Quoting: HamishI guess Windows 95 was a server/corporate OS for including Network Neighborhood too.

Windows 95 was the continuation of 3.11 (a tiling window-manager) on top of MS-DOS which was developed strictly for the PC in mind, as single-user, single-tasking and not network-aware. Then they started adding mutually incompatible systems on top creating the piece of crap "OS" that it is for 4 decades now, which was (and is still being) held by duct tape. Even Microshaft (finally) admitted that they can't fix it anymore. There's no comparison with UNIX -> GNU/Linux or a system that is being developed with networking, multi-user and multi-tasking from scratch, that's what I'm saying. But this should have the scope and limits of a PC and not a server, because the attack surface has become really big. GNU/Linux as it is now is a chaotic system developed mainly for server use, a victim of antagonizing corporations, each one with their "own" technologies, simply adopted by the PC, us. We jumped on it because there has been no other better (FLOSS) alternative (for gaming, applications, sufficient hardware support, and enough manpower to support it) it's plain as that.

Seeing all that, FreeBSD and Haiku make more sense. But they are not "plug'n play"-ready because they lack that manpower.

View this comment - View article - View full comments

Quoting: pleasereadthemanualMy issue is that Arch, unlike openSUSE, Gentoo, Nix, Fedora Rawhide, Fedora 40/41, Kali Linux, and Homebrew, are continuing to use the 5.6.1 release, just pulling directly from Github and not the binary tarballs which were compromised.

so you are saying they should use the compromised binary tarballs instead. You said it twice already.

I'm not sure you understand the situation and are basically copy-pasting stuff you find elsewhere here pretending to know a thing.

https://bbs.archlinux.org/viewtopic.php?pid=2160841#p2160841 [External Link]

View this comment - View article - View full comments

Quoting: pleasereadthemanualMissed this comment the first time. This does not inspire confidence in me about using Arch in the future.

huh? maybe you missed that "The malicious code path does not exist in the arch version of sshd, as it does not link to liblzma" too. Also, how many "home" users use a ssh server...

The main problem is basically that we are using a server OS that has gotten too big, basically chaotic thus uncontrollable, when all "home" users needed was something like FreeBSD which doesn't use thousand of different tools and is being developed and curated as a whole. An OS like haiku for example, multi-user sure, multi-threaded sure, memory-protected sure, "network-aware" sure, but not including ssh and other server/corporate functionality.
A FLOSS OS just for the PC.

View this comment - View article - View full comments

This thing looks pretty big, methodically prepared for a long time. Possibly "state level actor".

View this comment - View article - View full comments

Quoting: dibzMight be fighting words for some, but this makes me glad I'm a bit old hat and generally not a fan of rolling distributions, which is who this mainly applies to. This attack entered the effected package only a couple months ago for pete's sake.

One month ago and according to https://security.archlinux.org/ASA-202403-1 [External Link]

The malicious code path does not exist in the arch version of sshd, as it does not link to liblzma.[...]

But you 've got a point nonetheless.

View this comment - View article - View full comments

Quoting: jens

Quoting: sudoerSo basically games that are using Proton/WINE won't work at all with Fedora 41?

No. Proton/Wine works just fine, also currently, using XWayland on a Wayland desktop session.

Thanks, I think I heard recently (from the TLE youtube guy) that it was not possible, maybe I misunderstood it.

View this comment - View article - View full comments

So basically games that are using Proton/WINE won't work at all with Fedora 41?

View this comment - View article - View full comments

@scaine thanks for the link, I will study this as knowing this kind of stuff sounds essential nowadays. Firejail AND/OR apparmor sound also like a good idea. Don't know about discord, I don't use it as I don't like it, I would speculate that it is different though as it could be just reading Steam's directory (?).

View this comment - View article - View full comments

How does the nprotect rootkit fit into this situation, it monitors just WINE's windoze processes or can it read memory as well?

View this comment - View article - View full comments

$490K wow... please keep using Ubuntu and snaps, they are so perfect, also please help Shuttleworth in these tough times, after all snaps is a community project.

View this comment - View article - View full comments