Heads up: Bandcamp is doing a Bandcamp Friday-style event this Friday for charity. Bandcamp's cut of every sale is going to support musicians affected by the California wildfires. https://daily.bandcamp.com/features/bandcamp-fundraisers

It seems that a few people are being misinformed about the deprecation of the X11 backend, usually because they read screeds from well-known bad faith actors.

The X11 backend being deprecated mainly means that we're not going to spend time implementing new features, like dmabuf, graphics offloading, or Vulkan support. X11 support will still exist until GTK4 is EOL, which will happen once GTK *6* is released. We're talking about a 20 years horizon, at this point…

@lornajane Doesn't FOSDEM put the talks online itself? Is it even possible to re watch the talks?

@kernellogger I doubt it too as many problems i had in the past with amdgpu sadly. But at the moment 6.13.1 looks good with Phoenix GPU.

Interestingly, two days before Oracle deleted my account and all servers associated with it, I publicly criticized Oracle's CEO in a viral post for promising dystopian AI surveillance technology to his investors.

https://mastodon.de/@ErikUden/113879369270806353

What a weird coincidence.

Debian Linux announce they will no longer post on X

“X evolved into a place where people we care about don't feel safe.”

https://micronews.debian.org/2025/1738154246.html

@User47 be sure to have at least one device able to open https://wiki.archlinux.org/title/Main_page secondly you need time and at the end you profit and be happy and could also be able to give something back.

@Kaffee_Junkie42 jap encryption . wollte das bewusst ausschalten da ich nicht in die Cloud transferieren sonder auf locale HDDs die schon verschlüsselt sind mit LUKS. Wollte auch nur auf den unterschied hinweisen.

@Kaffee_Junkie42 habe mich heute gefragt ob es sinnvoll ist das borg repo zu kopieren oder einfach auf verschiedenen quellen neue zu erstellen. Danke !. Ein unterschied zwischen borg und restic den ich festgestellt habe, restic will zwingend ein password/key und borg funktioniert ohne "-e none".

Tesla Gigafactory, Berlin - right now! In cooperation with @ledbydonkeys.org

[related]

"A look at the recent rsync vulnerability"
👇
https://lwn.net/SubscriberLink/1005302/0eac0cf6f7cd7504/

#CVE_2024_12084 #rsync

Fixes for a critical rsync vulnerability (CVE-2024-12084) have been released for Stable/Bookworm, Testing and Unstable. Oldstable/Bullseye is not affected. Fixes for other lower severity CVEs have also been released in the same update and can all be tracked at https://security-tracker.debian.org/tracker/source-package/rsync. The fixed Stable version is 3.2.7-1+deb12u1 and the fixed Testing/Unstable version is 3.3.0+ds1-3

#qutebrowser is 11 years old, almost on the minute! I'm celebrating by releasing v3.4.0: https://listi.jpberlin.de/pipermail/qutebrowser/2024-December/000960.html

my #38c3 community talk is scheduled on the 28th (day 2) at 16:40, stage HUFF https://cfp.cccv.de/38c3-community-stages/talk/A8BPKQ/

I created a .js file containing the following, then just configured FireFox to point to this file in the "Automatic proxy configuration URL" using 'file:///'.

This will proxy everything related to youtube or google. Well, at least most things since google use so many different hosts for various content. This works and is a good start.

More here: https://developer.mozilla.org/en-US/docs/Web/HTTP/Proxy_servers_and_tunneling/Proxy_Auto-Configuration_PAC_file#dnsDomainIs(host,%20domain)

Thanks to @HeNeArXn !

#google #youtube #proxy

APT in experimental now uses OpenSSL.

“The Ugly Truth About Spotify Is Finally Revealed”

https://www.honest-broker.com/p/the-ugly-truth-about-spotify-is-finally

> In other words, Spotify has gone to war against musicians and record labels.

Over at the bad site, there's a discussion about a malicious RAR file with a LNK file in it that points to a hidden folder with an EXE in it. Double-clicking the LNK file runs the EXE with no Smart Application Control, no SmartScreen, and no warning.

Ah, that must be CVE-2024-30370, right? That vulnerability is that WinRAR wasn't consistently applying MoTW.
https://www.zerodayinitiative.com/advisories/ZDI-24-357/

Before the CVE-2024-30370 fix, WinRAR applied MotW to (some) Office docs only. The current version applies it to more things, including LNK files. But not everything by default.

But not so fast... What about the fan favorite 7-Zip? By default it applies the MotW to NOTHING, for performance reasons. But you can turn it on if you're one of those weirdos who care about security.

Is the WinRAR thing CVE worthy because it's was not configurable in the CVE'd version? And 7-Zip is *not* CVE worthy because it *can* be configured, but is insecure by default? 🤔

@mgorny there is also this https://socket.dev/blog/supply-chain-attack-solana-web3-js-library