/All/
|
index
catalog
recent
update
post
|
/math/
/tech/
/misc/
/free/
/meta/
/test/
|
Guide
light
mod
Log
P86747
xz backdoored, ssh compromised
Fri 2024-03-29 20:44:39
link
reply
a021a1d00595031f2838da2bca90ad800e864b660cb20f8fa2ae32acb1b94512.png
1.10 MiB 1242x1237
https://www.openwall.com/lists/oss-security/2024/03/29/4
xz upstream maintainer knowingly introduced a pretty sophiasticated backdoor (with preparation steps that took almost a year to hide as long as possiblre)
Xz versions v5.6.0 and v5.6.1 are vulnerable. The backdoor is programmed in such a way that it only changes the ssh behaviour (assuming some prerequisities are met, for example not run from a terminal)
proceed appropriately
Referenced by:
P86842
P86748
Oh no no no no
Fri 2024-03-29 21:01:30
link
reply
f43d4ba1351db5dba2b6fb9ddf6767a2a6e0c758dd07fb63d93d4560ef96265b.jpg
33.3 KiB 599x405
Do we know it was the maintainer or just someone commiting code? I didn't have time to read thru all this. GNU/Systemd is getting hit.
https://www.linuxquestions.org/questions/slackware-14/backdoor-in-upstream-xz-liblzma-4175735461/#post6492764
https://www.cisa.gov/news-events/alerts/2024/03/29/reported-supply-chain-compromise-affecting-xz-utils-data-compression-library-cve-2024-3094
https://access.redhat.com/security/cve/CVE-2024-3094
https://news.ycombinator.com/item?id=39865810
>Those tarballs are PGP signed, too..
[bold:
Solaris
]
and OpenVMS are safe! The script kiddies are going to love this one. Alot of stuff uses xz/lzma.
[bold:
Someone set us up the bomb!
]
Referenced by:
P86986
P86768
Fri 2024-03-29 23:57:09
link
reply
The furries are fighting over Xz utils.
>Nice ad hominem, maybe you could learn a thing or two about security if you didn't disregard people's opinions based on if they are a furry or not.
https://github.com/tukaani-project/xz/commit/6e636819e8f070330d835fce46289a3ff72a7b89
P86770
Sat 2024-03-30 00:39:48
link
reply
It only targets Linux/systemd? OpenBaSeD wins again.
Referenced by:
P86771
P86771
Sat 2024-03-30 00:53:09
link
reply
detect.sh
426 B
P86770
Sshd that uses liblzma, which is only the case on Systemd/Linux. Here on Slackware we don't have systemd so it's not an issue, but there's an update in the pipe for tomorrow (actually it's out right now but might not be on all the mirrors).
You can check liblzma for the function.
Really makes you think - how many of these are out there right now that no one knows about? I guess that's why they say "defense in depth". If a foreign actor, say from China, did something like this, there would be no recourse against him. My guess is that something this sneaky and deep is possibly a state actor.
P86773
Sat 2024-03-30 01:07:57
link
reply
so debian is affected?
Referenced by:
P86784
P86775
Sat 2024-03-30 01:43:47
link
reply
Moldy-oldy Debian isn't, but new Debian looks like it is.
https://lists.debian.org/debian-security-announce/2024/msg00057.html
P86784
Sat 2024-03-30 02:02:59
link
reply
b409c72482264f62fbbc7c2858e1e14f1ea3fbfc0aeb3c76f4abe4928a14ae8d.png
136 KiB 522x747
P86773
Yes. The exploit hinges on a lot of particular shit. It's possible only Debian unstable is affected. The exploit allegedly doesn't work on Arch, but they recommend updating just in case.
The profile of that xz maintainer is hella sus. Near zero online presence, active at times consistent with living in China, original xz maintainer having weird mental health issues just in time for him to take the project over... Oh, and he tried to "contribute" to Linux as well.
Not trusting xz again until it changes leadership or gets audited, that's for sure.
Referenced by:
P87076
P86795
Sat 2024-03-30 02:16:37
link
reply
>$~ xz -V
>xz (XZ Utils) 5.2.5
>liblzma 5.2.5
Get fucked, archfags.
Referenced by:
P86810
P86872
P86810
Sat 2024-03-30 02:38:00
link
reply
P86795
$ zoo -version
zoo 2.1 $Date: 91/07/09 02:10:34 $
> zoo -version
zoo 2.11-rc1
P86842
mini DAY OF THE SEAL
Sat 2024-03-30 12:29:40
link
reply
82043289ddb3df5f3ff43d7f0103bdfbd4cda69b02f16b8956f33bfc01cc5bdc.jpg
72.2 KiB 1024x1024
d0bb6d4df79551d16dd603c64d27b2a4f65b779764f376c5701cbd781e849d9a.webp
72.5 KiB 1200x630
c8664a0e940e50d05e5234feef57ba50d4279fc38dccabdc41dd1f815734402b.webp
64.0 KiB 760x570
fd80337f79fe503fc73db556565d07a28a0c2a0b1141e0e1cba9f505af75035b.png
40.4 KiB 1280x720
f6d25af36493580afd6b3e9a21a0973abda102bf4e91b3e1cfe9c5fac374440d.png
3.95 MiB 1920x1080
P86747
>a compression algo nobody asked for, in pile of C, bash and [[[[[[[[[[m4]]]]]]]]]] [[[unreadable build system]]] chicken scratch that no normal person would ever bother to look into is backdoored
woah i totally didnt see this coming and totally dont warn about this on a daily basis
>700 commits to some autistic pet project (no really, why does a compression algo need more than one commit per year)
wow its almost as if this is what i warn about every day while un*x faggots say its fine and im just dumb. you stupid little aspie fucks find comfy corner where you can spend 3000 hours "improving" and adding features to some gay little library that everything depends on which has a build script that has more code than how much code is actually required to implement the requirements of the project. you people also don't understand that extending languages constantly means no auditor can ever do a good job. you people also don't understand that adding more versions makes the code more complex
>only affects ssh+systemd
you niggers deserve it
>only affects muh "bleeding edge" "release stream" (aka where chicken scratch is delivered on a daily basis directly from autists in their basements)
you double deserve it
>proceed appropriately
i dont come here to get security notifications let alone any sort of news at all, you dumb fucking sperg loser
anyway, now watch some aspie point out how this is not a BTFO because it was just barely caught or theyre one of the 2 users who doesnt use systemd (slackware doesnt count since thats just LARP, and, as insecure as something a LARPer would make. it doesnt even need this backdoor)
also watch the techwiggers react to this by rolling out some new dipshit "solution" that really solves 0.1% of the problem but with 3000x effort, just like they did for other problems they recently discoverd, with linters, deterministic builds, 2fa, containers
Referenced by:
P86986
P88767
P86872
Sat 2024-03-30 16:38:31
link
reply
P86795
Newer software versions lose again LOL.
Arch is such a joke.
Referenced by:
P86876
P86876
Sat 2024-03-30 17:38:35
link
reply
P86872
Arch wasn't affected by this.
P86883
Sat 2024-03-30 18:32:43
link
reply
Ahh...I was wondering what Trixie thought of b\.\.mer un*x w^iggers in regard to xz. He's got one point though, in that this sort of thing is totally possible with free software.
I've seen some people criticizing Github, and you shouldn't use it for releases, but before that it was Sourceforge, Freshmeat, or someone's ftp server, or someone's website. With free software, more or less anyone can add/tamper with it and there is no way to 100% audit all that.
If we go the proprietary route, then you are a slave to Apple and can do only what they want you to do in their walled garden. They also censor out things for political reasons. Things like OpenVMS are laughably expensive ($12,000+ for a usable system with multiple, legal licenses) and we know Windows, despite being closed-source, has historically had many, many security issues.
Myself, I'd rather deal with the problems of free software; the issue didn't affect me and, even still, there was a fix later in the day to make sure. That's fast. I had the info of what was going on and could take a course of action within hours.
Now with that said, who do you think was most likely the responsible actor? My guesses:
1) Determined, intential backdoor from the beginning. NSA and other 3-letters play the long game, embedding holes like this that can be used later in cyber warfare. Russia does this as well. Maybe N. Korea.
2) A legit developer that gets a call saying "doing it for the Father Land" (or else). This would be in line with China or their allies.
3) Just some blackhat. This is the least likely one, as the backdoor was pretty specific and was introduced over a very long period of time. Some random hacker usually doesn't spend this much time and effort.
If 1 or 2 is the case, the person likely won't be found and nothing will happen to him.
Referenced by:
P86889
P87009
P86889
33of8
Sat 2024-03-30 20:04:41
link
reply
P86883
Forgot signature
P86898
Sat 2024-03-30 21:53:49
link
reply
https://bsky.app/profile/filippo.abyssdomain.expert/post/3kowjkx2njy2b
>The hooked RSA_public_decrypt verifies a signature on the server's host key by a fixed Ed448 key, and then passes a payload to system().
>It's RCE, not auth bypass, and gated/unreplayable.
I'm leaning more towards the NSA now. This was probably at the order of Emperor Fuckstick, to make sure you're not misbehaving (going against communism). Can't have people storing Bibles on their computers or making funny pictures.
P86901
Sat 2024-03-30 22:04:02
link
reply
>Sourceforge
https://sourcegeorgehandso.me
P86960
Sun 2024-03-31 00:23:59
link
reply
lzma.xz
220 B
P86974
Sun 2024-03-31 02:47:26
link
reply
1f505a391b231abb2765cf2d574473def355a6b5e578a95a29d66fb4e5b0fea6.png
114 KiB 1539x835
>check if feature is present by checking whether a C program compiles
>insert syntax error to make it not compile
Nothing personel, lincucks.
Referenced by:
P86986
P86986
QRD
Sun 2024-03-31 05:01:57
link
reply
P86748
P86974
So how bad or big is this?
can u explain to me like im dumb or lamen terms
P86842
>only affects muh "bleeding edge" "release stream" (aka where chicken scratch is delivered on a daily basis directly from autists in their basements)
So its the debian unstable or rolling releases and all arch?
Referenced by:
P86989
P86989
Sun 2024-03-31 05:35:50
link
reply
get-off-my-lawn.jpg
92.7 KiB 634x851
P86986
It's probably these niggers:
https://en.wikipedia.org/wiki/Tailored_Access_Operations
because it seems to target only Debian unstable (or whatever names they give their newer stuff), and a few mainstream others. I'm going to add them to my shitlist, right after Google, Cuckflare, Spamhaus and that other one I since forgot.
P87009
Sun 2024-03-31 11:40:18
link
reply
P86883
software is just software, proprietary is a buzzword for CEO faggots who think compilation makes it unpiratable
>With free software, more or less anyone can add/tamper with it and there is no way to 100% audit all that.
yes, because the """community""" is a bunch of fags with literal autism that therefore need to expand each library as much as possible AAAAH IM DEVELOPPING. making everything in C and thus having 100x more code than there would otherwise be doesnt help either
P87053
I don't want to say "it's the NSA" but ...
Sun 2024-03-31 18:53:28
link
reply
https://gynvael.coldwind.pl/?id=782
Referenced by:
P87116
P87843
P87076
Sun 2024-03-31 23:03:47
link
reply
1a993d7ecc543bdcecb36f2c19f5473f894bbb55f259980ded7fbfb98700146a.png
110 KiB 559x540
P86784
>It's possible only Debian unstable is affected.
OH NO NO NO
>debian stable is unsecure cuz dis n dat patches not there
>switch to unstable
>gets exploit RCE anyway
>stable not affected
Referenced by:
P87083
P87116
P87083
Sun 2024-03-31 23:37:10
link
reply
P87076
>>debian stable is unsecure cuz dis n dat patches not there
Yes. Only a small portion of security vulnerabilities (only some vulns that get CVEs) are patched in Debian stable.
>>switch to unstable
It's a shitty distribution for security anyway. The real answer is to switch to a distribution that doesn't have this problem in the first place, like Arch.
>>gets exploit RCE anyway
>>stable not affected
>one (1) exploit doesn't affect my distro that keeps hundreds of vulnerabilities that other distros don't have! checkmate, infosec nerds!
Referenced by:
P92146
P87116
Mon 2024-04-01 02:11:50
link
reply
P87053
that link gave me ptsd at first cuz it looks like youtube or some other site full of popups, js, captchas, ip blocks
P87076
as a fang dev i use debian unstable as my daily driver because we have heightened security requirements. i have had zero issues with it.
P87531
Mon 2024-04-01 17:11:55
link
reply
It doesn't make sense to conclude X distro wins Y distro loses from this. It looks like Debian unstable was targeted specifically. I would assume this could've happened to your favorite whatever other distro if they were the target.
Referenced by:
P87653
P87843
P87653
Tue 2024-04-02 02:31:53
link
reply
P87531
So debian stable is safe?
P87700
We made it!
Tue 2024-04-02 05:10:19
link
reply
We just got a mention on Coast to Coast Am for Xz! They are talking about Linux, free software, and Unix history.
Referenced by:
P87723
P87723
Tue 2024-04-02 06:44:13
link
reply
P87700
sauce?
Referenced by:
P87892
P87843
Tue 2024-04-02 18:13:17
link
reply
2156ba7b26ab982930c3deeed5bbd318d590c59ef7fc23097a86d6fd03e6e311.jpg
286 KiB 1920x1080
P87531
>It doesn't make sense to conclude X distro wins Y distro loses from this.
The xz backdoor was ultimately targeting sshd and linked to it via libsystemd. So all systemdless distros (Alpine/ Devuan/ Gentoo etc.) were never in danger.
>It looks like Debian unstable was targeted specifically.
Fedora was worst hit with the backdoor making it all the way to real world F41 and Rawhide systems. Fedora is also a distro that Linus and other high level kernel devs are known to use. Imply your own implications.
P87053
>I don't want to say "it's the NSA" but ...
The attacker was using streetshitter names. The commits were under Jia Tan and he samefagged as Jigar Kumar on mailing lists to pressure devs to merge his backdoors. It could still have been the NSA but curryniggers are exactly the kind of tards who would do something like this and then refuse to cover their tracks because india superpower 2020. Honestly nobody has more unjustified national pride.
https://boehs.org/node/everything-i-know-about-the-xz-backdoor
>
https://gynvael.coldwind.pl/?id=782
That's still an interesting read though thanks.
Referenced by:
P87892
P87869
Tue 2024-04-02 19:46:05
link
reply
imagine what they don't got
P87892
I don't want to say "it's the NSA" but...
Tue 2024-04-02 20:54:38
link
reply
its-the-nsa.jpg
105 KiB 699x792
P87723
I heard it last night on the show, towards the beginning. When I checked their website it wasn't listed so I guess you had to have been listening.
P87843
There's only a few countries that do this:
1. USA via the NSA or whatever group is responsible for this now.
2. Irsael - you might as well say "USA" again, because they work together. Think Stuxnet.
3. East Asians - mainly China and N. Korea.
4. Russia - Fancy Bear, etc. Nothing happens in Russia without OK from Putin.
"Jia Tan" was likely the account for the NSA group. If you are #3 above, you wouldn't use an Asian-sounding name. India is famous for rapes and sketchy tech support. Not hacking of this level. It's the NSA.
What's certain is this: nothing will happen to "him" (them).
It does go to prove my point of using "off-the-path" computing systems is more secure. But that's a topic for another thread.
Referenced by:
P88513
P88514
P87953
Wed 2024-04-03 00:24:16
link
reply
>curryniggers are exactly the kind of tards who would do something like this and then refuse to cover their tracks because india superpower 2020. Honestly nobody has more unjustified national pride.
could denpa comment on this?
Referenced by:
P87978
P87978
Wed 2024-04-03 01:49:20
link
reply
1735acc78784ff6d85cdb2f7376c57831b1ccb5c0639f9bfbf9811e8b96927de.jpg
420 KiB 2828x1612
P87953
Proud moment saar. Love from India.
Status: REDEEMED.
Referenced by:
P88513
P88513
Thu 2024-04-04 18:29:50
link
reply
209a08c99085f81e1c9ebf9020b553aecd6e746c727eb6a9c6bba142493a4b57.jpg
263 KiB 1920x1080
P87892
>India is famous for rapes and sketchy tech support. Not hacking of this level.
>hacking of this level
He infiltrated a semi-abandoned open source project and gradually added low quality code which could eventually get exploited. Curry niggers do that everyday by accident.
>There's only a few countries that do this:
Obviously India has hackers
https://www.darkreading.com/threat-intelligence/india-s-cybercrime-and-apt-operations-on-the-rise
>It does go to prove my point of using "off-the-path" computing systems is more secure.
Well of course the most secure computer system is one that doesn't do anything.
P87978
I'm sorry you're a subhuman shitskit. It's not your fault. It's not my fault either though.
P88522
Thu 2024-04-04 20:54:31
link
reply
Also, Tor links liblzma.
ldd /usr/bin/tor
linux-vdso.so.1 (0x00007ffff7fc4000)
libz.so.1 => /lib64/libz.so.1 (0x00007ffff7be6000)
libm.so.6 => /lib64/libm.so.6 (0x00007ffff7afd000)
libevent-2.1.so.7 => /usr/lib64/libevent-2.1.so.7 (0x00007ffff7aa9000)
libssl.so.3 => /lib64/libssl.so.3 (0x00007ffff79b3000)
libcrypto.so.3 => /lib64/libcrypto.so.3 (0x00007ffff7400000)
liblzma.so.5 => /lib64/liblzma.so.5 (0x00007ffff7983000)
libzstd.so.1 => /lib64/libzstd.so.1 (0x00007ffff72ea000)
libseccomp.so.2 => /usr/lib64/libseccomp.so.2 (0x00007ffff7963000)
libcap.so.2 => /lib64/libcap.so.2 (0x00007ffff7f70000)
libc.so.6 => /lib64/libc.so.6 (0x00007ffff7000000)
/lib64/ld-linux-x86-64.so.2 (0x00007ffff7fc6000)
Might be a good time to rebuild that just because.
Referenced by:
P88583
P88583
Fri 2024-04-05 00:24:46
link
reply
P88522
>rebuild that
What do you not understand about dynamic linking?
Referenced by:
P88609
P91879
P88609
Fri 2024-04-05 00:57:29
link
reply
P88583
I got distracted. I was thinking about updating Tor, and that message about libraries on the current system not matching the headers it was built with, and it came out wrong.
P88623
Fri 2024-04-05 01:46:16
link
reply
P88622
wtf is this that keeps getting spammed?
Referenced by:
P88630
P88630
Fri 2024-04-05 02:53:56
link
reply
P88623
I've been seeing it all over. Some gold/silver jewelry site?
Referenced by:
P88633
P88633
sage
Fri 2024-04-05 03:31:42
link
reply
P88630
>gold/silver jewelry
goldberg
silverstein
[bold:
jew
]
elry
P88705
Fri 2024-04-05 17:01:38
link
reply
>but shoving objects in your asshole wjile hairy is fun
P88767
Fri 2024-04-05 21:46:49
link
reply
So to avoid this in the future:
1. Compile from the actual source tarball generated from the commit, not from a different one uploaded by the developer.
2. Diversity of systems. Having different implementations works fine if right to standards and compile from source, but prevents stuff like this from working (he was loading pre-compiled stuff that depended on glibc, in addition to the requirement for openssh to be patched to link to systemd).
It really is that easy.
(Using Qubes might have fixed this even if he had targeted your favorite distribution.)
P86842
You can say that when you publish a working alternative.
Referenced by:
P90396
P90413
P90878
P90396
Sun 2024-04-14 07:42:34
link
reply
P88767
Debian stable was not touched by this.
Debian wins again over muh w*gger bleeding edge w systemd arch
Referenced by:
P90745
P92143
P90745
Wed 2024-04-17 01:02:06
link
reply
P90396
Arch was also not affected, since Arch does not patch OpenSSH to depend on systemd.
P90754
Wed 2024-04-17 02:02:14
link
reply
c24d6d6df7bf1c23a1d3fae6b6a9bee633872d5e86ae4222b875baa6d6d5eb2c.jpg
7.73 KiB 240x196
Imagine patching something as important as OpenSSH with something as bloated and unneeded as systemdicks. That's like shitting in your protein shake.
Referenced by:
P90764
P91879
P90764
https://pentoo.org/
Wed 2024-04-17 04:11:11
link
reply
P90754
thats why i use pentoo tbh
P90878
Thu 2024-04-18 02:29:40
link
reply
9b3a469140033a6b4a3bff2eecf60c24efb16ff05ae47d6cf1200d3d69009e85.jpg
75.7 KiB 680x680
P88767
>So to avoid this in the future:
>1. Compile from the actual source tarball generated from the commit, not from a different one uploaded by the developer.
The backdoor only targeted .deb and .rpm packages. So then should I also not use deb/rpm? Face it, at some point you're going to have to trust the developer at one point. Avoiding official releases doesn't solve anything.
Referenced by:
P90926
P91140
P90926
Thu 2024-04-18 10:48:56
link
reply
P90878
just write your own software smh
P91140
Fri 2024-04-19 02:46:49
link
reply
06fbcd04381cf61665d63fa7cb4ddd52a3f30de6832043ca115d72398e0c6e75.jpg
56.9 KiB 618x693
P90878
I know...having the source not matching was how this one hid itself, though.
The point of using the git code that matches the tag is that the git code is (hopefully) more thoroughly examined by others. Various distributions were just assuming the two matched when they did not.
Referenced by:
P91251
P91251
Sat 2024-04-20 03:46:05
link
reply
P91140
Source of pic please?
Referenced by:
P91278
P91278
Sat 2024-04-20 16:40:02
link
reply
P91251
I don't remember.
P91370
Sun 2024-04-21 04:29:08
link
reply
Yeah right faggot send me the deets I imported your key love...
-----BEGIN PGP MESSAGE-----
InVsS513wgGlIglJnGln6ZF1d0Wt/xm2gkbn1TRhA2UEsyLdEurcXJ7y3v2F6i+1
1PAdBrabmqUZ35/qvJS7qpzrXnplgPKXsPx2timyUgt/I7U07/PBfsv6tsfHst8f
IRiQLcHJFOat01dhHE9Ifp4wCwJxFCg4bMc57/QeESp738DTnafoZrmUThKgaIKr
LKrPByTeSwMRXUxcoByXSGL2ZjfLklxurMiaDmkjnMQOthtAwOrcVTFhkqP1kYAx
vkPudJMPPm1yyjDjZTo8xg+IqjIvygY3ZgsXXpenAPnrpeielmQFnrKjDkAiVIhV
liZQG5UTueh/Av1yRSn6XnJrG37kBzo8qFQ8eMcdUQURWKjrOmIY9Ai8F7kvgTkC
yr2WahWmdwqQoVNXEWCZuB82rBb63fn/dOEmCee8BD1VH2W8iRFvZNI2h7hVOTZJ
Co6VSf0yW+Tr9a1QUUADFyppkv5Q5UzZrt1PWDyEfqYXI8n7QFN5If3tKZ9h+kS3
09uARG58eceW068HUokgSa5TtEw9ZPRqv68CxGk3sSmwQBp7tjquljTJ33j51mfB
IzbJTFhqhT3Q8zYN3oN/wNFn43izlvAqbsOegKW+8lEEpGzNFG69Une9DWYGbFrj
bXnSEyDxZB3Xi4Y986lqksBrTzzDxRRm3jdT4Gcelq1F1WbFurQDCSEUH1bqokgc
ILT/q9EqTHj3v5x99OcmWafDm4FYKlXUaAdeKjjpVwO70nUNA7LlmVUqF96ujh+G
f/5UjVGS14sMW8CAQuYlGPzpF7GnI0hh+cFBwuiRztTDawnDAx5mTFzrDtdW+fMc
zM3I/4qbb+NxnJs51B5kRCQXvle2tG/+lF6FEJySRDZYy1xogOhHWOVKGOO5syZJ
YChd4viNxcNxurVMz/iID5VqbKR657qX3A5DadOsMrOKdqVeFS6moF5MzSHz+Z+h
UpFP18pfr9cVw2Jb48H1eP7o/s/avd6eyiDT8I5ddY8KzHOkBNH4NT23NcCSG8hS
hcFjnuwLEaKotlxXHFlQI0wn8s7+GZHlzVRYeH2qD9d3kKPmRcAZbEbrFr+yxbJ3
kNe5eGRpMhFUIvMSKlgHmGseiNVIR6NTe5m57Rj/pLNHUXqi2SF4s9UQ2F235+78
Iww7t5cCa/7l6EhrusW5M6XxAHRt10KxVi5nFVN9pMNPO4kgLTHp9qBP8nG5fbs/
5K6kUH8Xydl73iuN6G0RWG0wUIU+ZLR62H2H2FRrWMPxI6czlPFrGy3fu84Cmqan
Vl9IZdt7YxXEbGGkX8+e9TYCi82Yk+xdegNeo4VAtBL6d7fgVDMbXFLNg3KC8c8r
GMKpGm9uyHUGMjRuDYv8HTEwmRujI+lZVMsM/VBDnYOQLFp6qlHiyk8q885Hk69O
0O/aJjLNAgfel3UdT6oIpnA54nve1cWSTq1K+yb8WqY3d0lNexvxgcQRidhUnYNh
97s/Bqy5hjntz0NYQ9QUgg4fiN+sqQztED4n+ksz3rr7s64RyWXR2ikm3QDTNfR7
b9F+d39AFcfcoxpUMvZkg29f/PwUpL7FGQWGjo947ms66f/iKK3LqkEc9hS7nxV5
fMR03RaHvghK5xlwG68ulhBaff8rQ+qJ+DCnQmj41DL/bTAYA2d0Z8pW4SrV/KeN
2Fv2CBNqifzJxlDVJOXPdUjiAYAcr7GYwxAjdLMnctQMBO2b8xu9qjqToGEh/R/f
sW/fhBvGiMhSReY06ZPWl8GJX6CGFiNSexVv/FWE97bwzBjp2kc+LE7w0h7iqhn5
+cot8M00nOYQ9U4bomsRMqS/qOUkjO5GkQCUaZAQ3NM4eaJJldUmGRHVEsFBD1wn
E4qETAj+uNK+T/puDbxoUTYxEXdhhR8BLlZbKyWzo72s8DJ/6+hUSEk7xvjDW+EX
iVXPNfVwSYNg3Njvt5r0O+/PFmahebw/W+YmA27waOAJH4XVH0RdEMoJidut5rQP
CAw9NkhEdo8vb6ysq834bsFbu2RqJNBEPPWdc84s5PvuQNDGIm7iyKv4GVIyApsP
uR92EIDO9gRxvdaqs7bvUYIB4P8sz0JW8pHsgVxb15s4jOnMWP3/JJ5iIxzF82Xk
iDrBTVQ54llqg8hIjUMZxVKe7gxkX30qwXIV7QUgYKN8sgI/QnZ1A/W6/+EGh7x9
ic93VFfsJE/z2SyIfxeRwk17Vk0KqKYL08HxF20YOEYByxkeJhF2hYNB0/B/EtuI
3VtT7GLab4Nv1Hr9Ps4u/x/WVE7sllRxIBQtRkWZfmZQkpaI3b6y5lSIK5ZOjDuf
9l6zycdh2r6I+joUQ/bcvs1TCJH38dcZTvXVRjS98QHbS2otxguynM8tH9ielFbT
JWKFJKi03LTXF1koOfEwP1pcorAyTEClyInKaF6N1x5OL4zAIgPDyioXGxIuroqq
M/B+BG+Ha8cy7fBKdS86wAxJTso9rLzeX0AEy0VZr5BQMKdslUrK2RanuxwNs8se
wFRMUzqut17PXaQCiKZyOn8S9k6ag1ugXHzDFXFZuIE1CCTQVpDZqBsj64Ct9jQ2
8G8+mLlGgUxvuUzNBn0xE0B2h1ZaxAIQm8HJR9Y10j/u0VVBGEU5VOMMWyJ+7U81
l/R9fUtst5V3JKEVSG4sdLimjDljY0h1Se7dIdnUehBkoG4egNcmUwybbExRuD9w
EhLc0dhD9p6f3tYvhfqc713D+hpR1sjqUh1P++YlacbuIv7CToLcBo/OxijRwNSL
d1AzK1FmL2Vtwx42SnjgDYT7BBZnWr5XVCjlY2kYkQ6mjraa7k3tRFfui3QbpE7c
AD5hR8s0ddDfZqldEi/i0CmI6XFdKQnQ/6===
=/JM1xqbIjYIdrA
-----END PGP MESSAGE-----
Referenced by:
P91870
P91870
Sat 2024-04-27 14:02:00
link
reply
P91370
You have clearly mistaken me for someone else.
P91879
Sat 2024-04-27 19:10:30
link
reply
517ddf5e04a1e0f694a57c2296e9937cb2980b34c9f4e0812de9c0c3725ae294.jpg
87.9 KiB 1017x572
P88583
>rebuild that
The Gentoo package has a lzma USE flag so it is possible to rebuild Tor without lzma.
https://packages.gentoo.org/packages/net-vpn/tor
P90754
>Imagine patching something as important as OpenSSH with something as bloated and unneeded as systemdicks
Don't break your jaw sucking his dick, Arch was the first distro to use systemd in the first place.
Referenced by:
P91890
P91890
Sat 2024-04-27 21:42:41
link
reply
P91879
wut bout the ligma USE flag or will it give you BOUTS of low energy?
Mod Controls:
x
Reason: