4chan was still running on a version of FreeBSD from 2019

https://www.securitronlinux.com/bejiitaswrath/4chan-was-still-running-on-a-version-of-freebsd-from-2019/

20•stiray•9mo ago

Comments

stiray•9mo ago

Such high profile target without security patches for system and probably outdated pkgs/ports for at least 3 years, I am actually surprised they survived that long.

hhh•9mo ago

They survived for a decade like this. Since it was sold, basically. Only since sharty has become a dedicated adversary did it become a problem for them.

There’s a billion other issues too, i’d be surprised if it’s not gone again very soon.

pengaru•9mo ago

> The version of Ghostscript was from 2012 and this allowed a specially crafted PDF file to execute a SUID binary and the attacker to gain access.

I don't care what version of Freebsd you're using. If your webapp is running Ghostscript against user-supplied data without doing so in a throwaway VM or at least container of some sort, no amount of updating will save you. That is an insane piece of software to be feeding untrusted input to without wearing a condom.

riffraff•9mo ago

The title here says 2019 but the linked page says 2014. This confused me for a bit.

Squossifrage•9mo ago

10.1 was released in 2014 and reached EOL in 2016. The screenshot appears to show a 10.1-p45 kernel that was built from December 2016 sources in September 2019, at a time when the latest release was 11.3. However, the Subversion revision number in the screenshot (r272678M) does not match any point on the stable/10 or releng/10.1 branches. To get that uname line, assuming neither the version string nor the screenshot have been manipulated, you'd have to have checked out the head (development) branch from Subversion, synced it to r272678¹ (11.0-CURRENT, October 2014), then replaced some or all of the tree (but not the Subversion metadata) with the tip of the releng/10.1 branch before building and installing a kernel in 2019.

¹ https://cgit.freebsd.org/src/commit/?id=e15d3f3c0978fad0ebbc...

allanjude•9mo ago

The "M" at the end of that revision number suggests a "modified" tree, meaning they had their own patches that were not part of the upstream repository as well.

n2d4•9mo ago

I know we don't comment on formatting here, but WTF is this website?? I can't tell whether this is some early AI experiment or just someone trying to imitate the slang used on 4chan, and also there are ads covering literally two thirds of my screen. It almost feels like a parody. Is it?

unsnap_biceps•9mo ago

Look at other posts, they read similarly weirdly. I think it's just someone who is deeply in the 4chan orbit and communicates in that style.

wobfan•9mo ago

I don’t get it either. I stopped reading when it said the third time „this isn’t hard at all“ at first. Like, there are so many redundant and incredibly short sentences, I had a very hard time to read.

The whole message of this post could’ve been put into two structured sentences.

vermaden•9mo ago

Not from 2019 - from 2014.

FreeBSD 10.1 was released in 2014 and reached EoL in 2018.

I can compile FreeBSD 10.1 today and the displayed date by `uname` will be 2025 - that does not mean that code is from 2025 - only that it was compiled in 2025.

Hope that helps.

Supernote e-ink devices for writing like paper

We are QA Engineers now

Show HN: Measuring how AI agent teams improve issue resolution on SWE-Verified

Adversarial Reasoning: Multiagent World Models for Closing the Simulation Gap

Show HN: Poddley.com – Follow people, not podcasts

Layoffs Surge 118% in January – The Highest Since 2009

Papyrus 114: Homer's Iliad

DicePit – Real-time multiplayer Knucklebones in the browser

Turn-Based Structural Triggers: Prompt-Free Backdoors in Multi-Turn LLMs

Show HN: AI Agent Tool That Keeps You in the Loop

Why Every R Package Wrapping External Tools Needs a Sitrep() Function

Achieving Ultra-Fast AI Chat Widgets

Show HN: Runtime Fence – Kill switch for AI agents

Researchers surprised by the brain benefits of cannabis usage in adults over 40

Peter Thiel warns the Antichrist, apocalypse linked to the 'end of modernity'

USS Preble Used Helios Laser to Zap Four Drones in Expanding Testing

Show HN: Animated beach scene, made with CSS

An update on unredacting select Epstein files – DBC12.pdf liberated

Was going to share my work

Pitchfork: A devilishly good process manager for developers

You Are Here

Why social apps need to become proactive, not reactive

How patient are AI scrapers, anyway? – Random Thoughts

Vouch: A contributor trust management system

I built a terminal monitoring app and custom firmware for a clock with Claude

Tiny C Compiler

Y Combinator Founder Organizes 'March for Billionaires'

Ask HN: Need feedback on the idea I'm working on

OpenClaw Addresses Security Risks

Apple finalizes Gemini / Siri deal