Atemu

joined 5 years ago
MODERATOR OF
btrfs
kagi
sorted by: new top controversial old
what does everyone think about piped bot and other bots in c/asklemmy@lemmy.ml
[–] Atemu@lemmy.ml 1 points 1 year ago

This would better be done in the front-end rather than a comment bot.

How the xz backdoor highlights a major flaw in Nix | Shade's Blog in c/nix@programming.dev
[–] Atemu@lemmy.ml 1 points 1 year ago

Those packages themselves depend on xz. Pretty much all of them.

What you're suggesting would only make the xz executable not be backdoored anymore but any other application using liblzma would still be as vulnerable as before. That's actually the only currently known attack vector; inject malicious code into SSHD via liblzma.

Kagi Search Changelog April 10th, 2024 - Introducing Kagi's new design in c/kagi@lemmy.ml
[–] Atemu@lemmy.ml 7 points 1 year ago (5 children)

The settings layout is a big step up but I'm not such a great fan of the theme changes. The new "Royal Blue" theme has lost quite a bit of contrast.

How the xz backdoor highlights a major flaw in Nix | Shade's Blog in c/nix@programming.dev
[–] Atemu@lemmy.ml 1 points 1 year ago (2 children)

That works for leaf packages but not for core node packages. Every package depends on xz in some way; it's in the stdenv aswell as bootstrap.

How the xz backdoor highlights a major flaw in Nix | Shade's Blog in c/nix@programming.dev
[–] Atemu@lemmy.ml 2 points 1 year ago* (last edited 1 year ago)

That's a nice idea in theory but not possible in practice as the last Nixpkgs revision without a tainted version of xz is many months old. You'd trade one CVE for dozens of others.

How the xz backdoor highlights a major flaw in Nix in c/linux@lemmy.ml
[–] Atemu@lemmy.ml 24 points 1 year ago

This blog post misses entirely that this has nothing to do with the unstable channel. It just happened to only affect unstable this time because it gets updates first. If we had found out about the xz backdoor two months later (totally possible; we were really lucky this time), this would have affected a stable channel in exactly the same way. (It'd be slightly worse actually because that'd be a potentially breaking change too but I digress.)

I see two way to "fix" this:

  • Throw a shitton of money at builders. I could see this getting staging-next rebuild times down to just 1-2 days which I'd say is almost acceptable. This could even be a temporary thing to reduce cost; quickly renting an extremely large on-demand fleet from some cloud provider for a day whenever a critical world rebuild needs to be done which shouldn't be too often.
  • Implement pure grafting for important security patches through a second overlay-like mechanism.
How the xz backdoor highlights a major flaw in Nix in c/linux@lemmy.ml
[–] Atemu@lemmy.ml 12 points 1 year ago* (last edited 1 year ago)

It was not vulnerable to this particular attack because the attack didn't specifically target Nixpkgs. It could have very well done so if they had wanted to.

How the xz backdoor highlights a major flaw in Nix in c/linux@lemmy.ml
[–] Atemu@lemmy.ml 7 points 1 year ago

This has nothing to do with "unstable" or the specific channel. It could have happened on the stable channel too; depending on the timing.

How the xz backdoor highlights a major flaw in Nix in c/linux@lemmy.ml
[–] Atemu@lemmy.ml 5 points 1 year ago

AFAIK, affected versions never made it to stable as there was no reason to backport it.

How the xz backdoor highlights a major flaw in Nix in c/linux@lemmy.ml
[–] Atemu@lemmy.ml 8 points 1 year ago

xz is necessarily in the stdenv. Patching it means rebuilding the world, no matter what you optimise.

How the xz backdoor highlights a major flaw in Nix in c/linux@lemmy.ml
Thinking of switching to NixOS, but I'm not sure about a few things in c/nix@programming.dev
[–] Atemu@lemmy.ml 1 points 1 year ago

That's not what flakes are important for at all.

Though unless you already know what flakes could do for you, I agree, you don't need to even think about flakes. They only concern one specific aspect of Nix and aren't even the only solution to that problem.

1
Btrfs progs release 6.3.2 (lore.kernel.org)
submitted 2 years ago* (last edited 2 years ago) by Atemu@lemmy.ml to c/btrfs@lemmy.ml
0 comments fedilink
 

Changelog:

  • build: fix mkfs on big endian hosts
  • mkfs: don't print changed defaults notice with --quiet
  • scrub: fix wrong stats of processed bytes in background and foreground mode
  • convert: actually create free-space-tree instead of v1 space cache
  • print-tree: recognize and print CHANGING_FSID_V2 flag (for the metadata_uuid change in progress)
  • other:
    • documentation updates
9
How to debug broken compass? (lemmy.ml)
 

I've got LineageOS 20 on my Fairphone 4 and my compass is constantly broken.

After a calibration by doing the figure 8 motion, N/S works pretty okay but it's very jittery; a few degrees which is quite a lot. This might still be acceptable since it'd be smoothed out.

When I point the needle north and rotate the device 90 degrees however, I'm almost 30 degrees off which is borderline unusable.

Google maps claims the compass has low accuracy, no matter how long I do the figure 8 motion.

What gives? How could I debug this?

3
Faster than Rust and C++: the PERFECT hash table - strager (www.youtube.com)
 

It was recommended to me on YT and I found it super to be a super interesting presentation. Not just about this specific case but generally approaches to improve perf.

3
How do you link other communities? (lemmy.ml)
 

For example, if I wanted to link this community, I could link https://lemmy.ml/c/asklemmy. However, that would not be cross-instance compatible; others would have to paste that into their instances search bar.
How can I avoid that?

I've seen a syntax like this but it doesn't seem to work in the preview: !asklemmy@lemmy.ml

2
Der Link in der private Message von /r/de (spezistdoof.de)
view more: ‹ prev next ›