[Toybox] DreamHost Security Alert

Rob Landley rob at landley.net
Thu Apr 25 08:32:53 PDT 2024


On 4/24/24 13:10, Rob Landley wrote:
> Alas, my website's likely to be down for a bit while I explain to them that "the
> compiler that got used to build an exploit" and "the exploit" can share strings
> because gnu is incompetent and leaks the path where things got built into the
> resulting binaries, but that does not mean that the compiler the strings came
> from in the first place is actually infected.

And it's back. Human saw the email thread at 9am and took reasonable action.

I was a little annoyed it was down all day, but eh: nine fives. Close enough.
They're cheap and I don't have to do it.

Rob

(Before them I had a server with a static IP where I ran all my own servers,
which meant I had one DNS server pointing to all the other services, and a
number of sites went "but DNS says you need TWO authoritative servers" and I
went "I'm not paying for a second static IP and all the records would point to
the first static IP so if it goes down what does being able to look up the name
of the services that aren't currently THERE accomplish? And that's before DNS
required cryptographic signatures, and then "sender permitted from" showed up in
email around then and NONE of those checkers would work without 2 DNS servers so
I _couldn't_ set it up... So yes I _could_ get one of my orange pi boards sent
to one of the raspberry pi hosting sites that give a static ipv4 as part of the
hosting package, but... I really don't want to?)


More information about the Toybox mailing list