Chirp!
  • Login
Chirp! is a GNU Social instance for the Cooley and Sekula families and their friends.

  • Public

    • Public
    • Network
    • Groups
    • Popular
    • People

Conversation

Notices

  1. AndresFreundTec (andresfreundtec@mastodon.social)'s status on Monday, 08-Apr-2024 23:23:44 UTC AndresFreundTec AndresFreundTec

    I accidentally found a security issue while benchmarking postgres changes.

    If you run debian testing, unstable or some other more "bleeding edge" distribution, I strongly recommend upgrading ASAP.

    https://www.openwall.com/lists/oss-security/2024/03/29/4

    In conversation about 8 months ago from mastodon.social permalink
    • gokuldas (gokuldas@mastodon.social)'s status on Monday, 08-Apr-2024 23:23:43 UTC gokuldas gokuldas
      in reply to

      @AndresFreundTec "... and kids, that's how i saved the world"

      In conversation about 8 months ago permalink
      Santa Claes πŸ‡ΈπŸ‡ͺπŸ‡­πŸ‡°πŸŽ… likes this.
    • AndresFreundTec (andresfreundtec@mastodon.social)'s status on Monday, 08-Apr-2024 23:23:44 UTC AndresFreundTec AndresFreundTec
      in reply to

      I was doing some micro-benchmarking at the time, needed to quiesce the system to reduce noise. Saw sshd processes were using a surprising amount of CPU, despite immediately failing because of wrong usernames etc. Profiled sshd, showing lots of cpu time in liblzma, with perf unable to attribute it to a symbol. Got suspicious. Recalled that I had seen an odd valgrind complaint in automated testing of postgres, a few weeks earlier, after package updates.

      Really required a lot of coincidences.

      In conversation about 8 months ago permalink
    • Gordon Messmer (gordonmessmer@fosstodon.org)'s status on Monday, 08-Apr-2024 23:23:46 UTC Gordon Messmer Gordon Messmer
      in reply to

      @AndresFreundTec Thank you so much for finding this!

      The questions at the top of my mind now are: who will fork and continue maintenance of xz? How will we determine that we can trust them? And how will we apply those lessons throughout the larger ecosystem?

      In conversation about 8 months ago permalink
      Santa Claes πŸ‡ΈπŸ‡ͺπŸ‡­πŸ‡°πŸŽ… likes this.
    • Gordon Messmer (gordonmessmer@fosstodon.org)'s status on Monday, 08-Apr-2024 23:23:47 UTC Gordon Messmer Gordon Messmer
      in reply to
      • malte

      @malte @AndresFreundTec There's still a lot of data out there already in xz format, so merely dropping the software would mean that that data becomes unreadable. Dropping it may be an option, but I'm not sure it's the best option.

      In conversation about 8 months ago permalink
      Santa Claes πŸ‡ΈπŸ‡ͺπŸ‡­πŸ‡°πŸŽ… likes this.
    • malte@anticapitalist.party's status on Monday, 08-Apr-2024 23:23:48 UTC malte malte
      in reply to
      • Gordon Messmer

      @gordonmessmer @AndresFreundTec i read that many projects migrate to zstd anyway Β―\_(ツ)_/Β―

      In conversation about 8 months ago permalink

Feeds

  • Activity Streams
  • RSS 2.0
  • Atom
  • Help
  • About
  • FAQ
  • Privacy
  • Source
  • Version
  • Contact

Chirp! is a social network. It runs on GNU social, version 2.0.1-beta0, available under the GNU Affero General Public License.

Creative Commons Attribution 3.0 All Chirp! content and data are available under the Creative Commons Attribution 3.0 license.