You are not logged in.
- Topics: Active | Unanswered
#1 Re: Forum Feedback » Username Sanitisation » 2025-12-05 14:27:12
Pretty sure you could insert comment blocks /**/ instead of relying on spaces as separators. So disabling spaces might not make much difference, in the grand scheme of things, though in my opinion, they should be disallowed.
I had a look for known CVEs and only found an earlier SQL injection, relating to a different script, but admittedly didn't look very hard...
#2 Re: Off-topic » Trying to explain what happened with Cloudflare? » 2025-12-04 17:55:13
You can drill down to get that info. My point is that, Debian is actually not this pinnacle of design and engineering that some believe it to be. It's the approach of freezing at these specific package versions and then patching, that creates many of these problems, then the backporting of "upstream" security patches to older versions has been shown to be unreliable time and again - i.e. those patching not understanding what they're patching, and not factoring in upstream changes in newer versions and their dependencies which could render the patch useless or detrimental (it has happened).Then there are the plethora of bugs which remain unfixed for the lifecycle of a release, because they either can't be easily fixed without upgrading components to newer versions or there is no one willing/able to do the work.
#3 Re: Off-topic » Trying to explain what happened with Cloudflare? » 2025-12-02 18:19:54
"I thought the web was built more like Debian"
Lets hope not:
https://www.cvedetails.com/vendor/23/
https://www.cvedetails.com/version-list … Linux.html
Also:
https://security-tracker.debian.org/tra … ase/stable
https://bugs.debian.org/release-critica … n/all.html
FreeBSD for comparison
#4 Re: Off-topic » Hard Rust requirements for APT from may next year » 2025-11-20 18:26:33
sudo-rs (sudo rewritten in rust) has had few recent vulnerabilities:
https://security-tracker.debian.org/tra … st-sudo-rs
https://ubuntu.com/security/notices/USN-7867-1
#5 Re: Off-topic » Microsoft admits it's own AI is malware. » 2025-11-19 18:33:26
Following another link from the one in the OP: https://www.windowscentral.com/microsof … ack-online
No one wants this, but it's happening anyway.
The problem with Microsoft is that it all comes down to shareholders demands and they understand 0 about OS, software development and computing in general. So when it comes to "cloud", "AI", "memory safe", and the next fads, they want to see these represented in some form. It has to "grow"... and it's about being seen to be doing something to compete, and stay relevant.
#6 Re: Off-topic » GTK2 Removed from Arch's Repositories » 2025-11-14 14:15:40
I must have missed the "constructive criticism".
There will probably never be a "Year of the Linux Desktop", because desktops and by extension laptops which run a consumer OS such as Windows or macOS are developed for profit first and foremost and to hold a users hand through normal usage, installtion of software, configuration and setup. That is to say that they are designed and engineered to meet the demands of a customer - and underlying complexity isn't a problem for such OS so long as the UI and getting things installed and working is "easy". The large teams develping such an OS are well paid and the people using it almost always pay for it, either with their money or their data. This model doesn't translate to FOSS software developed by volunteers, who don't service customers at all.
A "free" OS is a whole different ball game: No one is going to develop "Desktop Linux" completely for free - for people who want a Windows/macOS experience, if there are no rewards for doing so - which is why it hasn't happened to date.
Of the projects making the biggest strides in that direction, such as systemd, gnome, KDE, wayland, etc - they have attracted criticism from certain quarters for particular design decisions, increased complexity and/or corporate funding/influence.
Undortunately any efforts towards Linux on the desktop nowadays will be corporate backed aside from simple Window managers. There is the conundrum. To avoid this move away from UNIX style KISS philosophy, means embracing simpler software such as window managers and using the terminal - you can't have it both ways... well you can, but you need to get the skills to do it yourself.
#7 Re: Off-topic » GTK2 Removed from Arch's Repositories » 2025-11-13 18:23:41
No idea what any of that has to do with the deprecation and obsolescence of gtk2 - and it's removal from Arch Linux repositories.
It does mean, however, that GTK 2 has reached the end of its life. We will do one final 2.x release in the coming days, and we encourage everybody to port their GTK 2 applications to GTK 3 or 4.
https://blog.gtk.org/2020/12/16/gtk-4-0/
It's very simple: When gnome 2 was declared EOL by the gnome project, people stepped up, forked it and that's why Mate exists. You also have projects such as Xlibre and of course Devuan... without someone doing the work, it doesn't happen. You will get the same script on the OpenBSD mailing lists - one of the least corporate FOSS projects there is.
The writing was on the wall for gtk2 with regards to systemd embracing projects such as Arch.... so this thread really is non news.
#8 Re: Off-topic » GTK2 Removed from Arch's Repositories » 2025-11-13 08:10:33
We can only blame MATE and Xfce developers AND users for not forking/improving GTK2.
Always easy to blame those people who presumably should have developed and maintained 23 year old software for free...
#9 Re: Off-topic » Hard Rust requirements for APT from may next year » 2025-11-12 08:12:49
The point is that it's funded and organised by the Rust Foundation, which is a consortium of Microsoft, google and Amazon, along with Huawei and the founder Mozilla (who famously laid off all the developers).
In other words there is a business case for rust, otherwise those top three wouldn't be involved.
At this moment in time, there are no serious efforts to rewrite any OS in rust, but time will tell and as other "memory safe" languages are on the rise, it may never happen anyway. There is a corporate demand for memory safe languages at the application level - this where the likes of MS and google are focused.
But anyway, back to topic: It appears there are already hard rust depends for Debian?
But what this thread amounts to is complaining about a corporate backed language being adopted in an already corporate controlled distribution which itself distributes a lot of already corporate funded and developed software such as the Linux kernel, X.org, gnome, systemd, wayland, etc. That horse has bolted.
#10 Re: Off-topic » Hard Rust requirements for APT from may next year » 2025-11-05 18:13:33
Be aware: https://lists.debian.org/debian-devel/2 … 00288.html
Rust is already a hard requirement for all except those obscure architectures that are referenced
Rust is a fad and it's adoption has slowed, but "memory safe" is now a thing, regardless of what happens with rust in the future.
#11 Re: Installation » Package Numad daemon not working in Devuan » 2025-11-03 18:59:24
There's no sysvinit script included in the Debian package, but also no hard dependency on systemd so far as I can tell.
#12 Re: Off-topic » Hard Rust requirements for APT from may next year » 2025-11-03 08:39:26
Oxidization of Linux == converting everything to MIT or BSD licenses.
The corpos want ownership of the plantation, and they can't have that with GPL, so it has to go.
They've got Ubuntu. Is Debian on the same path?
Actually they can and they have. You should refer to the licences of the Linux kernel and systemd in particilar, both corporate funded and managed projects.
By contrast, look at projects like OpenBSD, NetBSD and FreeBSD where there are donations, but zero or far less corporate reps steering things. All of those are permissive licenced. The main difference is that when e.g. Apple wanted to use code from any of those and include it in their OS, they just did that - they had no need to implant their own people, pay for things and take control - as the likes of MS, facebook, IBM, Microsoft, etc have done with the Linux Foundation.
Debian is the base system for Ubuntu, shares many of the same "developers" and maintainers, culture, etc.
#13 Re: Off-topic » Hard Rust requirements for APT from may next year » 2025-11-02 13:18:44
debian developer
ubuntu core developer
And there it is...
So guess who is really forcing in rust?
#14 Re: Other Issues » [SOLVED] Debian User Forum » 2025-10-29 14:12:16
Donald is doing a great job of deterring anyone of above average intellect from visiting the site - he should be welcoming bots, not excluding them...
debianuserforums.org has been gone for years now.
#15 Re: Off-topic » Critical security flaw in sudo » 2025-10-22 15:01:33
Exactly what it was written for.
Well it's kind of down to interpretation:
Sudo (su “do”) allows a system administrator to delegate authority to give certain users (or groups of users) the ability to run some (or all) commands as root or another user while providing an audit trail of the commands and their arguments. For more information, see the introduction to Sudo.
I think that sums it up well. But while the functionality to give a user the privileges to run all commands as root is there, that doesn't necessarily mean it's a good idea. It's just a statement of fact that it can be used for that (the rm command can also be used to delete all of your files, or just one, for example).
sudo has been around for a very long time:
Sudo was first conceived and implemented by Bob Coggeshall and Cliff Spencer around 1980 at the Department of Computer Science at SUNY/Buffalo. It ran on a VAX-11/750 running 4.1BSD.
So, yes not really needed for or designed for domestic / home users PCs.
Canonical/Ubuntu and a few others utilised it simply as a means to eliminate / hide the root account, in order to appease migrants from Windows, and to implement an environment with more "hand holding" (protecting users from themselves). This was all based on the idea that users new Linux would do stupid things, such as running an X session or file manager as root. From this you'd get breakage, and inevitably "back to Windows", which equates to bad press / reputation for the distribution - something Canonical as a commercial entity had wanted to avoid.
I would not rank sudo alongside other controversial or problematic software, such as systemd, wayland, pulseaudio, rust, etc... and in the grand scheme of things, sudo's security track record isn't bad, when compared to those and to the Linux kernel itself.
But, if you don't use it, then I believe it's wise to remove it - that is if you're certain it's not being used by a script you may use/depend on without knowing it.
#16 Re: Off-topic » Critical security flaw in sudo » 2025-10-22 10:07:18
I was attempting to point out that sudo's record for vulnerabilities is considerably better than that of the Linux kernel, for example.
I think sudo has a bad press because of the association with Ubuntu - even though it was actually developed by an OpenBSD developer and the Ubuntu default configuration of sudo actually makes no sense, unless one specifically wants the auditing - otherwise su will suffice.
Aside from the above, sudo makes sense in settings where you want to alliow someone to carry out a specific task, which requires root privileges, without giving them root.
#17 Re: Off-topic » Critical security flaw in sudo » 2025-10-16 07:47:44
These were fixed back in June: https://git.sudo.ws/sudo/commit/?id=23aff2b37
To add some much needed perspective:
https://www.cvedetails.com/vendor/15714/
https://www.cvedetails.com/vendor/33/Linux.html
Yet none here seem concerned about running the Linux kernel...
#18 Re: Off-topic » The need for cooperation as central motivation in Unix and GNUproject » 2025-08-06 08:21:22
@zapper, two important points:
Most people do not make informed choices based on engineering and good design - after having gained an understanding. They make uninformed decisions based on marketing, and have little understanding of the software. Chrome was marketed to the majority of people who know zero about FOSS anyway, and to such people Chrome is "free". To FOSS users and developers, the underlying chromium/blink is "open source", and Mozilla were busy destroying themselves from the inside out, so chromium's ascent, not just as Chrome, but as a new base for most browsers outside of Apple, and many "apps", was assured.
The mozilla corporation and foundation are to blame for this. They're not trying to take back market share / mind share and are focused on the wrong things. They surrendered to chromium, due to who pays the bills. I'm was surprised that firefix didn't rebase on chromium long ago... but then you have to remember this would fuel a true fork, which the paymasters don't want - so leaving the thing on life support and mismanaged by clowns was the best strategy.
#19 Re: Off-topic » The need for cooperation as central motivation in Unix and GNUproject » 2025-07-14 07:24:07
The replacement culture was well under way by 2014 when the tech world verbally attacked Brendan Eich for a relatively minor campaign contribution he'd made 5 years earlier, and forced him to step down at Mozilla. Where was the rest of tech world's support for Eich, for cooperation and for keeping politics out of development?
^^^Great example fanderal! And to expand on that:
Global marketshare of Firefox web browser:
January 2014 = 14.88%
ten years later...
February 2024 = 2.82%
I'm not convinced that the removal of Eich led to Mozilla's downfall, the decline of firefox and the rise of google chrome. It's just a symptom of a larger problem.
When chrome first appeared, it's important to take a few facts into account. At that time, both firefox and IE were still contenders, mobile computing was still in the early phase, and google were funding mozilla, as is still the case. Despite the funding, google employed aggressive marketing in a global campaign and used its growing dominance of the web to engineer firefox out. Coupled with that, key people at Mozilla, steered the project onto the rocks, whilst commanding large salaries and diverting funding away from firefox and onto side projects. So indirectly, google pay them and they in turn move the focus away from the project which is suppisefly being funded.
#20 Re: Off-topic » GNOME is taking the scum bag approach still... » 2025-07-11 07:52:06
Back on topic.
I don't see gnome project's actions and future plans as anything new or startling.
gnome is developed by people either in the corporate employ and/or under corporate direction. I have honestly never understood or seen the point in it, but there it us. It has been developed and offered as a brand/product for over a decade now and most people who have been using Linux for a few years will know whether or not they want to use it or avoid it altogether.
gnome project developers famously stated on their mailing lists that they wanted to restrict themining, installing and choosing non default applications and modifying the appearance. It's a stated goal of the project that someone looking over the shoulder of a gnome user can instantly see that they are using gnome (as is the case with Windows or macOS).
For the gnome project, the old "we're dropping support for xyz [to push users onto abc] because of [all these man power and maintenance related reasonings]" is just normal day to day workflow. Your only choice is to vote with your feet. As you will learn from the OpenBSD project: if you're not a developer, you don't get to make the decisions - we are "along for the ride".
#21 Re: Off-topic » GNOME is taking the scum bag approach still... » 2025-07-10 07:07:36
xenocara is OpenBSD's build system for x.org and not a fork of x.org ...
"It is not a fork"
So all the talk about that is largely pointless.
#22 Re: Off-topic » GNOME is taking the scum bag approach still... » 2025-07-09 17:08:12
Too much agenda driven bullshit proliferating nowadays...
#23 Re: Off-topic » GNOME is taking the scum bag approach still... » 2025-07-09 08:26:10
@zapper, If the developer of xlibre is a fascist, that should make no difference to you. Unless you live in a makeshift shelter in a forest and grow and hunt all your own food, never see a doctor, use any medicine, etc, then fascists could be involved in the supply chain of everything you use and consume on a daily basis.
Also, claiming someone is a "fascist" without providing reliable citations to back that up, is pretty much slander - and not so different from the tactics employeed in so called "cancel culture". Some supposedly very "woke" individuals tried that approach with Theodore Ts'o several years ago. "Useful idiots" abound, waiting to do the dirty work of big corporations, while believing they are fighting the good fight for social justice.
On the other hand, I doubt the gnome project are fascists - yet they spout the same woke nonsense as all other "Big Tech", because of course they are bankrolked and controlled by the aforementioned. If you are in fact "left wing" as you seem to claim to be, then the first step to enlightenment is gaining the understanding that "woke" and similar is a massive contrived smokescreen of indentity politics nonsenese, which skirts around the real problems in this world, to provide a devisive distraction to the electorate. While anyone is focused on the woke agenda, they will miss the bigger picture, while they are focused on the politics of free software development they may as well live in a cave. Most of the notable FOSS projects which started out as small hobby projects and embodied what free software was supposed to be about are now owned / controlled / funded / staffed / all of the above, by Big Tech. Even Microsoft is a player - who would have believed that 20 years ago? That ship has already sailed. Railing against, the admittedly deplorable, gnome project, is tantamount to raging at the sky.
#24 Re: Off-topic » FreeBSD seems faster and responsive, because CPU won't go to C-states » 2025-03-09 21:41:51
Business is business. Valve are not "supporting" Wine. No more than Apple, Sony or Netflix are supporting FreeBSD. IBM / Red Hat or Microsoft are not supporting Linux either. Anyway... thanks steve_v and zapper.
#25 Re: Off-topic » FreeBSD seems faster and responsive, because CPU won't go to C-states » 2025-03-07 13:56:29
We can argue over semantics all day and I mentioned Steam Deck already. There have been earlier attempts and you can't assume it's the final product.
I assumed Proton was based on WineX, as codeweavers were involved in it's development, but it indeed appears this is not the case. The point being however that this is all about Windows games running on Linux. That doesn't challenge point about Windows being the primary platform.
"Pay per play" is the wrong term, I admit... I'm referring to any of the modern platforms such as xbox or steam, but couldn't think of a better term. I'm old enoughto remember buying games on 5 1/4" disks.
Proprietary Steam platform? Proprietary games?
"...you're probably fine with running Windows SpyOS too."
Board footer
