4chan was still running on a version of FreeBSD from 2019

https://www.securitronlinux.com/bejiitaswrath/4chan-was-still-running-on-a-version-of-freebsd-from-2019/

20•stiray•9mo ago

Comments

stiray•9mo ago

Such high profile target without security patches for system and probably outdated pkgs/ports for at least 3 years, I am actually surprised they survived that long.

hhh•9mo ago

They survived for a decade like this. Since it was sold, basically. Only since sharty has become a dedicated adversary did it become a problem for them.

There’s a billion other issues too, i’d be surprised if it’s not gone again very soon.

pengaru•9mo ago

> The version of Ghostscript was from 2012 and this allowed a specially crafted PDF file to execute a SUID binary and the attacker to gain access.

I don't care what version of Freebsd you're using. If your webapp is running Ghostscript against user-supplied data without doing so in a throwaway VM or at least container of some sort, no amount of updating will save you. That is an insane piece of software to be feeding untrusted input to without wearing a condom.

riffraff•9mo ago

The title here says 2019 but the linked page says 2014. This confused me for a bit.

Squossifrage•9mo ago

10.1 was released in 2014 and reached EOL in 2016. The screenshot appears to show a 10.1-p45 kernel that was built from December 2016 sources in September 2019, at a time when the latest release was 11.3. However, the Subversion revision number in the screenshot (r272678M) does not match any point on the stable/10 or releng/10.1 branches. To get that uname line, assuming neither the version string nor the screenshot have been manipulated, you'd have to have checked out the head (development) branch from Subversion, synced it to r272678¹ (11.0-CURRENT, October 2014), then replaced some or all of the tree (but not the Subversion metadata) with the tip of the releng/10.1 branch before building and installing a kernel in 2019.

¹ https://cgit.freebsd.org/src/commit/?id=e15d3f3c0978fad0ebbc...

allanjude•9mo ago

The "M" at the end of that revision number suggests a "modified" tree, meaning they had their own patches that were not part of the upstream repository as well.

n2d4•9mo ago

I know we don't comment on formatting here, but WTF is this website?? I can't tell whether this is some early AI experiment or just someone trying to imitate the slang used on 4chan, and also there are ads covering literally two thirds of my screen. It almost feels like a parody. Is it?

unsnap_biceps•9mo ago

Look at other posts, they read similarly weirdly. I think it's just someone who is deeply in the 4chan orbit and communicates in that style.

wobfan•9mo ago

I don’t get it either. I stopped reading when it said the third time „this isn’t hard at all“ at first. Like, there are so many redundant and incredibly short sentences, I had a very hard time to read.

The whole message of this post could’ve been put into two structured sentences.

vermaden•9mo ago

Not from 2019 - from 2014.

FreeBSD 10.1 was released in 2014 and reached EoL in 2018.

I can compile FreeBSD 10.1 today and the displayed date by `uname` will be 2025 - that does not mean that code is from 2025 - only that it was compiled in 2025.

Hope that helps.

Clarity vs. complexity: the invisible work of subtraction

Solid-State Freezer Needs No Refrigerants

Ask HN: Will LLMs/AI Decrease Human Intelligence and Make Expertise a Commodity?

From Zero to Hero: A Brief Introduction to Spring Boot

NSA detected phone call between foreign intelligence and person close to Trump

How to Fake a Robotics Result

It's time for the world to boycott the US

Show HN: Semantic Search for terminal commands in the Browser (No Back end)

The AI CEO Experiment

Speed up responses with fast mode

MS-DOS game copy protection and cracks

Updates on GNU/Hurd progress [video]

Epstein took a photo of his 2015 dinner with Zuckerberg and Musk

MyFlames: Visualize MySQL query execution plans as interactive FlameGraphs

Show HN: LLM of Babel

A modern iperf3 alternative with a live TUI, multi-client server, QUIC support

Famfamfam Silk icons – also with CSS spritesheet

Apple is the only Big Tech company whose capex declined last quarter

Reverse-Engineering Raiders of the Lost Ark for the Atari 2600

Show HN: Deterministic NDJSON audit logs – v1.2 update (structural gaps)

The Greater Copenhagen Region could be your friend's next career move

Do Not Confirm – Fiction by OpenClaw

The Analytical Profile of Peas

Hallucinations in GPT5 – Can models say "I don't know" (June 2025)

What AI is good for, according to developers

OpenAI might pivot to the "most addictive digital friend" or face extinction

Show HN: Know how your SaaS is doing in 30 seconds

ClawdBot Ordered Me Lunch

What the News media thinks about your Indian stock investments

Running Lua on a tiny console from 2001