Do you have an actual argument?
8+ years without any issues.
2 months ago
Anonymous
you'd have issues if you ran php scripts that required older versions of php
similar dependency issues for other server things
but as long as you can work around those and use a solid firewall, then arch linux is just as good for servers as any others
i'd still use openbsd for everything that can run openbsd over arch when it comes to servers
2 months ago
Anonymous
I run everything in Docker, so it's not an issue, really.
>link against systemd
I understand why Red Hat distros would do that, but what is the point of kissing Poetter ass like that if you are any other distro?
It doesn't affect you.
It was targeted towards servers with open SSH ports.
Servers with open SSH ports deserve to be hacked.
Anyone not limiting their SSH to select admin IPs have no business running SSH over internet and should be fined and imprisoned for compromising users/customers security.
then you use dynamic DNS and lock your SSH to use that domain such as through your firewall, which you absolutely should have
this is such basic level security its unbelievable people fail at it, and in big corporations where they get paid to know this shit too wtf
>SSH over internet
could be local vm images only running SSH on rffc1918 for admin. cloud hosters, vpns.. ~~*someone*~~ walks in with a National Security Letter >hey, we need a secret tap point on the local net, just for traffic monitoring. no access to the vm images or anything, just monitoring traffic. nothing to worry about really :^)
>SSH over internet
could be local vm images only running SSH on rffc1918 for admin. cloud hosters, vpns.. ~~*someone*~~ walks in with a National Security Letter >hey, we need a secret tap point on the local net, just for traffic monitoring. no access to the vm images or anything, just monitoring traffic. nothing to worry about really :^)
Even if you're not compromised, it's still possible that other things you use could be compromised. Most likely whoever made this exploit doesn't actually care about you but is going after big fish like defense contractors, big tech companies who make tons of software/hardware, infrastructure that nations depend on, etc..
We got lucky and caught this exploit before it spread too far but the techniques used all indicate that it was a several year long very sophisticated projected orchestrated by more than one person (due to the Jia Tan's commit times). The question is, if you have that much manpower and dedication, do you think this is ALL they did? Is it not possible that there are other projects out there with sleeper agent developers or other exploits that we haven't discovered yet?
>don't use rolling release to be resistant to supply chain attacks >don't use fedora/rhel or debian/ubuntu because their package maintainers are moronic and do moronic patches >don't use systemd because it is a huge attack surface
Slackwarebros... We won.
Still trying to find this guy
1st one who know his full name and address gets 6 bottles of free beer and tukaani's genitals
Yeah because you’re a neet. I don’t judge, I just mean how do you expect anything to affect you when you live like a child.
>you're a neet
I work 5 to 9 (at home).
I work in hvac
All my home and work servers use Arch. imagine using other distros and being affected by arbitrary patches that maintainers decided to include.
>server
>Arch
Do you have an actual argument?
8+ years without any issues.
you'd have issues if you ran php scripts that required older versions of php
similar dependency issues for other server things
but as long as you can work around those and use a solid firewall, then arch linux is just as good for servers as any others
i'd still use openbsd for everything that can run openbsd over arch when it comes to servers
I run everything in Docker, so it's not an issue, really.
>Docker
It works, doesn't it?
well, internet censorship was affecting me greatly
It doesn't. Especially considering it never affected gentoo, debian, Ubuntu, nor Arch users. It affected rhel, fedora, and kali only.
it affected the distros with the newest packages which includes arch, fedora and debian beta versions. fedora and debian stable were not affected
The known attack vector doesn't affect Arch because Arch doesn't patch openssh to link against systemd
>link against systemd
I understand why Red Hat distros would do that, but what is the point of kissing Poetter ass like that if you are any other distro?
>but how does it affects me personally?
No one asked or cares if it affects you personally
It doesn't affect you.
It was targeted towards servers with open SSH ports.
Servers with open SSH ports deserve to be hacked.
Anyone not limiting their SSH to select admin IPs have no business running SSH over internet and should be fined and imprisoned for compromising users/customers security.
What if you want to connect to your server from anywhere, because you're traveling for instance?
Seems impractical.
Midwit post
then you use dynamic DNS and lock your SSH to use that domain such as through your firewall, which you absolutely should have
this is such basic level security its unbelievable people fail at it, and in big corporations where they get paid to know this shit too wtf
same thing, dynamic DNS
also wireguard is better used for traveling and connecting to SSH or home networks
>SSH over internet
could be local vm images only running SSH on rffc1918 for admin. cloud hosters, vpns.. ~~*someone*~~ walks in with a National Security Letter
>hey, we need a secret tap point on the local net, just for traffic monitoring. no access to the vm images or anything, just monitoring traffic. nothing to worry about really :^)
Even if you're not compromised, it's still possible that other things you use could be compromised. Most likely whoever made this exploit doesn't actually care about you but is going after big fish like defense contractors, big tech companies who make tons of software/hardware, infrastructure that nations depend on, etc..
We got lucky and caught this exploit before it spread too far but the techniques used all indicate that it was a several year long very sophisticated projected orchestrated by more than one person (due to the Jia Tan's commit times). The question is, if you have that much manpower and dedication, do you think this is ALL they did? Is it not possible that there are other projects out there with sleeper agent developers or other exploits that we haven't discovered yet?
literally, wtf?
FFS stop replying to this moronic bait thread. Holy shit
what? why?
don't ignore my question, b***h.
lesson learned dont use beta garbage
>don't use rolling release to be resistant to supply chain attacks
>don't use fedora/rhel or debian/ubuntu because their package maintainers are moronic and do moronic patches
>don't use systemd because it is a huge attack surface
Slackwarebros... We won.
so gentoo
gentoo is rolling
their stable repo is like arch's stable repo, but just slightly more out of date
me peepee did booboo
You uninstalled SSH, right?
It didn't even make it out of testing, the stage before beta. No a single relevant system was affected.