* Posts by chroot

58 publicly visible posts • joined 26 Jun 2018


Malicious SSH backdoor sneaks into xz, Linux world's data compression library


Re: SytemD?

From the Archlinux website:

Regarding sshd authentication bypass/code execution

From the upstream report (one):

openssh does not directly use liblzma. However debian and several other distributions patch openssh to support systemd notification, and libsystemd does depend on lzma.

Arch does not directly link openssh to liblzma, and thus this attack vector is not possible. You can confirm this by issuing the following command:

ldd "$(command …


Re: systemd was responsible for injecting the vulnerability into the SSH daemon

Both protections that you mention don't help against source code injections.

Now you can compare your Chromium browser with that other Chromium browser using Speedometer 3.0


Firefox won

Here too: Chromium (no extensions) 13.8; Firefox (new profile) 18.6.

Mozilla CEO quits, pushes pivot to data privacy champion... but what about Firefox?


Re: Firefox could so easily win…

Hey! I like Pocket. I use it to read articles on my Kobo e-reader!



That is probably the top feature I would like Mozilla to add to Firefox. I tell everyone to use Firefox, but if they want a PWA then I have to admit they need Chrome or Co for that.

RIP Bram Moolenaar: Coding world mourns Vim creator



Upvote for :x instead of :wq

Though in practice I mostly do :xa

Gtk 5 might drop X11 support, says GNOME dev


Re: Gnome devs who drank the Wayland coolaid...

Gnome looks like WIndows 10?? They're nothing alike!


Re: Gnome being Gnome...

I absolutely love Gnome 3. A massive improvement of Gnome 2. I'm glad Archlinux supported it from the start and that I didn't have to wait for some distro release.

Waste clock cycles? I myself am happy to dedicate some clock cycles to be happier using a computer and get things done quicker.

BTW: If you want to save *a lot* of energy, just don't buy Intel, but AMD.

Down vote counter starts now.

Old-school editor Vim hits version 9 with faster scripting language


Yet Another Vim Scripting Language

Why? Because we can? There aren't enough scripting languages to choose from?


Re: What's Vi?

You forgot or missed nvim (neovim) in that list.

Thunderbird 102 gets a major facelift, Matrix chat support


Finally: the address book

We can now have more than 2 email addresses per contact! And a whole lot of other stuff. This closes bug 118665 that was opened 21 years ago. Finally.


BTW: I've been using Thunderbird since it was called Netscape.

BTW2: Happily using it on Archlinux: it is "thunderbird-bin" in the AUR.

Arch Linux: In a world of polish, DIY never felt so good


Re: What's the real advantage

The greatest advantage for me is up-to-date software. All software is recent, not 6 months or 2 years old.

Europe's GDPR coincides with dramatic drop in Android apps


And it can all be attributed to GDPR?

Or also because Apple and Google have removed many apps because they don't comply with their policies or because of security issues?

The report writes:

> One in seven of the developers reported having removed an app from the market due to new requirements and costs, and one in eleven reported choosing not to launch a developed app.13

And footnote 13:

> 13 One of our survey respondents wrote ‘Removed several small apps completely in order to minimize the risk and because of the uncertain as well as non-transparent legal situation.’

Wow. One respondent!

Lots of new toys, caps lock still stuck on: ONLYOFFICE hits version 7


Re: I hate to bow to The Great God M$...

Is Office 365 user-friendly? Just asking.

Waterfox: A Firefox fork that could teach Mozilla a lesson



"But currently, it's thriving, unlike its progenitor."

Can you back that up with some data? Does Waterfox have more users than Firefox?

All in all, the article is written as an advertisement for Waterfox.

WhatsApp's got your back(ups) with encryption for stored messages


Re: Ah......end-to-end encryption.....criminals, "think of the children"....and so on.....

Nooo. You should not post your backup key on the Internet!

Facebook building 'on-demand executable file format' that self-inflates using homebrew compression


Re: Nothing to see. Move along...

In addition: Zstandard (zstd) is also from Facebook and is known for being fast. It compresses and decompresses really fast, unless you use the higher level compressions, beyond 15, more or less. Default compression level is only 3.

I highly recommend it as a replacement for gzip. I use it to compress 16 GB files at level 6 with multithreading (-T0).

If you're running Archlinux and building packages yourself, you may want to lower the default compression level and enable multithreading in your /etc/makepkg.conf with:

COMPRESSZST=(zstd -czv -T0 -9)

Firefox 91 introduces cookie clearing, clutter-free printing, Microsoft single sign-on... so where are all the users?


Re: That's not a very useful option

That is the Cookie AutoDelete extension.

Feeling brave? GNOME 40 is here and you can have a poke around in the Fedora 34 beta

Thumb Up

Re: Please god NOOOOOOO!

"Gnome 3 is shite, and many have complained."

Don't forget that YOU think it is shite. You know, an opinion. I actually love Gnome 3. I don't want to stay stuck in the past. I want a modern computer to have a modern desktop that takes advantage of modern technologies.

It is logical that every major step forward gets a negative response from some. That is unavoidable.

On my Archlinux installation I already have Gnome 40! :-)

The GIMP turns 25 and promises to carry on being the FOSS not-Photoshop


> single window interface

Gimp has an option to turn it on.


Re: 25 years and still a pain to use

Don't forget that apparenlty most of you are used to the Adobe interface and not to the Gimp interface. If it were the other way around, I guess you would be complaining about Adobe.

Personally I have no problem at all with Gimp. Marvellous piece of software. Congratulations!

Thunderbird implements PGP crypto feature requested 21 years ago


Independent key verification

It does not have to be a third *party*, if that is what you mean by "independent", but there must be a way to verify the keys, by means of fingerprints, hashes, ascii-art, such as used by SSH for example. A different (independent) communcation channel is required for that.

AI in the enterprise: Prepare to be disappointed – oversold but under appreciated, it can help... just not too much


Which option to pick?

Exactly. AI simply does not exist yet, see Max Tegmark's book "Life 3.0". There is Machine Learning and that does use new algorithms. Which option to pick?

Linus Torvalds banishes masters, slaves and blacklists from the Linux kernel, starting now


Re: Proudly ignorant

That will have to be denylist, not blocklist.

Remember when we warned in February Apple will crack down on long-life HTTPS certs? It's happening: Chrome, Firefox ready to join in, too


Re: Is there any advantage left by using commercial certs?

In what browser do EV certificates still show up differently?

Snapping at Canonical's Snap: Linux Mint team says no to Ubuntu store 'backdoor'


zip and unzip

May I suggest zstd?

Micros~1? ClippyZilla? BSOD Bob? There can be only one winner. Or maybe two



I just read Blue Screen Merchant and it is hilarious. Since it is not among the options, I voted for Micros~1. Brilliant.

As Zoom bans spread over privacy concerns, vid-conf biz taps up Stamos as firefighter in totally-not-a-PR-stunt move



Has jitsi decent quality?

There is also the Norwegian alternative whereby.com, formerly appear.in. They are not very good at choosing a catchy name, but their security may be better. They haven't had their "zoom moment", so it hasn't been scrutinised yet.

We're number two! Microsoft's Edge browser slips past Firefox in latest set of NetMarketShare figures


Re: Why the decline of Firefox?

Don't have that problem at all. There is a refresh profile function in Firefox: go to Help → Troubleshooting information and there is a button to refresh.


Re: Why the decline of Firefox?

One of the reasons is that anytime you use any Google service, you get an alert to install a secure browser: Chrome.

'Unfixable' boot ROM security flaw in millions of Intel chips could spell 'utter chaos' for DRM, file encryption, etc


Re: A backdoor ?

I work for No Such Agency!

At last, the fix no one asked for: Portable home directories merged into systemd



You overlooked the quite common situation where people work at home a one or more days per week.

No Mo'zilla for about 100 techies today: Firefox maker lays off staff as boss talks of 'difficult choices' and funding


Re: I like firefox..those 1000+ what are they doing?

I think you don't realise how complex the render software is. Have you ever looked at the specs of grid or flex, for example. Having two teams of five people working on that, won't cut it.


Removed features

So what are those features that were removed and so important?

I had to say goodbye to Morning Coffee when Firefox made the extensions more secure. Do I miss it? Not at all.

I like the steps that Mozilla is taking with Firefox the last years. Hey, even Pocket plays nicely with my Kobo e-reader. Should it have been a core function? Well, Mozilla bought it, so I don't blame them. If you don't like it, hide the button. Does anyone complain about their car having an ash tray? Didn't think so. And you can't even hide it.

What's that? Encryption's OK now? UK politicos Brexit from Whatsapp to Signal


Actually, there are apps, such as R2Mail2, in which you cannot make screenshots using the Android feature.

Whipping out a camera is another deal, of course.

We are absolutely, definitively, completely and utterly out of IPv4 addresses, warns RIPE


Most email services do not support IPv6

A few weeks ago I was astonished to discover that most email services do not even support IPv6, such as Microsoft's (hotmail.com, outlook.com), Apple's (me.com) and many hosters. Notable exception: Gmail.

Bad news: 'Unblockable' web trackers emerge. Good news: Firefox with uBlock Origin can stop it. Chrome, not so much


Re: I'm forced to wonder

"change the 'erase cookies on exit' to 'erase cookies when tab is closed'."

That is what the Firefox extension Cookie Autodelete does. I mostly accept anything and it's gone the moment I close the tab.

Ask, Allow or Block is like Vivaldi browser's version of Snog Marry Avoid for popups in 2.9


Mozilla is doing a very decent job with the privacy features in the latest versions. Although not yet enough to get rid of the privacy and security extensions.

You can easily secure America's e-voting systems tomorrow. Use paper – Bruce Schneier


What about other applications?

If paper is the only secure way to vote, why can we rely on electronic services for banking, government services, etc? Or shouldn't we?

Frustrated Brits can dump mobile providers by text as of today


Re: Criminals, number spoofing

They've thought of that and also introduced the STAC to terminate the contract. The article does not say if there are more steps.

I'll just clear down the database before break. What's the worst that could happen? It's a trial



I always use "reboot". Much harder to mistype.


ssh ProxyCommand

daisy-chained ssh? Try ProxyCommand in your .ssh/config!

Have you always wanted an algorithm that can search like Bing? Well, if you change your mind, one's on GitHub now


Re: No thanks

> Want to find something specific where the general public misuses a term completely incorrectly? You won't find a thing with BING because their "vectors" keep steering you back to what "everyone else" is talking about.

And Google does not do that?

For these things I go directly to Wikipedia; no need for a web search engine.

Encryption? This time it'll be usable, Thunderbird promises


Re: The trouble with PGP is that

SMTP does server-to-server encryption. PGP and S/MIME do end-to-end encryption.


Re: PGP is better than the alternative

We use S/MIME in our company and it is extremely easy to use, once set up.