4rchive

Home Feed Search

Thread 106142293 - /g/ [Archived: 210 hours ago]

← Boards ← Back to /g/
Anonymous
8/4/2025, 11:01:37 PM No.106142293
lel
lel
md5: e961f97f34689a589d0f5466d3589e26🔍
The upcoming Debian 13 sends text you select to chinese servers

>With some plugins, StarDict sends the user's X11 selection from
other applications to some servers: dict.youdao.com and dict.cn
(both Chinese servers).

>This happens *by default* under Debian testing (future Debian 13)
at least, without any warning. These plugins are installed and
enabled automatically when the user installs stardict / stardict-gtk
(stardict-gtk has a Recommends on stardict-plugin), which is just
advertised as being an international dictionary lookup program.
But this would still be an issue if the user had installed the
stardict-plugin package explicitly (which contains many plugins),
as such a feature is uncommon and unexpected.

>Note also that this is transmitted via HTTP only, thus not encrypted
on the network. So someone closer to the user might also be able to
see the data.

>Here, this is even worse, because this occurs on the user's selection
(the X11 PRIMARY selection?), i.e. the user does not even have to
copy the selection to the clipboard.

https://www.openwall.com/lists/oss-security/2025/08/04/1
Replies: >>106142301 >>106142549 >>106142610 >>106143368 >>106144264 >>106144326 >>106145606
Anonymous
8/4/2025, 11:02:29 PM No.106142301
>>106142293 (OP)
Why would they fuck up this bad? Was the money that good? Holy shit.
Anonymous
8/4/2025, 11:27:34 PM No.106142549
>>106142293 (OP)
>This happens *by default* under Debian testing
Extremely misleading claim. It only happens when
>the user installs stardict / stardict-gtk [...] an international dictionary lookup program
which is a package maintained by someone named "xiao sheng wen".

That package should probably be removed due to its insecure behaviour but this does not describe default behaviour of the system and says little to nothing about Debian as a distro.
Replies: >>106143495
Anonymous
8/4/2025, 11:33:52 PM No.106142610
>>106142293 (OP)
Never use anything that is named after a divorced couple.
Anonymous
8/5/2025, 12:45:30 AM No.106143368
>>106142293 (OP)
cool story, but i cant take anyone whom types like that (a nigger faggot) seriously.
(īŊĄ>īš<īŊĄ)
8/5/2025, 12:48:20 AM No.106143398
dies from cringe
dies from cringe
md5: 125130cb59003a1ed6678532ac3bbeb8🔍
better than sending it to the nsa
Anonymous
8/5/2025, 12:57:57 AM No.106143495
1631734011715
1631734011715
md5: 5c99fea6fcaae2e3669e8df92dff614d🔍
>>106142549
"Named" vs claims to be named. Know the difference.
Anonymous
8/5/2025, 12:59:28 AM No.106143516
>Not using fedora in 2025
Deserved.
Replies: >>106143564
Anonymous
8/5/2025, 1:04:06 AM No.106143564
1735865479632588
1735865479632588
md5: f859a5972f1ddc4576d2b442e3c78090🔍
>>106143516
Fedora is even worse. Absolute trash distro.
Anonymous
8/5/2025, 1:25:57 AM No.106143783
yeah its way too soon for a new version too. bookworm feels like it came out like 2 weeks ago. why the fuck do we need a new version already? What the fuck does trixie even do that bookworm doesn't? Autistic fucking retard troons
Anonymous
8/5/2025, 2:15:28 AM No.106144244
Debian is garbage. Their spins are bloated garbage.

For anything older that is not capable of running cinnamon use tiny core linux.
Anonymous
8/5/2025, 2:18:24 AM No.106144264
>>106142293 (OP)
>The upcoming Debian 13 sends text you select to chinese servers
>This happens *by default*
>...when the user installs Chinese package stardict
lol it's a nothingburger
Anonymous
8/5/2025, 2:24:40 AM No.106144326
>>106142293 (OP)
the current state of foss
Anonymous
8/5/2025, 5:33:26 AM No.106145606
>>106142293 (OP)
bump
Anonymous
8/5/2025, 5:39:52 AM No.106145659
Xsissies, explain yourselves.
Anonymous
8/5/2025, 8:05:41 AM No.106146607
mxlinux will fix this just like how they fixed systemd being "required" for debian