I’d trust also the official Arch repo.

Yeah they’ve only rolled out a version of curl that broke the package manager a few times.

I may be a touch biased, but I feel like you might enjoy trying Gentoo one day, especially with the recent official binary package host.

Could you elaborate?

TL;DR don’t worry (for now) - it only impacts rpm and deb builds and impacted releases only really made it into OpenSuSe tumbleweed - if you’re running bleeding edge maybe you need to worry a little.

A laymans explanation about what happens is that the malicious package uses an indirect linkage (via systemd) to openssh and overrides a crypto function which either:

• allows access to the system to a particular key
• allows remote code execution with a particular key

Or both!

I have secondhand info that privately the reverse engineering is more advanced, but nobody wants to lead with bad info.

As for what you should do? Unless you’re running an rpm or deb based distro and you have version 5.6.0 or 5.6.1 of xz-utils installed, not much. If you are, well, that comes down to your threat model and paranoia level: either upgrade (downgrade) the package to a non-vulnerable version or dust off and nuke the site from orbit; it’s the only way to be sure.

I use Traefik for all of my containerised services. It’s fantastic.

You can never trust it for long term archival / to stay intact for a long period though.

Counter point: I don’t want an untraceable phone used as a detonator. There’s a reason that these things are linked to real-world identities.

Someone doesn’t understand how casettes work!

Hint: the reels need to be driven.

IRC is fine, so are mailing lists; I use both, plus various git forges, to contribute to open source projects.

IRC is still going strong on OFTC and Libera.chat

I get that the younger folks like discord, but seriously it’s a proprietary mess that locks everything behind a wall and tries to extract payment from each and every user.

It may or may not work, unfortunately.

I successfully ran 2x32GB in a Dell XPS 15 that “didn’t support” it, because the larger DIMMs didn’t exist at the time it was designed and documentation was done up.

It’s not going to hurt to try, but if you have two DIMM slots it’s worth a shot; the slots are already wired up to address lines! Maybe try with one first?

Edit: the CPU specs say that it supports 64GB and only up to two memory channels. It’s looking pretty good on that end.

You want a standard rack shelf, it’ll fit 3-4 SFF stacked sideways. You can 3D print some supports.

No idea if it’ll fit in a shallow rack.

BareOS is a great open source option. The GUI is a webUI but you also have a powerful console on the shell if you need to script.

I have a multi-WAN configuration on my router, with ipv6 VDSL then ipv4 VDSL then a prepaid 4G modem as the backup link. I rarely fail over but it’s been fantastic watching traffic stats when it does.

My only downside is the CGNAT on that connection that prevents things like a backup VPN gateway…

A software platform that makes it nearly impossible for Beehaw to host, in any way, CSAM.

I hate to say it, but you’ll need to find a text-only platform. Allowing any image uploads opens the door to things like this.

Besides that, if your concern is that no moderator should be exposed to anything like that, well on a text-only site you might have to deal with disguised spam links to gore, scam, etc. You’ll still have to click on links to effectively moderate.

Maybe you should consider if this is a position that you want to put yourself in again. It sounds like this may just not be for you.

Simply refuting the BS claim that it’s impossible for there to be a Linux virus.

This one existed, therefore the claim is false.

There are still no viruses for Linux … because it’s not possible.

Here is just one example that proves your assertion wrong.

https://www.f-secure.com/v-descs/slapper.shtml

There are no viruses for Linux.

Blatant lies.

https://en.m.wikipedia.org/wiki/Linux_malware

Oh hey.

I’ve done this in a ton of different ways.

Manually, viis GitLab CI/CD, CI/CD with Kaniko.

My current favourite though is Kubler; I did a write-up for Lemmy a little while ago: https://lemmy.srcfiles.zip/post/32334

It’s fine with Let’sEncrypt via the DNS01 challenge; my lab typically only uses one wildcard certificate for all the services there unless I have a specific need to generate an indovidual cert for a service.

At the end of the day Traefik isn’t that hard, especially if you know the core concepts; if you know both and have a need for Traefik I’d just use that everywhere.