Selfhosted
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
-
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
-
No spam posting.
-
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
-
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
-
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
-
No trolling.
Resources:
- selfh.st Newsletter and index of selfhosted software and apps
- awesome-selfhosted software
- awesome-sysadmin resources
- Self-Hosted Podcast from Jupiter Broadcasting
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
view the rest of the comments
Wow... Luckly I don't use systemd which seems to be the vector causing the sshd backdoor, via liblzma...
Pretty scary anyway.
I bet that you use software packages that are built and authored on systems that have systemd+sshd, though.
What happens if development or build machines belong to people who control projects that you trust and have been compromised?
Do you use a web browser? Do you use a graphical desktop environment? Are the machines those guys use vulnerable? Are the developers of the libraries that they depend on vulnerable?
Remember, this guy was attacking a downstream project (sshd) by compromising and signing source in a specific tarball of a library -- the malicious code never made it into git -- used by an unrelated piece of software (systemd) that some distros, not even the ssh guys, happened to link into sshd's memory space. He's trying to compromise unrelated software via elaborate supply chain attacks.