Unofficial KISS Linux community channel | https://kisscommunity.bvnf.space | post logs or else | song of the day https://yewtu.be/watch?v=2djlxCWcNOM |
---|
Earlier messages |
---|
| <solaare> | why is a software like xz getting regular updates anyway?? shouldnt this type of stuff be "finished" software? |
| <solaare> | another example of useless engineering |
| <Guest47> | testuser: i'm trying to package them in oasislinux, so they should support static linking |
| <Guest47> | i can see that cryptsetup supports static linking. but I'm not sure about lvm2. however, i think from lvm2 i only need device mapper |
| <Guest47> | i hate to deal with all of those complex softwares just to encrypt my #HOME partition |
| <testuser[m]> | Guest47 you can check out ecryptfs |
| <Guest47> | this looks interesting as fuck! |
| <Guest47> | so i just need to enable it in my kernel? |
| thikkl | joined |
| <Guest47> | testuser: i can see there is other options too like fscrypt. what would you recomannd? |
| <Guest47> | bruh |
| Guest47 | left |
| Guest47 | joined |
| <Guest47> | sorry my internet just disconnectd |
| thikkl | quit (Ping timeout: 250 seconds) |
| <Guest47> | so about ecryptfs, i just need to enable it in the kernel? |
| <Guest47> | testuser: also, i see there is some other options, such as fscrypt. what would you recommand? |
| <testuser[m]> | ecryptfs yes but you need userspace helpers for it |
| <testuser[m]> | not heard of fscrypt, will check it out |
| <testuser[m]> | https://wiki.archlinux.org/title/Fscrypt fscrypt might be better according to this |
| <Guest47> | with ecryptfs, do you thing it is possible to a nation state to decrypt the partition, like seriously |
| <testuser[m]> | it just says its using older crypto, not broken crypto |
| <testuser[m]> | as for a nation state they would just put a gun to ur head and ask u to unlock, not try to crarck it |
| thikkl | joined |
| <Guest47> | lool i should stop pretending to be nerd |
| fererrorocher | quit (Quit: WeeChat 4.2.1) |
| <Guest47> | thanks man, you was very helpful |
| fererrorocher | joined |
... |
---|
| thikkl | quit (Remote host closed the connection) |
| thikkl | joined |
| thikkl | quit (Remote host closed the connection) |
| midfavila | joined |
| <midfavila> | hey |
| <midfavila> | so |
| <midfavila> | don't think it affects kiss |
| <midfavila> | but it might so upstream should still check it out if they haven't already |
| <midfavila> | there's an exploit that was patched into xz's upstream source that ends up affected openssh because stack shenanigans or something |
| <midfavila> | https://boehs.org/node/everything-i-know-about-the-xz-backdoor |
| <midfavila> | also mentions the same user responsible for the xz problems messing with libarchive |
| <midfavila> | systemd and certain patches for openssh are known vulnerable but there's no guarantee for other combinations according to https://gist.github.com/thesamesam/223949d5a074ebc3dce9ee78baad9e27 |
| <midfavila> | same gist also says that only glibc systems are affected due to musl lacking certain symbols |
| <midfavila> | so musl kiss is safe, but gkiss users might want to look into things |
| <sad_plan> | seems to have been resolved here by downgrading to 5.4.2. which is the newest without commmits from this individual iirc |
| <sad_plan> | atleast for kiss. I havent checked gkiss |
| <sad_plan> | alpine and arch, and probably others aswell, seems to instead just use the git tag instead of the generated tarball |
| midfavila | quit (Read error: Connection reset by peer) |
| midfavila | joined |
| <midfavila> | okay, cool. i figured someone here was aware of it but i wanted to make sure |
| <midfavila> | i'll have to drop my fork down a minor version |
| <midfavila> | it's still on 5.4.3 |
Later messages |
---|