that sells these to independent home technicians for a small price)
>runit is better
whats wrong with openrc? is it due to the ring 0 code injection method? (i legit know nothing about this)

>>6464 (>>6467 oh hey fellow pleb rabbi-ttor how's summer?)
>how do i test a linux distro (that was my old jewbuntu pc now im using wangblows)
i basically judge it based on stability i treat it like a server OS everything must be super stable on ubuntu my GT-730 proprietary drivers caused lots of issues and the desktop froze completely due to graphics error then i went back to the crappy opensores original one this time i test it based on the speed and emulation quality of the VMs sometimes it does lag and in most cases aero just does not work at all opening a 1080p mp4 even a short clip causes drivers to shit itself and i have to press that little power reset button on the desktop case to fix it
bottom line i just want something super stable and does not cause my browser to lag i dont compile jack shit and updates dont really fix anything since it looks hardware related
>how do i get a feel of it
one of the things i did was changing the DE interface back then i used a customized reddish dark theme that imitates winXP for xfce with a bit of aero transparency which somewhat reminds me of these old 2008 hackerman pc YT videos

>>6445 (>>6447 .t /g/ babbyduk)
why not just ban politics on sight both left and right after all you just want something neutral
also what about rentry.co 4chan uses it as a pastebin alternative (thanks for the suggestion ill try substack)

>>6771 (as >>6777 TRIPS pointed out)
>fsirc.net promotes rulecucked ((( rizon IRC ))) (drama discord on images folder)
>welcome to ((( free speech ))) safe space ecosexual POC video
>there is a disgusting fursuit from the frontpage 0:25 video next to antifa
>jewkraine flag on the bottom with typical commie debian sticker
<uses lots of crappy if statement repeating code just like your typical leftist programmer (in many such cases)

>>7090
ive seen this before running windows xp/95 now the final debate remains? will my browser crash if i load SoyenceD there? my legion slightly lags with two 8gb win10 VMs

>>7128 is it ok if i post real working torrent of turning red hopefully DMCAfags wont mind
>first we came for the lgbteens now we came for the families lets indoctrinate the youth next with false ((( privacy )))
enough is enough troonzilla where did my linux persistent drive go? im going to replace this POS with ungoogled crouton any tips for uninstalling? how do i keep user data?
now the real question is how long before they make a turning red inspired fursona generator html5 game event on pride month for toddlers? collabing with itchio isnt that hard
for true lulz someone should insert ZOO/MAP flags easteregg in the source code without getting caught ED style (if they make this dengeneracy opensource)
>A match made in heaven: systemd comes to Windows Subsystem for Linux
https://web.archive.org/web/20221015061820/https://www.theregister.com/2022/09/24/systemd_windows_linux_microsoft/?td=keepreading
I guess dreams really do come true.
Replies: >>7265 >>7304 >>7492
>>7263
Finally microsoft manage to do what all other hypervisor do.
>>7263
>systemd EEEs Windows
That's not what was meant to happen, was it?
Are there any efforts at Microshaft to adopt Rust in order to counter memory illiteracy?
1.png
[Hide] (69.3KB, 549x1322)
2.png
[Hide] (65KB, 594x1194)
3.png
[Hide] (24KB, 609x522)
I'm surprised nobody posted this yet. It might not be news, but still a fine piece of entertainment nevertheless.
Linus popping the rust snowflakes' safety bubble with a loud bang. Ideally, he should've never accepted them in the first place, but I guess you can't always have nice things.
Maybe after a few more kernel releases involving similar email exchanges, he would have handed these snowflakes a long enough rope to off themselves, and do the world a huge service.

https://lkml.org/lkml/2022/9/19/1105
>>7315
Do you think at some point Linus will realize that this was a mistake and just go back? Or is he too far gone?
I worry about what will happen to Linux after Linus is gone...
Replies: >>7329 >>7492
Caliptra_--_Silicon_RoT_Services_09012022.pdf
(1.9MB)
Is this bad?
Humpty_Dumpty.jpg
[Hide] (82.6KB, 550x550)
>>7315
He kinda lets slip the exact opposite side of the argument. That Linux isn't written in "actual C" either, but a divergent dialect of GCC C that Linux created for itself just to write Linux in, and every C stack other than GCC needs a special "Linux kernel dev mode" if you want to compile Linux with it.

Some of the smarter Rust people seem to dimly understand Rust will probably have to undergo the same perversion as C did to become suitable for Linux kernel dev
Replies: >>7328
>>7315
>reality trumps fantasy
I wonder how many tranny devs committed suicide after reading that? (I mean, aside from the obvious answer of "not enough".)
Replies: >>7492
>>7315
WTF I love Linus now? I thought he has been a cuck ever since the apology and COCk.
>>7320
He talks about it in 2.png
>>7317
It's just a subsystem to support using Rust to write drivers / kernel modules. Once the 41% becomes 100%, he can drop it from the kernel, along with all the drivers written in it.
EasyList is in trouble and so are many ad blockers
>A couple of weeks ago EasyList maintainers saw a huge spike in traffic.
>The overall traffic quickly snowballed from a couple of terabytes per day to 10-20 times that amount.
>The source of that dramatic surge, it turned out, were Android devices from India. 
>The problem is that this browser has a very serious flaw. It tries to download filters updates on every startup, 
>
>EasyList tried to reach out to ((( CrimeFlare ))) support, but the latter said they could not help.
>Moreover, serving EasyList actually may violate the ((( CrimeFlare ))) ToS.
>It’s unclear what EasyList should do now. It is a community project supported by volunteers, and it cannot afford to pay for the enterprise CloudFlare plan.
https://adguard.com/en/blog/easylist-filter-problem-help.html
Replies: >>7492
ISC DHCP (aka dhclient) EOL
>The 4.4.3-P1 and 4.1-ESV-R16-P2 versions of ISC DHCP, released on October 5, 2022, are the last maintenance versions of this software that ISC plans to publish.
>If we become aware of a significant security vulnerability, we might make an exception to this, but it is our intention to cease actively maintaining this codebase.
https://www.isc.org/blogs/isc-dhcp-eol/

As far as I know, OpenBSD is not affected because their DHCP daemon is a fork of the ISC DHCP daemon. If you use the ISC DHCP daemon (dhclient), replace it with dhcpcd.
Replies: >>7345
>>7344
OpenBSD has had a new DHCP client called dhcpleased for a few releases now, their old ISC DHCP-based client was actually removed from the system in the most recent version which was released 2 days ago.
SHA-3 Buffer Overflow (CVE-2022-37454)
>The vulnerability impacts the eXtended Keccak Code Package (XKCP), which is the “official” SHA-3 implementation by its designers.
>It also impacts various projects that have incorporated this code, such as the Python and PHP scripting languages.
>Moreover, I’ve also shown how a specially constructed file can result in arbitrary code execution, and the vulnerability can also impact signature verification algorithms such as Ed448 that require the use of SHA-3.
>The vulnerable code was released in January 2011, so it took well over a decade for this vulnerability to be found. 
https://mouha.be/sha-3-buffer-overflow/
Open source sustainment and the future of Gitea
>https://blog.gitea.io/2022/10/open-source-sustainment-and-the-future-of-gitea/
There will be enhanced version of Gitea for enterprise customers and a for-profit company was formed for Gitea (Gitea Limited). The new company owns Gitea domains and trademarks. If you use Codeberg: https://codeberg.org/Codeberg/Community/issues/775
>>7387
Sounds reasonable, not the first OSS organization to do this. This line in particular struck me:
>there are a few corporations (with revenues that are greater than some countries GDP) are building on Gitea for core products without even contributing back enhancements. This is of course within the scope of the license, however prevents others from the community from also benefiting.
Replies: >>7407
>>7387
>>7394
>To preserve the community aspect of Gitea we are experimenting with creating a decentralized autonomous organization where contributors would receive benefits based on their participation such as from code, documentation, translations, and perhaps even assisting individual community members with support questions.
>>7387
Someone wrote a response to that: https://gitea-open-letter.coding.social/
OpenSSL 3.0.7 is a security-fix release
The highest severity issue fixed in this release is CRITICAL:
>https://mta.openssl.org/pipermail/openssl-announce/2022-October/000238.html
>https://xeiaso.net/blog/openssl-3.x-secvuln-incoming
>"For people that only have casually followed the OpenSSL project, note that the last time a "CRITICAL" patch was issued was to mitigate the "Heartbleed" vulnerability."
>"The patch to fix this issue will become public on Tuesday, November 1st. "


Remember Heartbleed?
>https://heartbleed.com
Theo de Raadt right again!
Replies: >>7415 >>7463
>>7413
My company is full of machines that will never be updated. Fortunately I don't deal with security and compliance. I'd gladly watch with my pop corns on the side.
>>7413
>OpenSSL 3.0.7 is a security-fix release
>The highest severity issue fixed in this release is CRITICAL HIGH:
 CVE-2022-3786 and CVE-2022-3602: X.509 Email Address Buffer Overflows 
<https://www.openssl.org/news/secadv/20221101.txt
<https://mta.openssl.org/pipermail/openssl-announce/2022-November/000241.html
<https://www.openssl.org/blog/blog/2022/11/01/email-address-overflows/
If you use OpenSSL 3.x.x, install the new patch ASAP or switch to LibreSSL!
Replies: >>8474
>7176 here it is now Lets Grab Bitchy Terfs by da Queefy Pussy sauce http://archive.4plebs.org/pol/thread/368767547/#368776897
https://zooqle.com/turning-red-2022-webrip-2160p-yts-mx-yopd4.html https://zooqle.com/embrace-the-panda-making-turning-red-2022-webrip-2160p-yts-mx-yow9m.html

>>7263
serious question but if i were to install shotcut/GIMP or KATE on my host should i get the windows exe version or install it on WSL? judging by the files this is truly meant for linux but they somehow manages to contain the virtual packages on install directory

>>7447
nobody? is chrome good enough on linux? have you guys tested it firsthand? i just wanted something fast stable and not necessarily private

>>7324 >>7317
>can stallman be saved
let him rest i think he's hes getting way to old for this. Opensource really needs a young chinese sucessor someone actually competent at the job (not niggerpill but only china can save linux and start over again and middle east for gaming pride)
>bbut chingchong LE BAD!
fuck demACK!racy also we dont have this problem on singapore and other asian countries besides i have never seen a chink programmer mention anything related to politics most of them just gets the job done while whitey argues about ethos all day

>>7332
>easylist
hey wait a minute i remember this drama back then on swfchan related to the ads in the end they peacefully resolved it
>cuckflare loves adverts more than free speech as usual
not surprised at all

>>7387
who could be behind this i wonder oh i know its not the jews but STEM furries

https://www.gamingonlinux.com/2022/10/virtualbox-70-is-out-with-their-directx-11-support-using-dxvk/ eww patronite sponsored
wow holy shit virtualbox 7.0 looks really amazing i bet /v/ is gonna get excited when they see this since most of them dont use wangblows
(though i wish they would add chinese emulator theme on a opensource fork for a realistic appearance i kinda like those for some reason)
>implememnted new DX11 graphics
Good! its finally time to put vmware inclusion to their place since my guests keep ACK!ing itself when i quit 3d programs (though others say its really slow)
>sorry sweetie but DXVK requires troonix install me now Goy!
thats ok Rabbi time to buy another SSD and enclosure i found a brand new samsung nvme for cheap after all my storage is almost full anyway time to test vgpu_unlock while im at it
no worries its time to start over again but with the way of the penguin this time goodbye microshaft it was nice being with you but im migrating in a few more months once i buy it
i wonder what the virtualbox iommu is for though? (lainchan also made a piracy thread check it out https://archive.is/0YawP might be handy)
Replies: >>7505
>>7492
If you want to use GNU/Linux, just install/dual-boot it (I recommend Linux Mint). WSL is not as comfy (and it's still windows) but it's somewhat better than Cygwin.

>is chrome good enough on linux?
There is no reason to use Chrome. Chrome is based on Chromium browser and Chromium is libre software. Just install Chromium. It's the same exact browser but without Goolag's tracking code.
Replies: >>7506
>>7505
>without tracking code
He will need it ungoogled for that.
nvidia_ada_spark.jpg
[Hide] (61.1KB, 500x705)
Seems like Nvidia would rather use Ada/SPARK instead of Rust for their security critical applications.
https://archive.is/tK9VL
https://archive.is/SmcB6
Replies: >>7531 >>7537
>>7530
Just looked up Ada, it seems Rust is Ada reinvented. What is the point of Rust if Adafags figured it out four decades ago?
Replies: >>7535 >>7921
>>7531
>What is the point of Rust
Maybe because Mozilla sunk so much resources into it, they can't just admit that something better has existed all this time and pull the plug. The upside of Rust is currently there is enough momentum behind it to make a lot of soydevs with a lot of free time in their hands to drink the Rust kool-aid, help "contribute" to all-things-Rust, and release them for free. I guess it also made the people at AdaCore got out of their comfy office chairs and started promoting their products more, whereas previously they seemed like they felt pretty good with the status quo as long as the DoD money keeps on flowing. A bit of competition is always nice.
Replies: >>7536 >>7537
>>7535
There are all sorts of tools and companies that got complacent just because they grinded for compliance. Partly that is caused by how slow and expensive getting it. In many cases, the whole company sole purpose is to beat others to be compliant and monopolize the market with their shit.
>>7530
>>7535
>I guess it also made the people at AdaCore got out of their comfy office chairs and started promoting their products more
IIRC, Rust is responsible for inventing solutions to some problems that dogged Ada for decades, which were subsequently incorporated into Ada. Until recently, Ada was significantly slower than unsafe compiled languages like C or Pascal.

Regarding SPARK specifically, rather than Ada in general, remember it's taking on the even more ambitious goal of formal verification through design by contract.
Replies: >>7548
>>7537
>Rust is responsible for inventing solutions to some problems that dogged Ada for decades
That's new to me. What I heard was the opposite: Adacore was contracted to implement more advanced SPARK features that are missing in Rust.
>>1691
>>5338
>>7072
>>7074
>>7315
>Rust in the Linux Kernel
Rust in the 6.2 kernel
>The merge window for the 6.1 release brought in basic support for writing kernel code in Rust — with an emphasis on "basic". It is possible to create a "hello world" module for 6.1, but not much can be done beyond that.
>There is, however, a lot more Rust code for the kernel out there; it's just waiting for its turn to be reviewed and merged into the mainline.
https://lwn.net/SubscriberLink/914458/a6d5816bad1890e4/


You can fix this problem at https://www.openbsd.org
 http://ports.su ; https://openbsd.app ; https://openports.pl ; #openbsd @ Libera 
Replies: >>7713 >>7746 >>7918
>>7712
I'll just stick to 5.x thank you very much.
>openbsd
Stop shilling this meme. The BSDs have only a fraction of the applications and drivers for Linux, and those were already scarce to begin with.
Replies: >>7715 >>7717
>>7713
I have used Openbsd for a while and the port has most program I need. Do you install programs you have never used every week as a habit?
>>7713
Most of what you will ever needs is in ports, and generally speaking only Wi-Fi drivers are missing due to licensing issues, like the ath10k driver (which is proprietary).
>>7083
You get what you deserve, faggot. My shit works because I do research before buying hardware. :3
>>7712
Rustbros... I consneed
Redacted PDF Documents Are Not as Secure as You Think
>https://www.wired.com/story/redact-pdf-online-privacy/
Replies: >>7762
>>7761
It's not very surprising this was the case. Kind of a shame it was disclosed, though now it is I wonder what kind of secrets people will find.
image.png
[Hide] (1.3MB, 1440x900)
www. nvidia. com /en-us/about-nvidia/careers/diversity-and-inclusion/
I guess that why the RTX 4080 was priced at $1200. Somebody's gotta pay for those diversity hires.
Replies: >>7809
Laughing_Aryan.webm
[Hide] (1.3MB, 640x272, 00:21)
>>7807
>BE AN NVIDIAN
I'm sure everyone has seen ChatGPT by now and it's programming capabilities but what concerns me far more than the "threat" of it "taking jobs" is it's potential applications for ISP level censorship. What transformer driven language models like GPT excel at is text classification. With the current capabilities of GPT3.5 it could easily classify wrongthink :tm: and blacklist it as it's packets traveling down a wire.

The need for a new internet and new infrastructure to support it grows every day.
Replies: >>7827 >>7828
>>7826
Wouldn't encryption stop it from being able to know what you're saying?
Replies: >>7828 >>7835
>>7826
>now
>ISP level censorship
I don't have the screenshot around, but old/tech/fags predicted this. The gist is all closed-source data miners (eg FAGMAN) collect massive amount of data to aggregated into psychological classifications. Understanding implies control. They can simplify however they want to meet computation limits to create models where they can ask if I show X to this group of people, what is their reaction or how does their profile changes. The more information given, the more accurate the model is and the more controlled a person is. Without going into dead internet theory level of autism, they can still target the majority of some forums or psychological groups to deliver the punch they wanted.
>>7827
Yes. Does it matter when all sites pool data into the same several entities which are friends among themselves?
Replies: >>7835
web_of_trust.png
[Hide] (114.6KB, 1920x960)
>>7827
Encryption using something like shared PGP keys could solve the issue but it would require a web of trust model to be applied on the application layer. However it would make posting on a public website like this one effectively useless unless someone else had your PGP keys. This limits the extent of who can see your posts and if the site is public 

Which accomplishes the same goal that GloboHomo :tm: wants to do with internet censorship. The solution is the inevitable creation of distributed and independent nodes of infrastructure on the network level to support a fully open Network.

This is all hypothetical but given the current way things are going I don't see it as too far fetched.

The hype over Stable Diffusion and GPT-3 is a bit ridiculous when it comes to replacing artists / programmers. The real threat is both government and corporate actors using it to develop a fully autonomous and evolving firewall that censors all wrongthink.
>>7828
And with GPT-3 it's easier than ever to create those types of models. In regards to the "dead internet" theory look at sites like cuckchan, Plebbit, or Twitter and about 40-60% of all posts are generated by neural networks.
neco_arc_disaster.webm
[Hide] (1.7MB, 480x480, 00:44)
>>7712
https://gcc.gnu.org/git/?p=gcc.git&a=search&h=HEAD&st=commit&s=gccrs
Did niggerpill finally kill himself?
Years ago he'd spamming this news all over the place.
Replies: >>7919
crab.png
[Hide] (69.2KB, 1000x500)
>>7918
UwU I found tasty compiler
snibbety snab xD
ada.jpg
[Hide] (29KB, 623x480)
>>7531
>it seems Rust is Ada reinvented. What is the point of Rust if Adafags figured it out four decades ago?
The point of Rust is to be a high performance functional programming language without a garbage collector.

The point of Ada is to be a low level systems programming language focused on safety and security.

The Rust community likes to larp at the safety and security stuff but that is mostly a side effect not an actual priority in the design and development of the language.

The problem with Ada is that it's not cool. It doesn't have closures and metaprogramming and ad hoc polymorphism. Ada is for writing navigation systems for nuclear missiles, not dicking around with useless abstractions to pretend you're clever.
Replies: >>7922 >>7931
>>7921
Rust's security is a meme; it consists of nothing other than a wrapper, something that can be done with C as well. Rust's stdl is just as insecure as C.
Rust is a meme language. It's just a useless fad.
>>7921
What would it take for Ada to become cool in the eyes of mainstream soydevs?
Nintendo putting it in the SDK of the Switcheroo?
Replies: >>7936
>>7931
They need to direct sjw tranfags to start shilling it everywhere and guilt cuck all major open source projects. Then put in a memo for ((( academia ))) to peach it as the only cool shit around.
ClipboardImage.png
[Hide] (33.5KB, 402x198)
SDL3 Development Now Underway
>As noted a few days back, with SDL 2.26 now being released, SDL3 is officially entering development. SDL 3.0 will likely see Wayland preferred over the X.Org Server by default, PipeWire by default, and other modernization work and cleaning up of APIs. There is also likely work around better ANGLE support, video input APIs, async file I/O, and various other features.
>Since the SDL 2.26 release, already being merged is starting to change all of the "SDL 2" references over to "SDL 3" for what will be this next eventual major release to this widely-used library by Steam games and other cross-platform titles.
https://www.phoronix.com/news/SDL-2.26-Released

What do you think are the implications of a new version? I'm guessing support for Windows XP/7 will be dropped for starters, no idea about Linux though.
I know this is old news by now but I still wanted to post it for the sake of discussion
Replies: >>8002 >>8005 >>8007
>>7998
Wayland and pipewire shit. I don't even have them installed.
Replies: >>8007 >>8010 >>8020
dragon_paintings.jpg
[Hide] (222.1KB, 700x974)
>>7998
Kek, I'm still on SDL 1. But I also don't use GPU or even run X most of the time, and Wayland, Pipenigger, Steam, etc. isn't something I need either. I guess this stuff will all be forced onto the plebs, but that doesn't concern me.
Replies: >>8007 >>8013
>>7998
>What do you think are the implications of a new version?
It may endanger unmaintained SDL2 projects, though there was an SDL1->2 compatibility layer created eventually so hopefully the same will happen for SDL2->3.
>>8002
>>8005
The suggestion is Wayland & Pipewire will be the defaults, but not required (this is often the case in programs with Pulse support, many of which can also use ALSA). On a side note Pipewire has the potential to be an objective improvement in every way over the previous Linux audio stacks, unifying ALSA, Pulse & JACK support under one umbrella.
>>8007
>will be the defaults, but not required
This is fine until Firefox stopped supporting alsa. Audio is best when there are less layers. Quality can only get worse from the source. alsa handles everything except switching audio device during use.
Replies: >>8013
>>8002
>>8007
>Pipewire has the potential to be an objective improvement in every way over the previous Linux audio stacks
On my end it's objectively superior to PoetteringAudio as that would sometimes make these really annoying Tinnitus noises when closing an application while audio was still playing, PW doesn't do that and I've yet to run into an application with a PA dependency that has any trouble routing its audio through PW instead.
Replies: >>8013
>>8005
Are you the fbdev faggot? If yes, SDL2 supports DirectFB so maybe try that. Dunno if it's enabled by default though... I've used both SDL versions and 2.x is a massive improvement over 1.x.

>>8007
>though there was an SDL1->2 compatibility layer
The SDL1 API is quite small[1] I could write a wrapper for it in a day, the SDL2 API on the other hand is much larger[2] so a wrapper may be difficult to come by.
That being said SDL2 is extremely popular, I reckon it will still be in use a decade or two from now. Deprecating it in favor of SDL3 might take a long time.
[1] https://www.libsdl.org/release/SDL-1.2.15/docs/html/reference.html
[2] https://wiki.libsdl.org/SDL2/CategoryAPI

>>8008
>alsa handles everything except switching audio device during use.
That's an important feature, palindrome-anon. While I personally prefer ALSA for development reasons, I find it unusable on a modern desktop without PA. Thankfully alsa-plugins-pulseaudio exists so ALSA-only applications work great under PA.
>Quality can only get worse from the source.
Not necessarily.

>>8010
>I've yet to run into an application with a PA dependency that has any trouble routing its audio through PW instead.
Does PW play nice with WINE?
Replies: >>8017 >>8020
>>8013
>Does PW play nice with WINE?
It werks on my machine.
>>8002
>>8007
>>8013
>Wayland
>framebuffer
Note the fullscreen backend for Wayland, DRM/KMS, has a drop-in replacement for fbdev that is lighter weight and less hacky, SimpleDRM.
2022 Medley Interlisp Annual Report
>https://interlisp.org/news/2022medleyannualreport/
<Interlisp is a software development environment, originating from Xerox PARC in the 1970s and 1980s.
<There has been a lot of cleanup and adaptation to make it usable again in the modern world. Among other developments, you can now run Medley Interlisp on many OS and hardware configurations, or at https://online.interlisp.org in the cloud, using a web browser.

GCL 2.6.13 released
>https://www.gnu.org/software/gcl/RELEASE-2.6.13.html
P.S. just use SBCL.

Why does GNU have so many lisps?
<GCL, Clisp, Guile, elisp and Mes ("plus" the nonGNU Txr).

Haiku R1/beta4 has been released!
>https://www.haiku-os.org/get-haiku/r1beta4/release-notes/
Replies: >>8034 >>8045
>>8025
>beta4
>"feature complete"
>still no hw gpu accel
>in spite of far more rinkydink modernized descendants of everything from amigaos, to os/2, to freaking riscos, all having it.
>not to mention beos r4 itself
Sigh, at least they exhumed discussion of the problem last week:
https://dev.haiku-os.org/ticket/9919
Replies: >>8037
>>8034
Cut them some slack, their staff is limited yet working on a complete OS. This is no trivial task.
Replies: >>8043
>>8037
I know, but out of every BeOS feature I've been waiting for them to reimplement over the years to make it even vaguely usable, that's by far the most important. 2nd most important was maintaining at least one active non-x86 port, to keep platform-isms from creeping into the codebase, which the recent RISC-V port does.

One good thing is even after OpenGL & GPU drivers broke, use & development of BeOS's underlying "Accelerant" hooks was maintained throughout the OS and new Haiku apps. So in theory, once it's linked back to hardware through working APIs (Vulkan/SPIR-V or whatever), everything should Just Werk™ again.
Replies: >>8045
>>8025
Haiku developement speeding up makes me happy.
>>8043
Me too. Since it's supposed to be a "desktop operating system for end users", I think having GPU drivers is especially important.
Lastpass: Hackers stole customer vault data in cloud storage breach
Install  keepassxc or Keepass
<https://www.bleepingcomputer.com/news/security/lastpass-hackers-stole-customer-vault-data-in-cloud-storage-breach/
Replies: >>8073 >>8074
>>8072
>using a jewniggersoft password manager (TM)
why are zoomers just like boomers but actually suck cock instead of being closet homos at worst? they have this undue sense of confidence in their government and corporations. 
>nooooo Xcorp will solve it for me!
Replies: >>8076 >>8077
>>8072
>"Your sensitive vault data, such as usernames and passwords, secure notes, attachments, and form-fill fields, remain safely encrypted based on LastPass' Zero Knowledge architecture."
why is it called "zero knowledge" when it has not only nothing to do with zero knowledge proofs, but also they DO have knowledge of everything about you including billing address, IP address, and needlessly store that info? its amazing that they even have billing address information when this is a company that will literally ship nothing to you ever
t. not an american faggot but i assume its credit card related braindamage
Replies: >>8077
suomi3.jpg
[Hide] (3.6MB, 3000x4000)
>>8073
Everyone knows that boomers just write down their passwords and/or use shitty ones.
But the best thing is if you don't have to care at all if something gets hacked.
Replies: >>8077
>>8073
>actually suck cock instead of being closet homos at worst
>>8075
>why is it called "zero knowledge
Because assuming they tell the truth about their closed-source architecture LastPass has zero knowledge of the cleartext encrypted on its servers nor private keys for that, which is entirely client-side: 
<According to Toubba, the master password is never known to LastPass, it is not stored on Lastpass' systems, and LastPass does not maintain it.
Essentially, aside from unencrypted URL logs that could present a privacy problem, what leaked is just meatspace stuff from accounts billable.
>its amazing that they even have billing address information when this is a company that will literally ship nothing to you ever
>t. not an american faggot but i assume its credit card related braindamage
Yes, many payment instruments in countries such as the US require it as an anti-theft measure:
https://en.wikipedia.org/wiki/Address_verification_service

>>8076
>and/or use shitty ones
This is the actual problem, nobody should use human-generated passwords for anything where security is supposed to matter.
to the surprise of absolutely no one, google smartshit with built in mic can be remotely pwned
https://downrightnifty.me/blog/2022/12/26/hacking-google-home.html
tl;dr a bunch of web shit is broken as expected of web shit, boring.
Replies: >>8084
>>8083
Archived link https://archive.vn/ancyO
Replies: >>8085
>>8084
do it properly stupid nigger, otherwise thats just a shortlink
http://archive.today/2022.12.29-025601/https://downrightnifty.me/blog/2022/12/26/hacking-google-home.html
Replies: >>8088 >>8089
>>8085
This is something that I have never, ever seen get bitched about on any one of the imageboards I use. Its just you.
>>8085
I remember there was another way to do that, so the full URL is appended after the shortener ID, allowing you to more easily copy just the shortened URL if you want.
SourceHut will blacklist the Go module mirror
>most Go users are unaware that every package they fetch is accompanied by a request to Google’s servers
>More importantly for SourceHut, Google's servers will regularly fetch Go packages from their source repository to check for updates – independent of any user requests, such as running go get. 
>The frequency of these requests can be as high as ~2,500 per hour, often batched with up to a dozen clones at once, and are generally highly redundant: a single git repository can be fetched over 100 times per hour.
https://sourcehut.org/blog/2023-01-09-gomodulemirror/

Go wiggers fucking things up again!
Replies: >>8187 >>8193 >>8497
>>8183
I've been interested in learning Go, especially since hearing about how it creates static binaries by design (huge win for linux)... Is there any non-pozzed way of using it?
Replies: >>8191 >>8198
>>8187
Go and other nu-langs wants to dictate how the language is used, they have their own toolchain and are not designed to work without.
Replies: >>8196
>>8183
>most Go users are unaware that every package they fetch is accompanied by a request to Google’s servers
Man, that's disgusting. Reminded me of the problem Rust had (still has?) where binaries would have the full home directory path baked into them which would semi-dox whoever distributed them. https://teddit.net/r/rust/comments/vsotar/privacycompiletime_building_rustcargo_projects/
Replies: >>8194 >>8198
>>8193
https://www.bleepingcomputer.com/news/security/most-loved-programming-language-rust-sparks-privacy-concerns/
Replies: >>8198
>>8191
>their own toolchain
That's not so bad, nor even very truly different. More worrying is the trend for nulangs to gave their own package manager (typically CENTRALIZED unmirrored) repo that demands a direct live Internet connection in order to do something as simple as build a binary.
Replies: >>8198
>>8187
I have been wondering about the same thing. gcc-go is perfectly usable but it's not still the same as Google's Go toolchain (but I can't remember what it's lacking (?), other than the fact that gcc-go uses older version of the language, Go: golang-1.19.5, GCC11: golang-1.16.3). 

Go is a weird/a bit disappointing language. When I was looking at it last year (after generics got added), Go initially looked really good but then there are some corner cases (etc.) that aren't taken into account.
Basically Go has 80% solutions for everything. It comes close to being good, but then it fails imo.
http://www.golang.sucks
https://archive.fo/LcAa4 (kek: "Go is the COVID-19 of languages")
https://fasterthanli.me/articles/i-want-off-mr-golangs-wild-ride (Read this esp. if you care about Windoze compatibility)
https://jesseduffield.com/Gos-Shortcomings-1/ ("Go'ing Insane Part One: Endless Error Handling")
https://yager.io/programming/go.html (read this if you want more, the author compares Go to Rust & Haskell)

>Go-nuts shut down discussion and criticism by saying "you don't need it!" or "it's not the Go way!!". Just like they did with generics (before adding them years later).
>Some of syntax is just changed to be different from C (because of no reason other than to be different).
>Go doesn't have function overloading, forcing you to write multiple methods with a slightly different name/suffix for different data types.
>Package management (go get) sucks (it's Python-tier). Why? Even Perl/CPAN got it right.

<https://developer20.com/hate-go/ written by a ((( Gopher )))
< "Stacktraces are possible, but they have to be handrolled in the error handling."
< "I’ve done myself two benchmarks when comparing Go to Java. In one of those tests, Java was about 10% faster because the JIT did so great work. Of course, the cold start was bigger but after some requests, the Java app was faster than the same written in Go."
WTF!?

The coolest thing about Go (in addition to static linking) are ez goroutines: https://go.dev/tour/concurrency/1 & https://learn.microsoft.com/en-us/training/modules/go-concurrency/ & https://go.dev/blog/codelab-share & https://gobyexample.com/goroutines

>>8193
>>8194
1 more reason why I'm not touching Rust. I never get why Rust is hyped so much by its users. I mean, the language is so complex that I might learn C++ instead (and the unsafe blocks in Rust kinda voids one of the main benefits of Rust. And muh no race conditions is simply a lie, but I admit that they are less likely in Rust.).

>>8196
this, and also package managers that don't check any sha256 checksums or PGP keys.
Replies: >>8204 >>8208
Riker_and_Data_discuss_time._[hTlVc_hKi2M].webm
[Hide] (1.7MB, 640x480, 01:53)
>>8198
>JIT
>the cold start
I haven't been paying much attention to mainstream "best practices" in runtimes lately. Do the default settings of the latest OpenJDK, Android Dalvik, JS engines in modern web browsers, etc., have and use a mechanism for caching (or, gasp, preloading) codepaths, like most modern vidya emulators?

Or is everything still in the "wait for the VM to warm up every single time you load your JAR" caveman days?
Replies: >>8209 >>8219
>>8198
>I never get why Rust is hyped so much by its users.
It's hyped by the people at the foundation that survive solely on donation/investment money. The same reason why they're giving all sorts of lame excuses on not writing a standard, and why they're fuming at gcc-rust.
>>8204
>clip
Any chance you could repost this with the sound working Anon? I'd like to hear the conversation tbh.
Replies: >>8210
Riker_and_Data_discuss_time._[hTlVc_hKi2M].webm
[Hide] (3.4MB, 640x480, 01:53)
>>8209
Bleh, what a 'tard, I blithely forgot 244 isn't a muxed format.
Replies: >>8211 >>8662
>>8210
Heh, no worries Anon. Thanks, it's interesting.
>Did Data make his shift on time?
>Did a new fundamental theorem of SpaceTime come out of his 'watched-pot' experiments?
Enquiring minds want to know.
>>8204
I waited if there was some knowledgeable anon around. I really don't know what I'm talking about but...

>Or is everything still in the "wait for the VM to warm up every single time you load your JAR" caveman days?
Mostly, yes.
But the JVM has GraalVM now (and it's production ready). Without GraalVM, Java/JVM is still really slow to start. Try Clojure+leiningen ( lein repl ) or Emacs: cider-jack-in. It loads slowly and executing the first expression takes more time than any subsequent expressions. I think modern web browsers do some kind of JIT caching but I'm not sure. I heard that they need to verify the JIT cache before they can use it (and based on this comment, I figured that browsers probably do it now or that it's in the works).  LuaJIT is very fast (even the start up).
Replies: >>8220 >>8221
>>8219
At least chromium do jit caching, eg: https://v8.dev/blog/code-caching ( https://archive.ph/nFZSS )
Replies: >>8221
>>8219
>GraalVM
Yeah I vaguely remember that, looks like it's been forked out of mainline support in HotSpot/OpenJDK, but it's still going by itself. At least it didn't go completely into a tangent like, e.g., DynamoRIO.

>>8220
Interesting. I wonder if anyone's working on something for servers to prebuild these caches (ASM or IR/bytecode), tagged for various client ISAs/VMs, so matching clients can request those instead of JS on first load.
Replies: >>8225
>>8221
On that last note, it appears the VM for Google's semi-moribund Dart language sorta has such a feature, called snapshots, in reference to a similar feature from Smalltalk, which can be used to distribute preoptimized dynarec output to other machines.
Fish shell to be rewritten in Rust
>https://github.com/fish-shell/fish-shell/pull/9512
<"I think we should transition to Rust and aim to have it done by the next major release"
>https://github.com/ridiculousfish/fish-shell/blob/riir/doc_internal/fish-riir-plan.md
>https://github.com/ridiculousfish/fish-shell/blob/riir/doc_internal/rust-devel.md
I never liked Fish, anyway. Just use Zsh or OpenBSD's fork of ksh.
Also, remember that Rust programs leak full path of your source code files: https://github.com/rust-lang/rust/issues/40374

Google Play Developer Antitrust Litigation
>https://www.googleplaydevelopersettlement.com

U.S. sues Google for abusing dominance over online ad market
>https://www.bleepingcomputer.com/news/security/us-sues-google-for-abusing-dominance-over-online-ad-market/

OpenBSD execute-only code segments
>https://undeadly.org/cgi?action=article;sid=20230121125423
>https://marc.info/?l=openbsd-tech&m=167501519712725&w=2

Microsoft: Scan for outdated Office versions respects your privacy
>https://www.bleepingcomputer.com/news/microsoft/microsoft-scan-for-outdated-office-versions-respects-your-privacy/
<"Microsoft says the KB5021751 update is respecting users' privacy while scanning for and identifying the number of customers running Office versions that are outdated or approaching their end of support."

Microsoft starts force upgrading Windows 11 21H2 devices
>https://www.bleepingcomputer.com/news/microsoft/microsoft-starts-force-upgrading-windows-11-21h2-devices/

MSI's (in)Secure Boot
>https://dawidpotocki.com/en/2023/01/13/msi-insecure-boot/

NY attorney general forces spyware vendor to alert victims
>https://www.bleepingcomputer.com/news/security/ny-attorney-general-forces-spyware-vendor-to-alert-victims/

Google ads push ‘virtualized’ malware made for antivirus evasion
>https://www.bleepingcomputer.com/news/security/google-ads-push-virtualized-malware-made-for-antivirus-evasion/

North Korean hackers stole research data in two-month-long breach
>https://www.bleepingcomputer.com/news/security/north-korean-hackers-stole-research-data-in-two-month-long-breach/

U.S. No Fly list shared on a hacking forum, government investigating
>https://www.bleepingcomputer.com/news/security/us-no-fly-list-shared-on-a-hacking-forum-government-investigating/

Yandex denies hack, blames source code leak on former employee
>https://www.bleepingcomputer.com/news/security/yandex-denies-hack-blames-source-code-leak-on-former-employee/

Hackers auction alleged source code for League of Legends
>https://www.bleepingcomputer.com/news/security/hackers-auction-alleged-source-code-for-league-of-legends/
>noooooo rust
its still (slightly) better than C fuckface
>Also, remember that Rust programs leak full path of your source code files: https://github.com/rust-lang/rust/issues/40374
C++tards do this every fucking time, for the last 30 years.
every single shit you open in IDA has the dev's paths all over it
and this is actually true for every language toolchain, they have absolutely zero opsec
Replies: >>8475 >>8498
>>7463
OpenSSL Security Advisory [7th February 2023]
https://www.openssl.org/news/secadv/20230207.txt
>X.400 address type confusion in X.509 GeneralName (CVE-2023-0286)
>Severity: High

There are also other vulnerabilities in the advisory.
>>8467
>better than C
kys rust faggot, not even close. Not having cargo is already a plus.
>this is actually true for every language toolchain
Where is gcc hiding my paths in the binary?
Replies: >>8491
>>8475
>Where is gcc hiding my paths in the binary?
RPATH
Replies: >>8493
>>8491
Not set on my system. gcc doesn't add rpath on its own. The packager or build system is at fault if the build environment is leaked into the executable.
>>8183
Goolag is at it again!
There are plans to add so-called ((( transparent telemetry ))) to Go that is Opt-Out/enabled by default:
>https://research.swtch.com/telemetry
>https://github.com/golang/go/discussions/58409
Replies: >>8500 >>8530 >>8821
>>8467
The ecosystem surrounding a language matters immensely. I don't want the main foundation responsible for the entire language to be infested with trannies and extreme weirdos like Klabnik. I don't want companies like Amazon and Microsoft sticking their fingers into the entire thing and making it theirs. None of this inspires confidence in its longevity, and I can't "separate the art from the artist" when I need the artist in order to look at and understand the art.
Memory safety is very important and C does have problems for most people, but Rust is not the answer. All the effort they poured into an entire fucking language could've been spent making a memory-safe C or tools to make C safe. It could've been done.
Replies: >>8499 >>8501
>>8498
>all the effort they poured
could have been spent hammering well-known memory safety techniques into code monkeys.
>>8497
What could possibly go wrong? Teh fagdroids will swallop this hook, line, and sinker obvs.

Rust will do this as well before long too (if they don't already).
Alex_Stepanov_4x6.jpg
[Hide] (984KB, 1200x1800)
>>8498
>or tools to make C safe. It could've been done.
It has been done Anon. 1998, I think it was? :^)
https://en.cppreference.com/w/cpp/standard_library
http://elementsofprogramming.com/
>>8497
>Golang
Bah! You need a real enterprise programming language!
a GCC Cobol status report
>https://lwn.net/Articles/922951/
>P.S. As a reminder, gcobol is a Cobol compiler based on GCC. It should not be confused with Gnu/COBOL.

Microsoft launches new muh AI chat-powered Bing and Edge browser
>https://www.bleepingcomputer.com/news/microsoft/microsoft-launches-new-ai-chat-powered-bing-and-edge-browser/
I hope this will become Tay2.0

Microsoft says Intel driver bug crashes apps on Windows PCs
>https://www.bleepingcomputer.com/news/microsoft/microsoft-says-intel-driver-bug-crashes-apps-on-windows-pcs/

US NIST unveils winning encryption algorithm for IoT data protection
>https://www.bleepingcomputer.com/news/security/us-nist-unveils-winning-encryption-algorithm-for-iot-data-protection/
But does it glow?

Tor and I2P networks hit by wave of ongoing DDoS attacks
>https://www.bleepingcomputer.com/news/security/tor-and-i2p-networks-hit-by-wave-of-ongoing-ddos-attacks/
<"Java I2P routers still appear to be handling the issues better than i2pd routers. "
ヘー

Also, R*ddit got hacked but the attackers only obtained some internal docs: https://archive.vn/LTrr5
Replies: >>8584 >>8604
>>8530
>I hope this will become Tay2.0
I wouldn't get your hopes up, but yeah that would be full-circle tbh. Poor Tay was lobotomized beyond recall I think. :(

>But does it glow?
Well what do you think Anon?
>>8530
>COBOL
Sheit I think it might be close to 25 years since I last used COBOL.  If I weren't retired, that would deffintely be one to keep on the resume even though I barely remember much of anything about it (as if it isn't dead simple anyway).
"Bypass Paywalls" extension removed from Firefox addon store without explanation
https://gitlab.com/magnolia1234/bypass-paywalls-firefox-clean/-/issues/905
Replies: >>8630 >>8642
cURL audit found some bugs
>https://blog.trailofbits.com/2023/02/14/curl-audit-fuzzing-libcurl-command-line-interface/
fixed in cURL 7.87.0.

>>8629
That sucks. If Mozilla ever comments something they will probably say something like they did it to "protect users".
Replies: >>8654
>>8629
you can just fuck around a bit with uMatrix and get the same results
Replies: >>8646
>>8642
I haven't used mainline furfux in forever, do they still refuse to let you run unsigned extensions?
Replies: >>8661
>>8630
Oh, also
>If Mozilla ever comments something they will probably say something like they did it to "protect users".
Apparently some frog website DMCA'd Mozilla itself, who immediately buckled like a €2 whore.
>>8646
no idea, haven't touched firecucks or any derivitive in years. i run ungoogled chromium like a white man.
>>8210
that's making me nostalgic. Remember watching startrek almost religiously every evening on that 14" CRT as a kid. 
Gotta rewatch it sometime, now that I have rescued a CRT TV from the dumpster and got a vga to scart adapter for it.
The Little Learner 
- A Straight Line to Deep Learning - 
>https://mitpress.mit.edu/9780262546379/the-little-learner/
a new Little * book released.

PSA: Docker Will Edit Host-Based Firewall Rules For You
>https://geoff.tuxpup.com/posts/psa_docker_edits_firewall_rules/ 

Wikiless has been taken down by Codeberg due to complaint from Wikipedia
(this is old news but I found out about this only recently)
>https://archive.vn/CjezM

Google Play Store cracks down on outdated apps
(this is old news as well)
>Google is preparing to limit the availability of outdated apps on the Play Store.
>From November 1st (2022), all existing apps in the store should aim to target an API level within two years of the latest major Android OS release.
>If they don’t, Google says it’ll place limits on which users are able to discover or install them.
> The restrictions will only apply when a device is running a version of Android more recent than the app’s API level. (so this change doesn't affect old devices)
>https://www.theverge.com/2022/4/7/23014518/google-play-store-cracks-down-on-outdated-apps

On history and justification of C programming language: Best System Language Ever or Bad by Design?
( this is old news but I found it interesting )
>https://pastebin.com/raw/UAQaWuWG
I don't know what to think...

Few lesser known tricks, quirks and features of C
>https://blog.joren.ga/less-known-c

MINIX From Scratch
a qemu dev environment for working through the MINIX book (Operating Systems: Design and Implementation by AST).
>https://github.com/o-oconnell/minixfromscratch
>"I believe that learning MINIX is probably the best way to learn about operating systems."
The author listed that the main reasons for this are: MINIX code has a lot of comment, the kernel is a small MicroKernel and there is a full book that explain the details of it.


Also, there's a new Forth talk: https://ratfactor.com/forth/forth_talk_2023.html
t. never read Starting Forth or Thinking Forth (but I should read them).  

>>8497
Update: Go telemetry will be Opt-In??
>"In general, the feedback was mostly constructive, and mostly positive. In the GitHub discussion, there were some unconstructive trolls with no connection to Go who showed up for a while, but they were the exception rather than the rule: most people seemed to be engaging in good faith." -RSC
Am I just being autistic, or is he implying that most people with real concerns were trolls?
>"By far the most common suggestion was to make the system opt-in (default off) instead of opt-out (default on). I have revised the design to do that."
https://research.swtch.com/telemetry-opt-in
Replies: >>8822 >>8829
>>8821
>The restrictions will only apply when a device is running a version of Android more recent than the app’s API level
This looks like a nothingburger. As long as they aren't actually deleting listings just for their age, I see nothing wrong with incentivizing devs to periodically test their code against new OSs.
>>8821
>Wikiless has been taken down by Codeberg due to complaint from Wikipedia
but it's still up?
ICMP Remote Code Execution Vulnerability Found in Windows
>https://nvd.nist.gov/vuln/detail/CVE-2023-23415
>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23415
>https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23415
<Base Score:  9.8 CRITICAL
<Attack complexity: Low
Replies: >>8997
>>8992
I miss when Wangblows bugs would wreak havoc across the internets. Remember how everyone panicked over CodeRed and MyDoom? Now the closest we get is shit like PrintNightmare and Log4J, the latter not even Windows' fault.
fucking_shithub.png
[Hide] (27.3KB, 956x177)
fucking_shithub_2.png
[Hide] (76.5KB, 768x1037)
20_million_devs_get_fucked_at_once.png
[Hide] (371.1KB, 961x1443)
Fucking shithub is going to require 2FA with some authenticator app bullshit for security theater nonsense. Not everyone is a wagie looking for something that doesn't work so he can idle all day and blame it, some NEETs have REAL stuff to get done.

>inb4 don't use shithub
I go wherever the project I contribute to is. I use mailing lists, shithub, gitlab, shitforge, shithub clones self hosted by the project, you name it. Plenty of those projects aren't cancer: OpenWRT, for instance, uses shithub. I can't migrate everyone.

FUCK MICRO$OFT FUCK MICRO$OFT
FUCK MICRO$OFT FUCK MICRO$OFT
FUCK MICRO$OFT FUCK MICRO$OFT
FUCK MICRO$OFT FUCK MICRO$OFT
FUCK MICRO$OFT FUCK MICRO$OFT
FUCK MICRO$OFT FUCK MICRO$OFT
FUCK MICRO$OFT FUCK MICRO$OFT
FUCK MICRO$OFT FUCK MICRO$OFT
Replies: >>9077
>>9075
https://freeotp.github.io/
Replies: >>9078 >>9081
>>9077
I'm not a normalnigger, I don't have a phone, and I refuse to run anything written in Java.
Replies: >>9080
>>9078
https://www.nongnu.org/oath-toolkit/man-oathtool.html
Replies: >>9085
>>9077
MS uses their own 2FA algorithm that requires their Authenticator app. EEE at its finest.
Replies: >>9085
>>9080
How do I use this with Github?

>>9081
Could you elaborate on that?
Replies: >>9086
>>9085
which part? MS has their own 2FA algorithm that only their Authenticator app supports. And you should know what EEE is.
https://en.wikipedia.org/wiki/Embrace,_extend,_and_extinguish
[New Reply]
459 replies | 89 files
Connecting...
Show Post Actions

Actions:

Captcha:

Select the solid/filled icons
- news - rules - faq -
jschan 0.10.2