Thought this was a good read exploring some how the “how and why” including several apparent sock puppet accounts that convinced the original dev (Lasse Collin) to hand over the baton.
Could be a lone “black hat” or a group of “black hats”. Who knows.
Could be the result of a lot of public criticism in the news regarding Pegasus spyware. Who knows.
Could be paid by companies without any state actors involved. Who knows.
Could be a lone programmer who wants power or is seeking revenge for some heated mailing list discussion. Who knows.
The question of trust has been mentioned in this case of a sole maintainer with health problems. What I asked myself is : How did this trust develop years ago ? People trusted Linus Torvalds and used the Linux kernel to build Linux distributions with to the point that the Linux kernel became from a tiny hobby thing a giant project. At some point compiling from source code became less fashionable and most people downloaded and installed binaries. New projects started and instead of tar and gzip things like xz and zstd were embraced. When do you trust a person or a project, and who else gets on board of a project ? Nowadays something like :
is considered perfectly normal as the default installation of some software. Open source software is cool and has kind of produced a sort of revolution in technology but there is still a lot of work to do.
I tried a couple license finders and I even looked into the OSI database but I could not find a license that works pretty much like agpl but requiring payment (combined 1% of revenue per month, spread evenly over all FOSS software, if applicable) if one of these is true:...
Reminds me of this one : en.wikipedia.org/wiki/Beerware and the fact that some projects have dual licensing like www.qt.io/licensing/open-source-lgpl-obligations Not what you are asking for but I can imagine that a project can make commercial companies pay for the usage of the source code and have it free to use for non commercial purposes.
New in F-Droid. Happy to see this. In the past I used Noice but then Noice wanted Internet access and I stopped using it. It comes with Anti-Features warning. Soothing on the other hand requires very little permissions.
Welcome. This app was new in F-Droid, I noticed it here at the Latest Apps section : f-droid.org Another way to check for new apps in F-Droid is fossdroid.com
True. And the “given enough eyeballs, all bugs are shallow” is a neat sounding thing from the past when the amount of code lines was not as much as now. Sometimes it is scary to see how long a vulnerability in the Linux kernel had been there for years, “waiting” to be exploited.
Found out about the xz one on Lemmy. Years ago I was briefly subscribed to Bugtraq but that was too much. Now I’m subscribed to a few OS specific security announcement mailing lists.
We live in severe crises time sadly 😒 Currently reading a book by Gabor Maté about addiction and drug addicts, including workaholics and people addicted to shopping . It mentions how stress can deprive us from good sleep. Sleep is very important. On the other hand my own experience is that too much sleep can be as bad as too little sleep. What gives me energy is staying away from bad food and drinks and be very conscious about what to consume. Things that gets me going on : music, hobbies and work. Of course your mileage may vary. For some medicines can help, for others social interaction is important. Take care!
Regular coffee, though extremely popular, has its down sides. Unfortunately lots of people and scientific research prefer to focus on the pros of coffee. For people who for example need to be careful with dealing with stimuli, it makes sense to drink something else than coffee. A search engine search for caffeine stress mental health may bring about some less known information about this. And I know from experience that once you’re completely off regular coffee life is different. It may take a few weeks for that.
They haven’t particularly made a comment on the situation so much as acknowledged it’s happening. They seem to be going with the story that they had nothing to do with it and this is news to them. Hope to hear more from them soon so we can find out more about the situation, how and why this happened, etc....
Greentings As youve seen from the the title, i want to get a new printer as a present for my parents. Sadly they are still windows peasants and my mom somehow thinks that the HP printer on her desk has been a good financial investment, even though it has costed us more than 300 bucks in ink over the past 2 years....
Next point release for 12.6 has been postponed (micronews.debian.org)
XZ Hack - "If this timeline is correct, it’s not the modus operandi of a hobbyist. [...] It wouldn’t be surprising if it was paid for by a state actor." (lcamtuf.substack.com)
Thought this was a good read exploring some how the “how and why” including several apparent sock puppet accounts that convinced the original dev (Lasse Collin) to hand over the baton.
OnePlus 9 LineageOS installation question
Hello! I am currently attempting to install LineageOS on my OnePlus 9 to start degoogling it....
Is there a License that requires the user to donate if they make revenue?
I tried a couple license finders and I even looked into the OSI database but I could not find a license that works pretty much like agpl but requiring payment (combined 1% of revenue per month, spread evenly over all FOSS software, if applicable) if one of these is true:...
When I Became a Birder, Almost Everything Else Fell Into Place (www.nytimes.com)
Soothing Noise Player : Natural calming sounds to relax (f-droid.org)
New in F-Droid. Happy to see this. In the past I used Noice but then Noice wanted Internet access and I stopped using it. It comes with Anti-Features warning. Soothing on the other hand requires very little permissions.
Backdoors (lemmy.ml)
wetdry.world/
Life as a composer (sh.itjust.works)
How do you track security vulnerabilities?
Do you rely on mailing lists or news articles for security vulnerabilities? Please share....
Friends (if I may), how do you find the energy to do things when you're otherwise too depressed to get out of bed?
The Quest for Netflix on Asahi Linux | Blog (www.da.vidbuchanan.co.uk)
Update on Pixelfed groups (mastodon.social)
Shipping soon ™ but we heard that before. Still looking forward to it and they explicitly mention Lemmy compatibility....
Lasse Collin, the other xz maintainer, has acknowledged the backdoor (tukaani.org)
They haven’t particularly made a comment on the situation so much as acknowledged it’s happening. They seem to be going with the story that they had nothing to do with it and this is news to them. Hope to hear more from them soon so we can find out more about the situation, how and why this happened, etc....
deleted_by_author
gotta get a new printer
Greentings As youve seen from the the title, i want to get a new printer as a present for my parents. Sadly they are still windows peasants and my mom somehow thinks that the HP printer on her desk has been a good financial investment, even though it has costed us more than 300 bucks in ink over the past 2 years....
backdoor in upstream xz/liblzma leading to ssh server compromise (www.openwall.com)
YouTube is severely rate limiting Invidious instances
Today most Invidious instances are experiencing very harsh ip address rate limiting, it is becoming very very hard to watch yt videos through