All things Linux

[Dakota Tebaldi]

Spoiler

Doesn't really work here though - no sound

I see Free already gave you just partial credit because of that.

Spoiler

I mean...there's subtitles. Surely that counts for something!

 

[Free]

Spoiler

I mean...there's subtitles. Surely that counts for something!

Spoiler

[iconic synth-pop bassline]

 

[Khamon]

ha ha ha

ha ha ha ha ha

Spoiler

I got all the way to reading "gotta make you understand" before I realized

 

[Dakota Tebaldi]

Ugh. Fash Linux/FOSS is a thing, if you didn't know. It's a tiny minority and it's usually a very mild annoyance at worst, but it's about to become an unavoidably present thing and I hate it. Sigh.

 

[Noodles]

Ok, I have a Linux question. I could probablynsearch but I will start by asking here.

I have Mint on my Laptop. My user home folder is mapped onto a second internal drive. I don't have a lot really installed special or anything.

I kind of want to move to something else, not exactly sure what yet, but how hard will it be to just, install something else then remap my home folder and basically be there.

I suppose I could install something else alongside Mint but I kind of don't want to get GRUB involved because I kind of hate GRUB.

 

[Veritable Quandry]

This is what I do. Keep user files on a second drive so I can migrate or share files between different operating systems.

 

[Dakota Tebaldi]

Watch your old Snaps, guys:

Linux Snap Users Warned as Attackers Push Malware Through Old Trusted Apps

A new Snap Store scam campaign abuses expired publisher domains to bypass trust signals and deliver malicious app updates.

linuxiac.com

So I guess if you have a Snap application that hasn't been updated in quite a while and it suddenly has an update available, you'll want to either wait a bit before accepting it, or better go to the dev page and make sure they've really updated it first.

 

[Dakota Tebaldi]

Very few people use Telnet these days because it is old and leaky, but a lot of older systems and devices still have to use it because they can't run or can't easily run SSH for whatever reason.

Well there's a huge newly-discovered vulnerability in Telnet, where a single simple command can immediately log you into any Telnet server as root, bypassing the authentication process entirely. And it turns out this vulnerability has been around for over a decade and while the good guys only recently discovered it, bad guys have already been taking advantage of it for quite a while.

Short-ish video demonstrating the attack:

 

[Argent Stonecutter]

If it's modern enough to run GNU inetutils it's modern enough to run ssh. I would expect to see telnet on embedded systems running IOS or some other '80s era firmware.

 

[Dakota Tebaldi]

You would know better than me. I have only ever visited telnet servers for fun and silliness. Like,

telnet mapscii.me

...gives you an ASCII world atlas that is zoomable to street level. Or

telnet halite.md.vc

...which is, well, special.

I've heard there's a number of old-school MUDs that are still available by telnet too.

 

[Noodles]

Very few people use Telnet these days because it is old and leaky, but a lot of older systems and devices still have to use it because they can't run or can't easily run SSH for whatever reason.

Well there's a huge newly-discovered vulnerability in Telnet, where a single simple command can immediately log you into any Telnet server as root, bypassing the authentication process entirely. And it turns out this vulnerability has been around for over a decade and while the good guys only recently discovered it, bad guys have already been taking advantage of it for quite a while.

Short-ish video demonstrating the attack:

Honestly, this feels like it coukd be a blessing for some people trying to work with some old equipment and can't get into it.

 

[Essence Lumin]

`Not sure where you got this from.

And it turns out this vulnerability has been around for over a decade and while the good guys only recently discovered it, bad guys have already been taking advantage of it for quite a while.

Telnet is vulnerable by design. All you have to do is listen on the wire and the next time some valid user types their name and password you have it. As for the above statement, your video mentions an article in bleeping computer which says

The malicious activity started on January 21 (one day after the vulnerability was patched) and originated from 18 IP addresses across 60 Telnet sessions, abusing the Telnet IAC option negotiation to inject 'USER=-f <user>' and grant attackers' shell access to compromised devices without authentication.

While these attacks varied in terminal speed and X11 DISPLAY values, they targeted the 'root' user in 83.3% of the cases. Also, even though most of them appear automated, GreyNoise observed some "human-at-keyboard" cases.

After gaining access, the attackers also attempted to deploy Python malware following automated reconnaissance, but these attempts failed due to missing directories and binaries.

which is a far cry from being used for decades or even quite a while.

 

[Argent Stonecutter]

Aww, I don't know if it's the office firewall or if it's down but telnet towel.blinkenlights.nl isn't working from here,

Telnet is vulnerable by design. All you have to do is listen on the wire and the next time some valid user types their name and password you have it.

We used to print out a list of one-time codes before we went to a conference, back when telnet was actually state of the art.

 

[Dakota Tebaldi]

lol

rgegriff (On a new server) (@rgegriff@masto.hackers.town)

As a long time Linux user; do you know how bad you have to fuck up your operating system to make people WANT to use Linux? Regular people in my life keep asking me for advice and... I mean, cool. But, like, what the fuck is Microsoft doing over there?

masto.hackers.town

 

[Argent Stonecutter]

LOL, I just went down the rabbit hole trying to get telnet towel.blinkenlights.nl working and run into a reference to a guy I used to know who I used to get a Usenet feed from who is now immortalized as an example in a dox.

 

[Dakota Tebaldi]

I really like Wayland. Wayland is the default renderer on Debian 13, at least when you're using KDE, so I've been using it since I upgraded the OS and I have to say, it works like a charm for me. The way you hear some crotchety linuxers talk about it, you'd think it was a completely bugged mess that makes your PC unusable. Nearly as I can tell though, they're all just wrong or their info is outdated. I've only heard of a handful of still-existing problems in very specific situations, none of which apply to my case, and I have yet to actually try to do something and not be able to do it because of Wayland.

 

[Bartholomew Gallacher]

There are good reasons about why people are critical about Wayland. First is the abyssmal slow development speed of the project, which came out in 2008. Just recently Wayland finally got window placement support after 2 1/2 years of long discussion. A feature, which many applications do require.

Also its governance is borked.

And a fundamental flaw of design is fragmentation: since Wayland is only a protocol with extensions but not a window server, every compositor needs to make decision on its own on how to implement certain stuff, also on which extensions to support or not. Instead of having to learn only how to configure X11 in the past, you are now being faced with how to configure the different aspects of every compositor. Most will have a common denomitor of options, but then start to differ.

Also X11 development is now going on with much more speed since the Xlibre fork.

 

[Argent Stonecutter]

Also I am used to using X11 over a network. With Wayland there's a couple of alternate ways to stream it (either falling back to X11 or virtualizing Wayland) that don't work very well, I gave up and went with VNC which is effectively a screen scraper.

 

[Dakota Tebaldi]

Just because I've definitely noticed people posting screenshots of their dynasty-level uptimes

 

[Argent Stonecutter]

Devotion to Duty

xkcd.com