> On 5/30/24 14:25, Rich Pieri wrote:
>> They were adamant that there was something wrong with their
>> device, but we finally convinced them to replace the cable.
>
> Yes, I have on occasion connected drives using a converter to connect
> old USB to USB-C, that doesn't make a tight connection, an
On Fri, 31 May 2024 07:54:39 -0400
ma...@mohawksoft.com wrote:
> I have some really really nice looking thick and heavy duty cables,
> yet crap. You can never know. Like I said in an earlier post, some
> cables are basically designed for power.
There even are some which are power only, no data. T
> I've been playing with commercial VMs the last few days. First playing
> with Digital Ocean, then playing with Linode.
>
> I like Linode better.
>
> First, their "Debian 12" seems closer to the real Debian 12 than is
> Digital Ocean's. Also, though Linode's cheapest VM ($5/month) is a
> little mo
> On Fri, 31 May 2024 07:54:39 -0400
> ma...@mohawksoft.com wrote:
>
>> I have some really really nice looking thick and heavy duty cables,
>> yet crap. You can never know. Like I said in an earlier post, some
>> cables are basically designed for power.
>
> There even are some which are power only,
On 5/31/24 06:37, ma...@mohawksoft.com wrote:
The xz thing is totally different. That was a masterful bit of espionage.
It was two years in the making, and if we don't think this is elsewhere as
well, unrelated to systemd, then I'm sure we are kidding ourselves.
The xz thing was, indeed, master
On Fri, 31 May 2024 08:50:02 -0700
Kent Borg wrote:
> But how in the hell could a compromise of xz put a backdoor into
> sshd‽‽ Because systemd patches sshd…because systemd.
It didn't. There is no vulnerability in OpenSSH.
There is no vulnerability in OpenSSH patched to work with systemd's
logg
On 5/31/24 09:44, Rich Pieri wrote:
OpenSSH is the vector used to invoke the back door embedded in xz. I'm
oversimplifying things, because the "simple" description is anything
but simple:
Sounds like I painted my brush a bit broad in blaming stupid systemd
when I should blame distributions for
On Wed, May 22, 2024 at 11:09:10AM -0700, Kent Borg wrote:
> On 3/5/24 09:55, Kent Borg wrote:
> > This dialog has three options:
> >
> > - Forget password immediately
> >
> > - Remember password until you logout
> >
> > - Remember forever
> >
> > The until logout is the default choice. Anyone
On 5/31/24 10:07, Kent Borg wrote:
I'm also pissed at Debian for
…thinking I shouldn't have simple text log files anymore, instead
wanting me to use some complicated database something something to
diagnose system problems. (Problems that might break their complex
logging and log viewing cod
On Fri, May 31, 2024 at 01:30:16PM -0400, Derek Martin wrote:
> seahorse (Gnome's answer to ssh-agent) has some subtlely different and
* subtly :(
--
Derek D. Martinhttp://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02
-=-=-=-=-
This message is posted from an invalid address. Replying to it w
On Fri, 31 May 2024 10:07:29 -0700
Kent Borg wrote:
> The point remains that the code OpenSSH people reviewed, merged,
> tested, and published was *not* vulnerable. But as part of using
> systemd, others patched sshd to add a new dependency, adding a
> backdoor, and the resulting code almost hit
> On Fri, 31 May 2024 10:07:29 -0700
> Kent Borg wrote:
...
...
...
>
> If you're going to lay blame on anyone, blame it on all of us who put
> our mission critical applications on libraries maintained by lone
> individuals in their spare time. Because this is the real reason, the
> real root caus
On 5/31/24 14:31, Rich Pieri wrote:
It was very cleverly, and very insidiously, concealed in a test harness
used by automated build systems to validate the builds, in tarballs you
probably would not have used, and even then it was triggered only under
very specific conditions.
Jeeze. Sounds to
On Fri, 31 May 2024 15:23:34 -0700
Kent Borg wrote:
> Jeeze. Sounds to me like an argument for stuff being too complex is a
> bad idea.
I'm saying that you should examine Thomas Roccia's diagram carefully,
because the attack had nothing to do with the complexity of systemd or
xz or anything els
14 matches
Mail list logo
