Fedora 41, Fedora Rawhide, Debian Sid are the currently known affected ones AFAIK.
Laser
joined 2 years ago
Debian is not really the problem, but rather the target, just read the original announcement at https://www.openwall.com/lists/oss-security/2024/03/29/4:
== Affected Systems ==
Running as part of a debian or RPM package build:
if test -f "$srcdir/debian/rules" || test "x$RPM_ARCH" = "xx86_64";then
...
openssh does not directly use liblzma. However debian and several other
distributions patch openssh to support systemd notification, and libsystemd
does depend on lzma.
Initially starting sshd outside of systemd did not show the slowdown, despite
the backdoor briefly getting invoked. This appears to be part of some
countermeasures to make analysis harder.
Observed requirements for the exploit:
a) TERM environment variable is not set
b) argv[0] needs to be /usr/sbin/sshd
c) LD_DEBUG, LD_PROFILE are not set
d) LANG needs to be set
e) Some debugging environments, like rr, appear to be detected. Plain gdb
appears to be detected in some situations, but not others
So if you were using Arch, you were unaffected by this vulnerability because
- the script wouldn't trigger because it uses neither DEB nor RPM packages
- even if it had triggered, the backdoor only gets activated when the calling binary is
/usr/sbin/sshdwhich doesn't happen in Arch because they don't patch OpenSSH to support systemd (which in turn pulls in xz).
This doesn't mean that Arch saved you because it's super secure or anything, but this was a supply chain attack that hit Arch (and Debian Sid, where the backdoor was actually caught because ssh logins took so long…), but it didn't trigger because it wasn't targeted.
Meaning there's no immediate need to be concerned, but you should update ASAP even though the Arch package probably doesn't contain backdoored artifacts.
Definitely not
The fact that I can't seem to find traces of this game online makes me think that maybe my memory is wrong? But also hard to find information from back when the internet wasn't flooded with stuff
I had a provider before that blocked tethering and hotspot, the solution there was also to increase TTL on the clients connecting to the phone by 1. The phone would lower it by 1 again, making it look like data originated from there.
Unreal Tournament 2k4 on one of the earlier Ubuntus, back when ShipIt was still a thing. Most have been around 2005 or 2006, as I used it in my mom's flat which I moved out of in 2006.
I also played some games on an old version of Suse Linux back in 2001 or so? Maybe earlier? There was this game where you had to manage public transport in a city. Looked for that game recently but nothing came up. Also Kartoffelknülch back then. I tried to get some distributions running (like Mandrake) but only Suse somewhat worked. Being 14 and English not being your mother tongue doesn't help with documentation when nobody in your family knows stuff about computers.
Spaßfakt für die neuen Bogennutzer: früher hatte Bogen eine zentrale Konfigurationsdatei unter /etc/rc.conf, in der alle Pflichtoptionen gesetzt wurden, also Rechnername, Dienste, Zeitzone, Module und was auch immer. Mit der Umstellung auf systemd entfiel das dann aber.
Nein! Erwachsene müssen Erwachsenensachen machen! Was hier akzeptabel ist, entscheide ich! Auto als Hobby - sehr gut! In der Kneipe anhängen - sehr reif! Lego bauen - NEIN!
Das Buch wurde doch immer mit "jaja, da gibt es die Hardliner, aber die haben kein politisches Gewicht" abgetan. Genauso wie die Militärparaden, die die Gesellschaft militarisiert haben - "das ist da drüben eben so, die haben ja nichts anderes". Auf Reddit würde schon vor Jahren immer wieder auf das Werk hingewiesen. Aber die Eliten haben die Augen verschlossen und im Gegenteil das ganze noch finanziert. Schröder ist keine Ausnahme in der SPD, sondern ein Symptom.
The benefit of selling consoles is not making money from the sale, but having a large install base that will give you leverage over developers.
I agree that the money is in software, no doubt about that. The fact that Sony doesn't want Game Pass is simply that it would weaken their position: people just using Game Pass have no need to buy the games where Sony would be taking the cut. The Steam Deck on the other hand doesn't really compete with the others, Valve to my knowledge is making money on every device sold (though this seemed close for the 64 GB model), sure it broadens their Steam base but I don't think it made a huge impact. Noticable yes.
There's another issue with Game Pass. As a publisher, Game Pass is kind of a looking threat to your early sales. People might be waiting out before buying in case it becomes free later.
Lastly, I don't think Microsoft is completely honest about Game Pass profitability. Subscription fees might cover the licensing costs, yes. But on the other hand, Microsoft paid $7.5 billion for Bethesda, and all their games came to Game Pass immediately, meaning the direct sales of these games won't cover the investment. So if they were honest, they'd put that expense partially against Game Pass.
To combine these last two points, it's said that Microsoft bought Bethesda also to prevent them from publishing for PlayStation 5 exclusively. I'd guess Game Pass played a role there - but obviously this is all speculation.
It won't happen.
Game Pass is subsidized to sell consoles. The fact that it also covers Windows is more of a byproduct. But Microsoft won't subsidize other platforms, you won't see Game Pass on PlayStation either. And Microsoft doesn't care about the PC, they care about you using Microsoft products.
I mean I get it. It's a business. I just wish Microsoft works stop saying "PC" when they mean "Microsoft Windows".
Dachte, das sei dort Einstellungsvoraussetzung?