Sigmoid Social

Dendrobatus AzureusFor me reading this post took about 10 minutes since I not only read but I also processed and checked references and I tooted about it immediatelyIt is quite sobering to read something this horrific happening in an Open Source project of this magnitude of volumeThis is something you would expect in closed source not open source; it's like a shower with 0° degrees Celsius of water flowing over you 0° in the depth of the coldest Siberian winter<a href="https://security.opensuse.org/2025/05/07/deepin-desktop-removal.html#2021-02-01-dtkcommon-filedrag-d-bus-service" rel="nofollow noopener" translate="no" target="_blank">https://security.opensuse.org/2025/05/07/deepin-desktop-removal.html#2021-02-01-dtkcommon-filedrag-d-bus-service</a><a href="https://mastodon.bsd.cafe/tags/openSUSE" class="mention hashtag" rel="nofollow noopener" target="_blank">#openSUSE</a> <a href="https://mastodon.bsd.cafe/tags/Linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#Linux</a> <a href="https://mastodon.bsd.cafe/tags/POSIX" class="mention hashtag" rel="nofollow noopener" target="_blank">#POSIX</a> <a href="https://mastodon.bsd.cafe/tags/OpenSource" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpenSource</a> <a href="https://mastodon.bsd.cafe/tags/programming" class="mention hashtag" rel="nofollow noopener" target="_blank">#programming</a> <a href="https://mastodon.bsd.cafe/tags/Deepin" class="mention hashtag" rel="nofollow noopener" target="_blank">#Deepin</a> <a href="https://mastodon.bsd.cafe/tags/frightmare" class="mention hashtag" rel="nofollow noopener" target="_blank">#frightmare</a> <a href="https://mastodon.bsd.cafe/tags/Infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#Infosec</a> <a href="https://mastodon.bsd.cafe/tags/nightmare" class="mention hashtag" rel="nofollow noopener" target="_blank">#nightmare</a> <a href="https://mastodon.bsd.cafe/tags/elmStreet" class="mention hashtag" rel="nofollow noopener" target="_blank">#elmStreet</a>

Dendrobatus AzureusThis is where the depth of the deception became clear >>The review of this component was also what led us to the discovery of the deepin-feature-enable whitelisting bypass, since we installed the full Deepin desktop environment for the first time in a long time, which triggered the “license agreement” dialog described above. After finding out about this, we decided that it was time to reassess the overall topic of Deepin in openSUSE based on our long-standing experiences.<< <a href="https://mastodon.bsd.cafe/tags/openSUSE" class="mention hashtag" rel="nofollow noopener" target="_blank">#openSUSE</a> <a href="https://mastodon.bsd.cafe/tags/Linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#Linux</a> <a href="https://mastodon.bsd.cafe/tags/POSIX" class="mention hashtag" rel="nofollow noopener" target="_blank">#POSIX</a> <a href="https://mastodon.bsd.cafe/tags/OpenSource" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpenSource</a> <a href="https://mastodon.bsd.cafe/tags/programming" class="mention hashtag" rel="nofollow noopener" target="_blank">#programming</a> <a href="https://mastodon.bsd.cafe/tags/Deepin" class="mention hashtag" rel="nofollow noopener" target="_blank">#Deepin</a> <a href="https://mastodon.bsd.cafe/tags/frightmare" class="mention hashtag" rel="nofollow noopener" target="_blank">#frightmare</a> <a href="https://mastodon.bsd.cafe/tags/Infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#Infosec</a> <a href="https://mastodon.bsd.cafe/tags/nightmare" class="mention hashtag" rel="nofollow noopener" target="_blank">#nightmare</a> <a href="https://mastodon.bsd.cafe/tags/elmStreet" class="mention hashtag" rel="nofollow noopener" target="_blank">#elmStreet</a>

Dendrobatus AzureusThis part I screen capped for accentuation >>2024-08-29: deepin-api-proxy: D-Bus ServiceAfter a longer time of standstill regarding Deepin reviews, a request for the addition of deepin-api-proxy arrived. This package greeted us with over two dozen D-Bus configuration files. Again, upstream’s description of what the component is supposed to do was very terse. From looking at the implementation we deduced that the proxy component seems to be related to the renaming of interfaces described in the previous section.We found a design flaw in the proxy’s design which allowed a local root exploit. You can find the details in a dedicated blog post we published about this not too long ago.It is noteworthy that the communication with upstream proved very difficult during the coordinated disclosure process we started for this finding. We did not get timely responses, which nearly led us to a one-sided publication of the report, until upstream finally expressed their wish to follow coordinated disclosure at the very last moment. <<I now have really seen it all The Good the Bad and the Ugly in Open Source programming <a href="https://security.opensuse.org/2025/05/07/deepin-desktop-removal.html#2021-02-01-dtkcommon-filedrag-d-bus-service" rel="nofollow noopener" translate="no" target="_blank">https://security.opensuse.org/2025/05/07/deepin-desktop-removal.html#2021-02-01-dtkcommon-filedrag-d-bus-service</a><a href="https://mastodon.bsd.cafe/tags/openSUSE" class="mention hashtag" rel="nofollow noopener" target="_blank">#openSUSE</a> <a href="https://mastodon.bsd.cafe/tags/Linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#Linux</a> <a href="https://mastodon.bsd.cafe/tags/POSIX" class="mention hashtag" rel="nofollow noopener" target="_blank">#POSIX</a> <a href="https://mastodon.bsd.cafe/tags/OpenSource" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpenSource</a> <a href="https://mastodon.bsd.cafe/tags/programming" class="mention hashtag" rel="nofollow noopener" target="_blank">#programming</a> <a href="https://mastodon.bsd.cafe/tags/Deepin" class="mention hashtag" rel="nofollow noopener" target="_blank">#Deepin</a> <a href="https://mastodon.bsd.cafe/tags/WTF" class="mention hashtag" rel="nofollow noopener" target="_blank">#WTF</a> <a href="https://mastodon.bsd.cafe/tags/frightmare" class="mention hashtag" rel="nofollow noopener" target="_blank">#frightmare</a> <a href="https://mastodon.bsd.cafe/tags/Infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#Infosec</a> <a href="https://mastodon.bsd.cafe/tags/nightmare" class="mention hashtag" rel="nofollow noopener" target="_blank">#nightmare</a> <a href="https://mastodon.bsd.cafe/tags/elmStreet" class="mention hashtag" rel="nofollow noopener" target="_blank">#elmStreet</a>

Dendrobatus AzureusMore excerpts >>Sadly the review of deepin-app-services was another chaotic case, one that is actually still unfinished. Even understanding the purpose of this D-Bus service was difficult, because there wasn’t really any design documentation or purpose description of the component. From looking at the D-Bus service implementation, we judged that it is a kind of system wide configuration store for Deepin. Contrary to most other Deepin D-Bus services, this one is not running as root but as a dedicated unprivileged service user.<<This reads like a horror novel but it's actually happening! Unbelievable how this has harmed a distro with many dedicated users!<a href="https://security.opensuse.org/2025/05/07/deepin-desktop-removal.html" rel="nofollow noopener" translate="no" target="_blank">https://security.opensuse.org/2025/05/07/deepin-desktop-removal.html</a><a href="https://mastodon.bsd.cafe/tags/openSUSE" class="mention hashtag" rel="nofollow noopener" target="_blank">#openSUSE</a> <a href="https://mastodon.bsd.cafe/tags/Linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#Linux</a> <a href="https://mastodon.bsd.cafe/tags/POSIX" class="mention hashtag" rel="nofollow noopener" target="_blank">#POSIX</a> <a href="https://mastodon.bsd.cafe/tags/OpenSource" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpenSource</a> <a href="https://mastodon.bsd.cafe/tags/Deepin" class="mention hashtag" rel="nofollow noopener" target="_blank">#Deepin</a> <a href="https://mastodon.bsd.cafe/tags/wtf" class="mention hashtag" rel="nofollow noopener" target="_blank">#wtf</a> <a href="https://mastodon.bsd.cafe/tags/frightmare" class="mention hashtag" rel="nofollow noopener" target="_blank">#frightmare</a> <a href="https://mastodon.bsd.cafe/tags/Infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#Infosec</a> <a href="https://mastodon.bsd.cafe/tags/nightmare" class="mention hashtag" rel="nofollow noopener" target="_blank">#nightmare</a> <a href="https://mastodon.bsd.cafe/tags/elmStreet" class="mention hashtag" rel="nofollow noopener" target="_blank">#elmStreet</a>

Dendrobatus AzureusThe Deepin frightmare Excerpt from linked site >> After reviewing the main D-Bus service, we could not help ourselves but call it a security nightmare. The service methods were not only unauthenticated and thus accessible to all users in the system, but the D-Bus configuration file also allowed anybody to own the D-Bus service path on the system bus, which could lead to impersonation of the daemon. Among other issues, the D-Bus service allowed anybody in the system to create arbitrary new UNIX groups, add arbitrary users to arbitrary groups, set arbitrary users’ Samba passwords or overwrite almost any file on the system by invoking mkfs on them as root, leading to data loss and denial-of-service. The daemon did contain some Polkit authentication code, but it was all found in unused code paths; to top it all off, this code used the deprecated UnixProcess Polkit subject in an unsafe way, which would make it vulnerable to race conditions allowing authentication bypass, if it had been used. <<¿WTF?<a href="https://security.opensuse.org/2025/05/07/deepin-desktop-removal.html" rel="nofollow noopener" translate="no" target="_blank">https://security.opensuse.org/2025/05/07/deepin-desktop-removal.html</a><a href="https://mastodon.bsd.cafe/tags/openSUSE" class="mention hashtag" rel="nofollow noopener" target="_blank">#openSUSE</a> <a href="https://mastodon.bsd.cafe/tags/Linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#Linux</a> <a href="https://mastodon.bsd.cafe/tags/POSIX" class="mention hashtag" rel="nofollow noopener" target="_blank">#POSIX</a> <a href="https://mastodon.bsd.cafe/tags/OpenSource" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpenSource</a> <a href="https://mastodon.bsd.cafe/tags/Deepin" class="mention hashtag" rel="nofollow noopener" target="_blank">#Deepin</a> <a href="https://mastodon.bsd.cafe/tags/frightmare" class="mention hashtag" rel="nofollow noopener" target="_blank">#frightmare</a> <a href="https://mastodon.bsd.cafe/tags/Infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#Infosec</a> <a href="https://mastodon.bsd.cafe/tags/nightmare" class="mention hashtag" rel="nofollow noopener" target="_blank">#nightmare</a> <a href="https://mastodon.bsd.cafe/tags/elmStreet" class="mention hashtag" rel="nofollow noopener" target="_blank">#elmStreet</a>

Dendrobatus AzureusPolitics had totally changed, instead of having politicians, you only had puppets for the big tech companies: all those puppets did, was make sure that it's companies kept getting more financially powerful, and kept getting even more invasive, as if that were even possibleI mean they were a literally up your digestive track already, all the way to your spinkster.Don't let me talk about flying; it takes you literally 72 hours to book a ticke; 8 hours a day you have to follow those dreadful procedures of which 90% is just ads, to finally get the seat booked with six screens pointed at you only bombarding you with advertisements.Trains were even worse; Walls of screens, almost no place to sit, let alone sit comfortably. In busses they left you alone, but what they did, is make the bus almost totally transparent and make sure that all the of the massive screens at the buildings were pointing at you, giving out all your personal information for everyone else to see, including your menstrual cycle, the size of your prostate, and everything else that's supposed to be medically sealed, just to show you walls and walls of advertisements regarding those medical status parameters.And do not think that when you're finally at home sleeping, away from your dreadful job, and asleep that you sleep cycle was normal Remember those devices that implanted in you at Birth? Those devices injected at advertisements in your dreams making your sleep horrific and tiring.Suicide rates were skyrocketing; it was normal to lose a friend every month who succumbed to suicide because of the horrific carpet bombing advertisements raids. There were more psychiatrists than regular physicians. Funeral parlors were the only places where business was booming for the private sector, owned by fairly regular people. Mercedes-Benz almost exclusively made funeral cars because that's what's sold the most and the best and asked for the most, by those who could still afford cars/2<a href="https://mastodon.bsd.cafe/tags/Google" class="mention hashtag" rel="nofollow noopener" target="_blank">#Google</a> <a href="https://mastodon.bsd.cafe/tags/Alphabet" class="mention hashtag" rel="nofollow noopener" target="_blank">#Alphabet</a> <a href="https://mastodon.bsd.cafe/tags/Chrome" class="mention hashtag" rel="nofollow noopener" target="_blank">#Chrome</a> <a href="https://mastodon.bsd.cafe/tags/AdBlock" class="mention hashtag" rel="nofollow noopener" target="_blank">#AdBlock</a> <a href="https://mastodon.bsd.cafe/tags/uBlockOrigin" class="mention hashtag" rel="nofollow noopener" target="_blank">#uBlockOrigin</a> <a href="https://mastodon.bsd.cafe/tags/terrible" class="mention hashtag" rel="nofollow noopener" target="_blank">#terrible</a> <a href="https://mastodon.bsd.cafe/tags/nightmare" class="mention hashtag" rel="nofollow noopener" target="_blank">#nightmare</a> <a href="https://mastodon.bsd.cafe/tags/Elmstreet" class="mention hashtag" rel="nofollow noopener" target="_blank">#Elmstreet</a> <a href="https://mastodon.bsd.cafe/tags/WTF" class="mention hashtag" rel="nofollow noopener" target="_blank">#WTF</a> <a href="https://mastodon.bsd.cafe/tags/replacement" class="mention hashtag" rel="nofollow noopener" target="_blank">#replacement</a> <a href="https://mastodon.bsd.cafe/tags/aftermath" class="mention hashtag" rel="nofollow noopener" target="_blank">#aftermath</a>

Dendrobatus AzureusI've just woken up from a horrific IT Nightmare.Only commercial companies were providing services on the internet, Open Source did not exist, Linus Torvalds was never born, Netscape has never come into fruition.Every website you went to you have to go through 12 pages of advertisements bombarding you with all the flashes all the sounds and even even HTML5 did not exist everything was Flash!There are only two browsers available Google Chrome and Microsoft Internet Explorer. Browser extensions were non-existent; everybody went on the internet like a drone and endured the horrific bombardment of advertisements like carpet bombs falling on your mind, as if you were in Vietnam, getting bombarded by The Enemy Flying B-52 fortresses.All the Services constantly changed their end-user license agreement, your mobile devices had eight cameras pointed at you and none to the outside world. Those devices also had seven microphones of which the worst was used for you to talk into with your people and Friends, the six others were used to listen to you environment and sent everything outside.Tracking devices were planted in your body at Birth, you are constantly itching because of all those devices in your system, giving you skin irritation and making your complexion like that of sandpaper.Even going outside in your garden was horrific, micro drones were constantly following you, listening and looking at everything you do, even if you don't have any mobile devices on you.Stores were even worse, everything you bought had tracking and tracing, even The Food you ate had tracking, and traces were going to your digestive track all the way to the toilet.And while you were sitting there you had to endure advertisements for every time you use the toilet.There were 12 financially Rich families on the planet everyone else was economic slave.All religions were converted to advertisement bombardment Systems and to subjugation of people to Ads^Z/1<a href="https://mastodon.bsd.cafe/tags/Google" class="mention hashtag" rel="nofollow noopener" target="_blank">#Google</a> <a href="https://mastodon.bsd.cafe/tags/Alphabet" class="mention hashtag" rel="nofollow noopener" target="_blank">#Alphabet</a> <a href="https://mastodon.bsd.cafe/tags/Chrome" class="mention hashtag" rel="nofollow noopener" target="_blank">#Chrome</a> <a href="https://mastodon.bsd.cafe/tags/AdBlock" class="mention hashtag" rel="nofollow noopener" target="_blank">#AdBlock</a> <a href="https://mastodon.bsd.cafe/tags/uBlockOrigin" class="mention hashtag" rel="nofollow noopener" target="_blank">#uBlockOrigin</a> <a href="https://mastodon.bsd.cafe/tags/terrible" class="mention hashtag" rel="nofollow noopener" target="_blank">#terrible</a> <a href="https://mastodon.bsd.cafe/tags/nightmare" class="mention hashtag" rel="nofollow noopener" target="_blank">#nightmare</a> <a href="https://mastodon.bsd.cafe/tags/Elmstreet" class="mention hashtag" rel="nofollow noopener" target="_blank">#Elmstreet</a> <a href="https://mastodon.bsd.cafe/tags/WTF" class="mention hashtag" rel="nofollow noopener" target="_blank">#WTF</a> <a href="https://mastodon.bsd.cafe/tags/replacement" class="mention hashtag" rel="nofollow noopener" target="_blank">#replacement</a> <a href="https://mastodon.bsd.cafe/tags/aftermath" class="mention hashtag" rel="nofollow noopener" target="_blank">#aftermath</a>

Juan LoboMe estoy viendo toda la saga de películas de "Pesadilla en Elm Street" y esta tercera entrega es la que más me ha gustado por ahora, se aprecia un salto en espectacularidad de escenas y calidad de efectos especiales. La escena de la alfombra es lo mejor de la saga (por ahora).Y bueno, al igual que en la primera me sorprendió ver a un adolescente Johnny Depp, en esta ha sido curioso toparme con un jovencito Laurence Fishburne, aunque en los créditos aparece como Larry Fishburne.<a href="https://masto.es/tags/cinemastodon" class="mention hashtag" rel="nofollow noopener" target="_blank">#cinemastodon</a> <a href="https://masto.es/tags/cine" class="mention hashtag" rel="nofollow noopener" target="_blank">#cine</a> <a href="https://masto.es/tags/pelis" class="mention hashtag" rel="nofollow noopener" target="_blank">#pelis</a> <a href="https://masto.es/tags/terror" class="mention hashtag" rel="nofollow noopener" target="_blank">#terror</a> <a href="https://masto.es/tags/elmstreet" class="mention hashtag" rel="nofollow noopener" target="_blank">#elmstreet</a>

Radio Azureus<a href="https://mastodon.social/@Polynomial_C" class="u-url mention" rel="nofollow noopener" target="_blank">@Polynomial_C</a> <a href="https://mastodon.social/@madeindex" class="u-url mention" rel="nofollow noopener" target="_blank">@madeindex</a> a genuine LOL 😂 emmited here<a href="https://mastodon.social/tags/Microsoft" class="mention hashtag" rel="nofollow noopener" target="_blank">#Microsoft</a> <a href="https://mastodon.social/tags/Clippy" class="mention hashtag" rel="nofollow noopener" target="_blank">#Clippy</a> <a href="https://mastodon.social/tags/AI" class="mention hashtag" rel="nofollow noopener" target="_blank">#AI</a> <a href="https://mastodon.social/tags/Nightmare" class="mention hashtag" rel="nofollow noopener" target="_blank">#Nightmare</a> on <a href="https://mastodon.social/tags/ElmStreet" class="mention hashtag" rel="nofollow noopener" target="_blank">#ElmStreet</a> <a href="https://mastodon.social/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#InfoSec</a> <a href="https://mastodon.social/tags/ArtificialIntelligence" class="mention hashtag" rel="nofollow noopener" target="_blank">#ArtificialIntelligence</a>

Recent searches

Search options

Administered by:

Server stats:

#elmstreet