4chan was still running on a version of FreeBSD from 2019

https://www.securitronlinux.com/bejiitaswrath/4chan-was-still-running-on-a-version-of-freebsd-from-2019/

20•stiray•9mo ago

Comments

stiray•9mo ago

Such high profile target without security patches for system and probably outdated pkgs/ports for at least 3 years, I am actually surprised they survived that long.

hhh•9mo ago

They survived for a decade like this. Since it was sold, basically. Only since sharty has become a dedicated adversary did it become a problem for them.

There’s a billion other issues too, i’d be surprised if it’s not gone again very soon.

pengaru•9mo ago

> The version of Ghostscript was from 2012 and this allowed a specially crafted PDF file to execute a SUID binary and the attacker to gain access.

I don't care what version of Freebsd you're using. If your webapp is running Ghostscript against user-supplied data without doing so in a throwaway VM or at least container of some sort, no amount of updating will save you. That is an insane piece of software to be feeding untrusted input to without wearing a condom.

riffraff•9mo ago

The title here says 2019 but the linked page says 2014. This confused me for a bit.

Squossifrage•9mo ago

10.1 was released in 2014 and reached EOL in 2016. The screenshot appears to show a 10.1-p45 kernel that was built from December 2016 sources in September 2019, at a time when the latest release was 11.3. However, the Subversion revision number in the screenshot (r272678M) does not match any point on the stable/10 or releng/10.1 branches. To get that uname line, assuming neither the version string nor the screenshot have been manipulated, you'd have to have checked out the head (development) branch from Subversion, synced it to r272678¹ (11.0-CURRENT, October 2014), then replaced some or all of the tree (but not the Subversion metadata) with the tip of the releng/10.1 branch before building and installing a kernel in 2019.

¹ https://cgit.freebsd.org/src/commit/?id=e15d3f3c0978fad0ebbc...

allanjude•9mo ago

The "M" at the end of that revision number suggests a "modified" tree, meaning they had their own patches that were not part of the upstream repository as well.

n2d4•9mo ago

I know we don't comment on formatting here, but WTF is this website?? I can't tell whether this is some early AI experiment or just someone trying to imitate the slang used on 4chan, and also there are ads covering literally two thirds of my screen. It almost feels like a parody. Is it?

unsnap_biceps•9mo ago

Look at other posts, they read similarly weirdly. I think it's just someone who is deeply in the 4chan orbit and communicates in that style.

wobfan•9mo ago

I don’t get it either. I stopped reading when it said the third time „this isn’t hard at all“ at first. Like, there are so many redundant and incredibly short sentences, I had a very hard time to read.

The whole message of this post could’ve been put into two structured sentences.

vermaden•9mo ago

Not from 2019 - from 2014.

FreeBSD 10.1 was released in 2014 and reached EoL in 2018.

I can compile FreeBSD 10.1 today and the displayed date by `uname` will be 2025 - that does not mean that code is from 2025 - only that it was compiled in 2025.

Hope that helps.

Ask HN: Opus 4.6 ignoring instructions, how to use 4.5 in Claude Code instead?

We Mourn Our Craft

Jim Fan calls pixels the ultimate motor controller

Exploring a Modern SMTPE 2110 Broadcast Truck with My Dad

AI UX Playground: Real-world examples of AI interaction design

The Field Guide to Design Futures

The Other Leverage in Software and AI

AUR malware scanner written in Rust

Free FFmpeg API [video]

Are AI agents ready for the workplace? A new benchmark raises doubts

Show HN: AI Watermark and Stego Scanner

Clarity vs. complexity: the invisible work of subtraction

Solid-State Freezer Needs No Refrigerants

Ask HN: Will LLMs/AI Decrease Human Intelligence and Make Expertise a Commodity?

From Zero to Hero: A Brief Introduction to Spring Boot

NSA detected phone call between foreign intelligence and person close to Trump

How to Fake a Robotics Result

It's time for the world to boycott the US

Show HN: Semantic Search for terminal commands in the Browser (No Back end)

The AI CEO Experiment

Speed up responses with fast mode

MS-DOS game copy protection and cracks

Updates on GNU/Hurd progress [video]

Epstein took a photo of his 2015 dinner with Zuckerberg and Musk

MyFlames: View MySQL execution plans as interactive FlameGraphs and BarCharts

Show HN: LLM of Babel

A modern iperf3 alternative with a live TUI, multi-client server, QUIC support

Famfamfam Silk icons – also with CSS spritesheet

Apple is the only Big Tech company whose capex declined last quarter

Reverse-Engineering Raiders of the Lost Ark for the Atari 2600