this post was submitted on 01 Jul 2024
445 points (90.4% liked)

linuxmemes

21280 readers
1347 users here now

Hint: :q!


Sister communities:


Community rules (click to expand)

1. Follow the site-wide rules

2. Be civil
  • Understand the difference between a joke and an insult.
  • Do not harrass or attack members of the community for any reason.
  • Leave remarks of "peasantry" to the PCMR community. If you dislike an OS/service/application, attack the thing you dislike, not the individuals who use it. Some people may not have a choice.
  • Bigotry will not be tolerated.
  • These rules are somewhat loosened when the subject is a public figure. Still, do not attack their person or incite harrassment.
  • 3. Post Linux-related content
  • Including Unix and BSD.
  • Non-Linux content is acceptable as long as it makes a reference to Linux. For example, the poorly made mockery of sudo in Windows.
  • No porn. Even if you watch it on a Linux machine.
  • 4. No recent reposts
  • Everybody uses Arch btw, can't quit Vim, and wants to interject for a moment. You can stop now.
  •  

    Please report posts and comments that break these rules!


    Important: never execute code or follow advice that you don't understand or can't verify, especially here. The word of the day is credibility. This is a meme community -- even the most helpful comments might just be shitposts that can damage your system. Be aware, be smart, don't fork-bomb your computer.

    founded 1 year ago
    MODERATORS
     
    top 50 comments
    sorted by: hot top controversial new old
    [–] germanatlas@lemmy.blahaj.zone 86 points 4 months ago (5 children)

    no real-world use found for staying more than one version behind

    The ssh vulnerability didn’t affect Debian because the packages were too many versions behind

    [–] azvasKvklenko@sh.itjust.works 45 points 4 months ago

    AFAIK, the xz vulnerability was designed for Debian based on its workaround fixing systemd service status detection. Even if it shipped to something like Arch, the malicious code wouldn’t load.

    [–] cygnus@lemmy.ca 22 points 4 months ago

    Security through Geriatricity

    [–] bisby@lemmy.world 21 points 4 months ago

    Except this isn't true at all.

    https://security-tracker.debian.org/tracker/CVE-2024-6387

    Regresshion impacted bookworm and trixie both. Buster was too old.

    With the downside of me doing an apt update and seeing that openssh-server was on 1:9.2p1-2+deb12u3 and I had no idea at a glance if this included the fix or not (qualys's page states version 8.5p1-9.8p1 were vulnerable).

    If you are running debian bookworm or trixie, you absolutely should update your openssh-server package.

    [–] acockworkorange@mander.xyz 19 points 4 months ago (1 children)

    Isn’t this meme format completely written in sarcasm?

    load more comments (1 replies)
    [–] alienghic 1 points 1 month ago

    The xz/ssh back door made it into Debian testing, So I felt I should wipe and reinstall.

    Debian has had a rolling release for ages.

    [–] TheGingerNut@lemmy.blahaj.zone 28 points 4 months ago (1 children)

    well at least they aren't trying to make me install snaps, and patching apt so if I sudo apt install firefox it installs the snap version.

    [–] noisypine@infosec.pub 14 points 4 months ago (1 children)

    This should be a jailable crime.

    [–] TheGingerNut@lemmy.blahaj.zone 2 points 4 months ago* (last edited 4 months ago)

    especially as the hack flows downriver to distros with actual dignity like mint. Like this is pollution of the water supply dog!

    [–] marduk@lemmy.sdf.org 28 points 4 months ago (1 children)

    The "install lib-blah-blah-blah" bit doesn't bother me 'cause whenever I need to make something work, I just copy and paste the "sudo apt install ..." commands straight from the internet :)

    [–] steersman2484@sh.itjust.works 7 points 4 months ago

    I also never used version pinning in debian

    [–] LeroyJenkins@lemmy.world 27 points 4 months ago

    Don't

    Erupt

    Before

    I

    Am

    Nevada

    [–] MNByChoice@midwest.social 25 points 4 months ago* (last edited 4 months ago)

    This is great! No better way to demonstrate how perfect Debian is! Debian for the win!

    [–] Tundra@lemmy.ml 22 points 4 months ago (1 children)
    [–] Pyroglyph@lemmy.world 3 points 4 months ago
    [–] AlexisFR@jlai.lu 18 points 4 months ago (2 children)

    Truly the dumbest meme template of the year.

    [–] stepan@lemmy.cafe 36 points 4 months ago (1 children)
    [–] Norgur@fedia.io 13 points 4 months ago

    I don't. So... uhm... you're wrong I guess.

    [–] abbotsbury@lemmy.world 7 points 4 months ago (1 children)

    This is a pretty old template iirc

    [–] rc__buggy@sh.itjust.works 9 points 4 months ago

    It's so old it's still shipping in bookworm

    [–] crispy_kilt@feddit.de 14 points 4 months ago

    Btw I use Debian

    [–] lemmyvore@feddit.nl 10 points 4 months ago (1 children)

    I would uninstall the screensaver so fast if I saw a nag screen. Wtf it's a screensaver, what does it matter? I'll use a version that's 50 years old if I want to.

    [–] bisby@lemmy.world 24 points 4 months ago (1 children)

    Because the dev gets a huge number of bug reports for bugs that were resolved 5 versions ago.

    They actually asked debian to stop shipping the screensaver, because they were getting tired of saying "this is already fixed, debian is just not going to ship the fix for another year". Debian didn't want to stop, so the dev added the nag screen, because it was the only way to stop the flood of bug reports for things that were already fixed.

    [–] user224@lemmy.sdf.org 4 points 4 months ago* (last edited 4 months ago) (3 children)

    Do people not check what version of software they have and what's newest (and if the issue exists is a good idea too) before reporting a bug?

    [–] bisby@lemmy.world 9 points 4 months ago

    Should they? Yes. They should also be searching for previous bug reports. I'm sure a lot of people do. But if you have enough users, even if 1% of people don't use good reporting behaviors, you wind up with a lot of duplicate or bad reports.

    There are plenty of blog posts out there that basically can be summarized as talking about how grueling open source work can be because users are often aggressive in their demands.

    But this is a prime example of debian "stable" doesn't mean "no crashes" but instead it means "unchanging, which means any bugs and crashes will remain for the whole release"

    [–] Malfeasant@lemmy.world 2 points 4 months ago

    Lololololololol. No, they do not. I support a product that gets updated roughly quarterly, and the number of times people complain about their vulnerability scanner finding something when they're on a 4 year old version is too damn high.

    [–] OsrsNeedsF2P@lemmy.ml 1 points 4 months ago

    Lots of people simply don't know.

    Source: I filed bug reports to Fcitx when I first installed Debian, because I didn't realize Debian shipped packages from the before the stone ages

    [–] hemko@lemmy.dbzer0.com 10 points 4 months ago

    I use Debian btw

    [–] GravitySpoiled@lemmy.ml 9 points 4 months ago* (last edited 4 months ago) (1 children)
    [–] Engywuck@lemm.ee 8 points 4 months ago (3 children)

    I know this is just a meme, but the "Stop using xxx!" posts are really annoying.

    [–] unexposedhazard@discuss.tchncs.de 47 points 4 months ago

    Whaaat, i love them. They are so unpredictable. Sometimes they are fully serious opinions, sometimes only half serious and sometimes just fully ironic shitposts.

    [–] SpaceNoodle@lemmy.world 24 points 4 months ago

    I think the comments calling them annoying are more annoying

    I think it is a funny format

    [–] MagisterSieran@discuss.tchncs.de 7 points 4 months ago
    [–] possiblylinux127@lemmy.zip 5 points 4 months ago

    Oh, Debian!

    1000002612

    [–] NathanClayton@lemmy.world 4 points 4 months ago (1 children)

    KDE? Who needs anything other than FVWM2 or CDE?

    [–] OsrsNeedsF2P@lemmy.ml 3 points 4 months ago

    As someone who loves the old designs (I've run Chicago95 for years now), the only thing stopping me from running CDE is it lacks first-class support from any distro I've used

    [–] CrayonRosary@lemmy.world 3 points 4 months ago

    I by way the Debian use.

    [–] rtxn@lemmy.world 2 points 4 months ago (1 children)

    NO REAL-WORLD USE FOUND for staying more than ONE VERSION behind

    Joke's on you, my servers are largely unaffected by regreSSHion because they're too outdated.

    [–] Rainb0wSkeppy@lemmy.world 2 points 4 months ago

    so old that they are still vulnerable to the same vurnability

    [–] bobc7@lemmy.world 2 points 4 months ago (1 children)

    Debian was the first distro I tried when switching to Linux. Didn't ever make it through the install process..

    [–] Siegfried@lemmy.world 3 points 4 months ago (2 children)
    [–] bobc7@lemmy.world 3 points 4 months ago

    It very much was

    [–] OsrsNeedsF2P@lemmy.ml 2 points 4 months ago (1 children)

    Was he supposed to start with a higher skill level or something? That's like the "just be born richer" attitude of tech

    [–] Siegfried@lemmy.world 3 points 4 months ago

    Nah, it sounded funny...

    "Just be born richer" sounds funnier though

    Anyway, Debian had a reputation of being really difficult to install in the late 2000's. I probably got lucky with it. I started using it in 2011 (first time using linux and a computer illiterate just as today) and i went through it just the MS way, like "whatever, continue, continue".

    It's my main OS since 2013

    load more comments
    view more: next ›