HackerTrans
TopNewTrendsCommentsPastAskShowJobs

tutfbhuf

no profile record

comments

tutfbhuf
·2 tahun yang lalu·discuss
So, you suggest that Frederik Schwan had prior knowledge of the security issues but hid the real purpose of the commit under "improve reproducibility"?
tutfbhuf
·2 tahun yang lalu·discuss
Interesting, they just switched from tarballs to source 19 hours ago. It seems to me that Frederik Schwan had prior knowledge of the security issue, or it is just a rare coincidence.
tutfbhuf
·2 tahun yang lalu·discuss
I upgraded Arch Linux on my server a few hours ago. Arch Linux does not fetch one of the compromised tarballs but builds from source and sshd does not link against liblzma on Arch.

  [root@archlinux ~]# pacman -Qi xz | head -n2  
  Name            : xz  
  Version         : 5.6.1-2  
  [root@archlinux ~]# pacman -Qi openssh | head -n2
  Name            : openssh
  Version         : 9.7p1-1
  [root@archlinux ~]# ldd $(which sshd) | grep liblzma
  [root@archlinux ~]#
It seems that Arch Linux is not affected.
tutfbhuf
·2 tahun yang lalu·discuss
You can use the TimescaleDB PostgreSQL extension. It works really well and has a high compression rate for time series data, such as metrics. It can also downsample data. I have also tried InfluxDB, but you have to rewire your mental model to fit InfluxDB (it has its own query syntax and internal mechanism). They have versions v1, v2, and v3, and it's not clear which one to use, probably v2 at this point in time. It's kind of confusing and the state of development is very much in flux.

I think TimescaleDB works well up to the single-digit terabyte range (according to various sources). If you need a solution in the multi-digit terabyte or petabyte range, then you probably need something like a distributed VictoriaMetrics setup.

https://github.com/timescale/timescaledb
tutfbhuf
·5 tahun yang lalu·discuss
It's post like these that bring up emotional flame wars.

If someone says that Wayland sucks, and tells why he thinks so, then this is a very legitimate opinion that has nothing to do with 9/11.
tutfbhuf
·8 tahun yang lalu·discuss
That's the point. It's also possible that the remote script has been altered in the meantime. Therefore it's never advisable to download the script again after inspection.