Nice, I wish I didn’t trade in my old card 😅😥

They must have something to hide 🤨

Connect it to your PC or laptop and do a netinstall. Configure SSHD and a static ip. Plugin the disk to your server and then connect via ssh to admin it.

You could also set your laptop or PC to boot from the attached disk in the bios to test the services you want to start are starting

Happy to help 😉

Syncthing can do direct sync if you give the ip address to each node and you can disable relay servers .

The PSP ones are good too and a bit more modern, they run great in ppsspp

Welcome to the party pal

You’re wholesome OP 🤗

Imagine paying for an OS to have ads in it. 🐃💩

Thankfully we have Linux/BSD

It doesn’t matter that you can disable it, this stuff shouldn’t be in the OS in the first place

Kdeconnect works great too if you are using linux and android

Yeah this is a much better approach

You could just poll it every few minutes via a cronjob and only send a notification if the numbers have increased.

Personally I use miniflux too in docker but I dont have a need for notifications.

Doom 2016 & flatout (whatever edition was recently steamdeck verified).

Could you just poll the miniflux db directly ?

On laptops yes, on my server no. Most of the data is photo backups and linux ISOs form over the years.

Ive thought about using it for bank apps so I dont have hassle if I lose the phone or it gets robbed. Has anyone tried this ?

You are right, as you note this requires a set of skills that many don’t possess.

I have been looking for ways I can help going forward too where time permits. I was just thinking having a list of possible targets would be helpful as we could crowdsource the effort on gitlab or something.

I know the folks in the lists are up to their necks going through this and they will communicate to us in good time when the investigations have concluded.

I think going forward we need to look at packages with a single or few maintainers as target candidates. Especially if they are as widespread as this one was.

In addition I think security needs to be a higher priority too, no more patching fuzzers to allow that one program to compile. Fix the program.

I’d also love to see systems hardened by default.

I’m curious to know about the distro maintainers that were running bleeding edge with this exploit present. How do we know the bad actors didn’t compromise their systems in the interim ?

The potential of this would have been catastrophic had it made its way into the stable versions, they could have for example accessed the build server for tor or tails or signal and targeted the build processes . not to mention banks and governments and who knows what else… Scary.

I’m hoping things change and we start looking at improving processes in the whole chain. I’d be interested to see discussions in this area.

I think the fact they targeted this package means that other similar packages will be attacked. A good first step would be identifying those packages used by many projects and with one or very few devs even more so if it has root access. More Devs means chances of scrutiny so they would likely go for packages with one or few devs to improve the odds of success.

I also think there needs to be an audit of every package shipped in the distros. A huge undertaking , perhaps it can be crowdsourced and the big companies FAAGMN etc should heavily step up here and set up a fund for audits .

What do you think could be done to mitigate or prevent this in future ?

Your distro should havê a security mailing list you van subscribe to