ibus is compromised

Recent ibus tarballs don't actually match the source git.

https://www.openwall.com/lists/oss-security/2024/04/01/1

CRIME Shirt $21.68

Ape Out Shirt $21.68

CRIME Shirt $21.68

  1. 2 months ago
    Mogul

    it's over

    • 2 months ago
      Anonymous

      https://i.imgur.com/901wuiC.jpg

      Recent ibus tarballs don't actually match the source git.

      https://www.openwall.com/lists/oss-security/2024/04/01/1

      over de-su.

    • 2 months ago
      Anonymous

      se acabó.

  2. 2 months ago
    Anonymous

    We're cooked.

  3. 2 months ago
    Anonymous

    Ame-chan a cute.

    • 2 months ago
      Anonymous

      Menheras are the best.

  4. 2 months ago
    Anonymous
  5. 2 months ago
    Anonymous

    >ibus tarballs
    what's that?

    • 2 months ago
      Anonymous

      go back

    • 2 months ago
      Anonymous

      tar these balls into ur mouth

  6. 2 months ago
    Anonymous

    What is ibus and who even uses it?

    • 2 months ago
      Anonymous

      Mostly Chinese/Japanese/Korean linux users, so not a big loss apparently.
      But many distros are shipped with it by default.

  7. 2 months ago
    Anonymous

    I'm gonna bust in ame-chan~

    • 2 months ago
      Anonymous

      What if she gets pregnant!?

  8. 2 months ago
    Anonymous

    Oh look most posts are slides. What a surprise.

    Have a bump OP.

  9. 2 months ago
    Anonymous

    None issue. It will be fixed shortly. Go back to complaining about xz, you unpaid janny.

    • 2 months ago
      Anonymous
    • 2 months ago
      Anonymous

      good morning sir

  10. 2 months ago
    Anonymous

    >https://www.openwall.com/lists/oss-security/2024/04/01/1
    What exactly is ibus used for and how many distros/DE's use it?

    Is this a hidden keylogger or something? I am confused.

    • 2 months ago
      Anonymous

      every distro uses ibus, every DE uses ibus.
      it's been ubiquitous since 2010

      • 2 months ago
        Anonymous

        isn't it D-Bus? I've never heard of ibus until now

        • 2 months ago
          Anonymous

          completely different thing. which you'd know if you took 30 seconds of your time to google it instead of asking pointless questions.

      • 2 months ago
        Anonymous

        Most distro with GNOME use it by default.
        KDE also shipped it, although fcitx5 have better integration

      • 2 months ago
        Anonymous

        >every distro uses ibus, every DE uses ibus
        why don't I have it installed on arch xfce then?

      • 2 months ago
        Anonymous

        >using a DE
        baby duck

        • 2 months ago
          Anonymous

          You will grow up eventually.

          • 2 months ago
            Anonymous

            I already did, I use fvwm and have for ages. Nothing ever changes, no broken anything. No jeetcode.

          • 2 months ago
            Anonymous

            xfeces doesn't have this problem

          • 2 months ago
            Anonymous

            Actually they're breaking the thing totally and moving to the newest GTK.

          • 2 months ago
            Anonymous

            >Actually they're breaking the thing totally and moving to the newest GTK.
            they yes, me no

          • 2 months ago
            Anonymous

            Sticking to what works? I ran Sawfish for years after it was dead. Then I figured I'd switch back to FVWM.

            My config file's creation date is literally 1997-something.

          • 2 months ago
            Anonymous

            this, imagine updating for no reason

          • 2 months ago
            Anonymous

            I think the main reason people run DE's is they're afraid of the mount command. Really I don't see many advantages even for the newb, other than that. And a system control panel.

          • 2 months ago
            Anonymous

            It's just convenience. I know both mount and udisksct. I just don't see at my age any point on larping as a greybeard idolizing what they knew it was a limitation of the machines of their era.

          • 2 months ago
            Anonymous

            There is an auto-mounting daemon I used to use on OpenBSD but I rarely mount anything so I stopped it from auto starting and just mount shit manually now.

            I know some people use cell phone address book sync software on the main DE's but again, not my problem as I don't even own a shartphone. I have a Bell Trimline plugged into a VOIP box.

  11. 2 months ago
    Anonymous

    UH OH STINKY

  12. 2 months ago
    Anonymous

    ibus-ted in your mom

  13. 2 months ago
    Anonymous

    >tarball.xz
    jia'd

  14. 2 months ago
    Anonymous

    Posting in Ame's thread.

  15. 2 months ago
    Anonymous

    """
    Comparing this disttar to the git repository and favorably
    *discounting* autotools-related files and (what appears to be)
    vala-to-c transpiling, I'm left with benign, but unexplicable
    changes. It seems the git is "older", as e.g. one still finds "beta3"
    in the diff, but also the disttar's ibuscodegen.h has an older
    copyright line and an incomplete cherry-pick from
    8f00d67b809036b0b76ae257cfe7e102bc8f1dec.

    *runs away screaming*
    """
    >*runs away screaming*
    are you a grown man writing that???

    • 2 months ago
      Anonymous

      he's a women with a penis you goddamn antisemite

      • 2 months ago
        Anonymous

        shalom

    • 2 months ago
      Anonymous

      a REAL man would have threatened to beat them up, yeah?

  16. 2 months ago
    Anonymous

    Ame!

  17. 2 months ago
    Anonymous

    Don't care I'm gonna jack off now.

  18. 2 months ago
    Anonymous

    So windows was the true weebs OS all along, I'm going back to windows

  19. 2 months ago
    Anonymous

    Bleeding edge troony btfo

  20. 2 months ago
    Anonymous

    imagine making a game about the unstable mental health of women when given early, unfettered access to the internet seen through a pastel-colored denpa aesthetic lens
    then imagine foregoing that entire intent and instead give the player the perspective and agency of a faceless hentai goon she's in a relationship with, just so the devs can live out their mindbreak fetish
    thats NSO
    the japs thought it was "okay", but westerners are tasteless and ate it up
    it doesn't even work as satire
    >just shut up and enjoy the cute girl
    no
    Ame is a caricature of egirls drawn from an idea of girls that literally doesn't exist
    it's just Andy and Leyley but somehow worse by being artistically competent, while still falling into all of the same outlandish storytelling pitfalls

    • 2 months ago
      Anonymous

      the "boyfriend" doesn't even exist, it's all her delusion
      it's the best femcel representation after watamote

    • 2 months ago
      Anonymous

      Why do you expect it to be realistic? It's just a cute and wacky simulator/tamagotchi of a Japanese girl with BPD, for people who enjoy (2D) menheras.

      • 2 months ago
        Anonymous

        what's the game's name?

        • 2 months ago
          Anonymous

          Needy Girl Overdose

          • 2 months ago
            Anonymous

            thanks anon

  21. 2 months ago
    Anonymous

    This is why reproducible builds should have become the norm decades ago. It's unbelievable that most distro maintainers still choose to trust upstream tarballs when they could just pull the code, build it and release their own downstream binaries.

    • 2 months ago
      Anonymous

      This. Reproducible builds are a even more urgent need than Wayland/SELinux and other stuff.

      >every distro uses ibus, every DE uses ibus
      why don't I have it installed on arch xfce then?

      Because you don't have installed it and Arch is so special that you have to explicitly to tell what to install in order to have basic granted functionality.
      Also, you probably only use one keyboard layout.

      • 2 months ago
        Anonymous

        >you probably only use one keyboard layout
        correct. I can use more than one if I configure it in keyboard settings though

        • 2 months ago
          Anonymous

          Me too. Also using arch and a single keyboard layout.

  22. 2 months ago
    Anonymous

    How is it over, if anything we are so back, xz has illuminated many issues which are getting fixed now.

  23. 2 months ago
    Anonymous

    doesn't affect most people. ibus is not a requirement unless you need to type some cjk with an IME. never came across it outside of that context.

  24. 2 months ago
    Anonymous

    Thank god I don't type Chinese
    >Have it installed
    FRICK

  25. 2 months ago
    Anonymous

    This shit is why I run Debian stable despite its flaws. Updooters get the rope.

    • 2 months ago
      Anonymous

      xz backdoor was slowly injected over the course of 2 years, even on debian stable you still have compromised commits. Good morning sir

      • 2 months ago
        Anonymous

        no, the commit history was slowly built over the course of two years, you ignorant buffoon, not the backdoor itself. these distinctions are important and you're moronic

  26. 2 months ago
    Anonymous

    why are tarballs even used instead of just cloning the repo

    • 2 months ago
      Anonymous

      Just Cnile things. Their builds system are so shitty that many upstream projects provide semi-built tarballs to make it easier for distros to build the thing. And for some reason nobody cares about reproducible builds, so good luck auditing anything.

      • 2 months ago
        Anonymous

        fricking grim, i wonder how much garbage is floating around

        >And for some reason nobody cares about reproducible builds
        guix seem to be the only ones working on this

      • 2 months ago
        Anonymous

        it isn't like rust or go anything is better about this
        though admirably they are working on it and trying to move all build time shit into sandboxed wasm
        but that has problems of its own

Your email address will not be published. Required fields are marked *