jaseg , to random
@jaseg@chaos.social avatar

So my just catastrophically self-destructed. I was using arch with the yubikey full-disk encryption package, when the machine hung and crashed during a system update. The machine crashed exactly after the old initramfs files were cleaned up, and before the new ones were written to disk. Since the yubkikey fde thing stores the seed ("challenge") for the luks key in the initramfs, all copies of the seed are gone now, and the data on that disk is unrecoverable.

jaseg OP ,
@jaseg@chaos.social avatar

Update to the update: The creators of the yubikey full disk encryption thing have responded to my bug report with what is essentially a shrug emoji and the line "I hope you had [a backup]".

I don't think that's an appropriate reponse from the maintainers of a critical piece of software like this. I think if you choose to release software like this, you have a responsibility to either make it good or to at the very least warn users that it's bad.

patrickgwalsh , to random
@patrickgwalsh@photog.social avatar

Visitor

housepanther , to random
@housepanther@goblackcat.social avatar

Saturday desktop and laptop updates complete. Now to relax and figure out what to do for the rest of the day. I was thinking it was going to take all day to help my friends move and we knocked it out in - literally - 20 minutes.

mebitek , to random Italian
@mebitek@mastodon.mebitek.com avatar

this is my #introduction

I'm #dark #cinematic #music and #video #producer, #maschine enthusiast, #modularsynth addicted, #software #developer

love the #opensource and I'm #selfhosting all I need in my virtual life. #linux cultist running #arch distros

actaully I'm the manteiner of the #eurorack #westlicht #performer #sequencer custom #firmware

I'm also still fighting for the #independence of my people on my land #sardinia

here my #linktree
https://littlelink.mebitek.com/

chris , (edited ) to random
@chris@mstdn.games avatar

How to quickly check if your system may be affected by the recent XZ utils backdoor.

Update: (thx @scy) I've been advised not to run "xz --version" because the full extend of this backdoor is still being researched. Instead use your package manager to check the version, i.e. for apt that would be:

apt list liblzma5

very bad: versions 5.6.0 or 5.6.1

5.4.6. or earlier - probably ok, no one knows for sure right now, keep an eye out for updates

MsDropbear425 ,
@MsDropbear425@infosec.exchange avatar

@chris Hi. Fwiw, whist using the xz --version string will suffice for many distros, it's inadequate for based ones, as here the important detail is revealed by the 4th significant figure, whereas version only reports the first 3.

Eg:

$> xz --version<br></br>xz (XZ Utils) 5.6.1<br></br>liblzma 5.6.1<br></br>

vs

$> pacman -Qi xz<br></br>Name            : xz<br></br>Version         : 5.6.1-2<br></br>Description     : Library and command line tools for XZ and LZMA compressed files<br></br>Architecture    : x86_64<br></br>URL             : https://xz.tukaani.org/xz-utils/<br></br>Licenses        : GPL  LGPL  custom<br></br>Groups          : None<br></br>Provides        : liblzma.so=5-64<br></br>Depends On      : sh<br></br>Optional Deps   : None<br></br>Required By     : base  bind  botan  botan2  clonezilla  ffmpeg  ffmpeg4.4  file  gdb  gimp<br></br>                  graphicsmagick  grub  imagemagick  imlib2  karchive  kmod  libakonadi  libarchive<br></br>                  libelf  libtiff  libunwind  libxml2  libxmlb  libxslt  ostree  raptor  systemd<br></br>                  systemd-libs  ventoy-bin  wxwidgets-common  yelp  zstd<br></br>Optional For    : mkinitcpio  python<br></br>Conflicts With  : None<br></br>Replaces        : None<br></br>Installed Size  : 2.46 MiB<br></br>Packager        : Frederik Schwan <freswa@archlinux.org><br></br>Build Date      : Fri 29 Mar 2024 08:06:56 AEDT<br></br>Install Date    : Sat 30 Mar 2024 08:39:22 AEDT<br></br>Install Reason  : Installed as a dependency for another package<br></br>Install Script  : No<br></br>Validated By    : SHA-256 Sum  Signature<br></br>

Per the latest Arch News, the newly pushed out -2 is the safe one, after updating from -1.

itsfoss , to random
@itsfoss@mastodon.social avatar

Oh, well 🤐

#arch #linux

(Constructively) What is your least favorite distro & why?

I’ve been distrohopping for a while now, and eventually I landed on Arch. Part of the reason I have stuck with it is I think I had a balanced introduction, since I was exposed to both praise and criticism. We often discuss our favorite distros, but I think it’s equally important to talk about the ones that didn’t quite hit...

yianiris , to Linux in (Constructively) What is your least favorite distro & why?
@yianiris@kafeneio.social avatar

I assume that Manj follows and doesn't improvise on sys dependencies. Definitely not poor.

Arch-archives by date, means you can build a system exactly as it was fully upgraded on a specific date, and the system works just like it used to.

Other systems that may carry 3 versions of the same library because different sw use different versions are the ones with the problem. Except for redundancy and space the system is not very coherent..

@Shamot @gianni

  • All
  • Subscribed
  • Moderated
  • Favorites
  • random
  • test
  • worldmews
  • mews
  • All magazines
    •