is this something we should be concerned about? apparently affects xz 5.6.0, 5.6.1 https://www.there

is this something we should be concerned about? apparently affects xz 5.6.0, 5.6.1
https://www.theregister.com/2024/03/29/malicious_backdoor_xz/

Malicious backdoor spotted in Linux compression library xz

Red Hat in all caps says STOP USAGE OF ANY FEDORA RAWHIDE INSTANCES

AAru is this something we should be concerned about? apparently affects xz 5.6.0, 5.6...

Kyle Gospo•3/29/24, 11:08 PM

does not affect us, only rawhide/F41 (and extremely recent F40 builds)

Kyle Gospo•3/29/24, 11:09 PM

shout out to upstream for catching this

AAru is this something we should be concerned about? apparently affects xz 5.6.0, 5.6...

tryhardsoccermomswag•3/29/24, 11:14 PM

Red Hat in all caps says STOP USAGE OF ANY FEDORA RAWHIDE INSTANCES

this affects so much more too. happy we're not affected by this. debian sid, arch, gentoo, nixOS unstable, and even the homebrew package are affected too

Cep•3/29/24, 11:17 PM

o damn thats p spooky, a good catch indeed wow

ryan•3/29/24, 11:17 PM

yea xz is kinda wild to have a backdoor

fiftydinar•3/29/24, 11:18 PM

the thing is, even previous xz versions could be affected by merged commits from that user

Ffiftydinar the thing is, even previous xz versions could be affected by merged commits from...

Kyle Gospo•3/29/24, 11:19 PM

5.4.6 stable hasn't been found to have any vulns so far

Kyle Gospo•3/29/24, 11:19 PM

seems the maintainer only recently decided to do evil

Kyle Gospo•3/29/24, 11:19 PM

it's an excellent catch

Kyle Gospo•3/29/24, 11:23 PM

ublue at this time is shipping 5.4.4

Kyle Gospo•3/29/24, 11:23 PM

as that's what comes with f39 currently

Niklas ⚡•3/29/24, 11:35 PM

Now I’m glad that I don’t run a rolling release distro

tryhardsoccermomswag•3/29/24, 11:37 PM

what about my arch container /s

Daph•3/30/24, 12:07 AM

i was using opensuse tumbleweed for a long time before switching to this, glad i did because i would have been affected by that issue

Zeok•3/30/24, 12:24 AM

hi, im about to install bazzite os on my legion go. Do you recommend using gnome?? I like it more visualy than kde but I dont know if I would have more errors or something like that

Xe•3/30/24, 12:29 AM

how do you update decky to unstable?

XXe how do you update decky to unstable?

Kyle Gospo•3/30/24, 12:30 AM

it's in the decky settings

ZZeok hi, im about to install bazzite os on my legion go. Do you recommend using gnome...

matt_schwartz•3/30/24, 12:30 AM

it’s mostly a matter of personal preference, although in my experience KDE has been more stable for my own handhelds

Kyle Gospo•3/30/24, 12:30 AM

if you can't get to decky, you can use their installer on their github

tryhardsoccermomswag•3/30/24, 12:30 AM

off topic Xe, but i saw that you helped contribute to the write-up on the recent xz sitaution on github. helpful information on there

KKyle Gospo it's in the decky settings

Xe•3/30/24, 12:30 AM

decky settings causes the entire steamos ui to heck out

XXe decky settings causes the entire steamos ui to heck out

Kyle Gospo•3/30/24, 12:30 AM

yea. use their installer then lol

Kyle Gospo•3/30/24, 12:30 AM

or switch to stable steam if you're not already using it

Xe•3/30/24, 12:31 AM

we're using the families beta lol

Xe•3/30/24, 12:31 AM

right that hecks it

Rryan yea xz is kinda wild to have a backdoor

Rocket_Dragon•3/30/24, 12:34 AM

https://github.com/tukaani-project/xz/issues/100

GitHub

[Feature Request]: Add more backdoors · Issue #100 · tukaani-projec...

Describe the Feature Once everyone knows that this library has backdoors, we can add even more of them so that everyone can benefit. Here are my ideas: register a systemd service and expose a few T...

ryan•3/30/24, 12:38 AM

maybe the year of the linux desktop just needed as many backdoors as windows..

Rocket_Dragon•3/30/24, 12:41 AM

maybe it was the CIA all along

Krepta•3/30/24, 12:41 AM

Any ideas on waydroid not working anymore?

KKrepta Any ideas on waydroid not working anymore?

Kyle Gospo•3/30/24, 12:51 AM

Will be looking into this next, crash in binder

AruOP•3/30/24, 12:51 AM

probably best to temporarily rollback for now while the waydroid bug is being investigated

AruOP•3/30/24, 12:51 AM

i wonder what image is the last good one for waydroid

Krepta•3/30/24, 12:55 AM

Gotcha. It happened when I updated two days ago I think.

Krepta•3/30/24, 12:57 AM

I think a lot of stuff is broken lol. Ptyxis won't launch.

KKrepta I think a lot of stuff is broken lol. Ptyxis won't launch.

Kyle Gospo•3/30/24, 1:13 AM

Ptyxis is an unfortunate dependency issue that occured last night, fix is almost ready

Kyle Gospo•3/30/24, 1:13 AM

Auto updater will fix anyone affected

Kyle Gospo•3/30/24, 1:14 AM

I'd have it done faster but one of the dependencies takes a full hour to build

Krepta•3/30/24, 1:22 AM

Oh okay no problem. Thanks for all your hard work :D.

Brunvik•3/30/24, 1:23 AM

Just did alt+F2 to get to tty and enabled Konsole for this one. Any way to hide Konsole again as soon as Ptyxis is fixed?

BBrunvik Just did alt+F2 to get to tty and enabled Konsole for this one. Any way to hide ...

Kyle Gospo•3/30/24, 1:23 AM

you can remove the desktop icon it made in ~/.local/share/applications

pintocat•3/30/24, 1:57 AM

Ptyxis was weird for me when I tried it two days ago. Konsole doesn't do this. but after some time of btop being open it'd do this. characters in btop, and the tab buttons with artifacting

robbiered•3/30/24, 2:03 AM

Has anyone gotten a switch pro controller to stay connected? I saw through search seems like it doesn’t work well. If not it’s not a big deal. I have others but these are collecting dust.

bramadeusbrozart•3/30/24, 2:17 AM

Once that new OrangePi Neo handheld comes out, is it safe to assume Bazzite will work on it since it has either a 7840u or 8840u? I want to get it (handheld addiction) but I'm not so keen on running Manjaro on it...