Nice selective quoting there... the original says "ordinarily used by ..." meaning xz the package, not restricting it just to the compromised version.
Posts by TrevorH
150 publicly visible posts • joined 22 Sep 2009
What can be done to protect open source devs from next xz backdoor drama?
Iowa sysadmin pleads guilty to 33-year identity theft of former coworker
The Hobbes OS/2 Archive logs off permanently in April
Windows keyboards to get a Copilot key – but how quickly will users jump?
England's village green hydrogen dream in tatters
It should also be noted that the vast majority of homes in cities in the UK cannot use individual heat pumps due to lack of space and/or noise from the fan units. If you live in a terraced street with no garden, where do you put your heat pipes? There are hand-wavy vague and untested plans for utility companies to install street-wide pipe networks under roads and pavements but so far nothing concrete (no pun intended) about how this would function nor how much it would cost. To meet the 2050 deadline they would need to be converting 20,000 properties a *week* to heatpumps. I suspect the current conversion rate is more likely closer to 20 a week than 20,000!
Red Hat greases migration to RHEL for CentOS 7 holdouts
Red Hat retires mailing list, leaving Linux loyalists to read between the lines
Researcher bags two-for-one deal on Linux bugs while probing GNOME component
Sysadmin and spouse admit to part in 'massive' pirated Avaya licenses scam
ArcaOS 5.1 gives vintage OS/2 a UEFI facelift for the 21st century
Soon the most popular 'real' desktop will be the Linux desktop
AWS: IPv4 addresses cost too much, so you’re going to pay
Twitter name and blue bird logo to be 'blowtorched' off company branding
What it takes to keep an enterprise 'Frankenkernel' alive
> No API changes, and no internal ABI changes either
This is a bit disingenuous. The so called "Stable KABI" almost *always* breaks at a RHEL point release. And since this is Stream and the kernel will be continually updated with new changes during the lifetime of one RHEL point release so I would expect multiple KABI changes to happen during Stream's lifetime between one RHEL point release and the next. If you run RHEL then you just get used to the "stable" KABI not being stable over a point release. If you run Stream then it could break at any time.
Rocky Linux claims to have found 'path forward' from CentOS source purge
Re: A bit of advance warning wouldn't have gone amiss
Yes. I've seen what happens in CentOS Stream. The other day for example, they pushed out an update to gnupg2 which removed its ability to verify signatures using SHA1. Good move to remove insecure stuff... except that the key used to GPG sign all the packages in the distro uses SHA1 so immediately after applying that fix, you could no longer use dnf or rpm to upgrade or downgrade any packages because they all have invalid signatures. That is the level of testing that CentOS Stream packages get before they are inflicted on its users.
Run, run away.
Red Hat strikes a crushing blow against RHEL downstreams
Western Digital: Customer info stolen in that IT attack
I got the email from them telling me of this breach and, usefully, it contains only a JPEG of the grovelling apology from some WD bigwig. That JPEG has no explanatory text to go with it and like many I have images deliberately turned off in my email client so all I got on two email clients (gmail on Android 13 and Thunderbird on a desktop) was a blank email from them containing, apparently, nothing at all. Very useful. It was only because I wondered why WD would be sending me a blank email that I bothered to dig through the headers and work out that it was actually from them. I then had to hack through the HTML email source code to extract the JPEG URL so I could read it....
Not a great way to communicate
Shocks from a hairy jumper crashed a PC, but the boss wouldn't believe it
Curiosity gets interplanetary software patch for better driving and more on Mars
Red Hat at 30: Biggest Linux company of them all still pushing to become cloud power
IBM shrinks z16 and LinuxONE systems into standard rack configs
> a single Rockhopper 4 would let customers replace at least 36 x86 servers, reducing energy consumption by 75 percent and space by 67 percent
So if it can replace 36 x 1U servers and use 67% of the space, does that mean this beast is a 24U rack mounted server? Does it come with a free forklift to get it into the rack?
Yukon UFO could have cost unfortunate balloon fan $12
Asus' latest single-board computer packs a 12-core, 4.5Ghz Intel i7
Rocky Linux 9 and its new build service enter the ring
Mars helicopter to take a breather, recharge batteries
Broadcom's VMware buy got you worried? Give these 5 FOSS hypervisors a spin
OpenSea phishing threat after rogue insider leaks customer email addresses
Micron aims 1.5TB microSD card at video surveillance market
RSAC branded a 'super spreader event' as attendees share COVID-19 test results
> However, 39.9 percent said they were unsure, for whatever that means.
I'd guess that since the conference didn't end until the 9th June, some people could still be unsure since the COVID-19 incubation period is still listed by the WHO as being on average 5-6 days but with outliers up to 14 days. So if it ended last week, there might still be new cases for another week yet.
Let's play everyone's favorite game: REvil? Or Not REvil?
The new generation of CentOS replacements – plus the daddy of them all: RHEL 8.6
Re: It was sad to see Centos go
Red Hat decided to turn CentOS into a beta version of the next version of RHEL so it has become unstable and pretty much continually broken. Rocky and Alma were set up to replace it outside of Red Hat and both aim to release the same thing that CentOS used to : a clone distro of RHEL minus hte RH branding and logos.
Workstation, server, IoT? No worries. Fedora 36 is out – all 13 editions of it
Elon Musk's latest launch: An unsolicited Twitter takeover
Arch Linux turns 20: Small, simple, great documentation
Chromium-adjacent Otter browser targets OS/2
Russian 'Minecraft bomb plot' teen jailed for five years
'Now' would be the right time to patch Ubuntu container hosts and ditch 21.04 thanks to heap buffer overflow bug
SUSE announces 'tech and support' product Liberty Linux
Spruce up your CV or just bin it? Survey finds recruiters are considering alternatives
Microsoft rang in the new year with a cutesy tweet in C#. Just one problem: The code sucked
DDoSers take weekend off only to resume campaign against UK's Voipfone on Monday
Re: this is what happens when you dont enforce authentication
So how do you authenticate when the pipe connecting you to the internet is so full of random data that the real stuff cannot get through. Your grasp of what a DDoS attack actually does and how it operates seems to be not very aligned with reality. You cannot protect against a DDoS attack once the packets from it arrive at your endpoint. It's already too late.