|
https://boehs.org/node/everything-i-know-about-the-xz-backdoor feel free to post here every time that esr dickhead and his bullshit "enough eyes means all bugs are shallow" horseshit are proven wrong, or every time critical poo poo like sshd or openssh is hosed up because the entire software industry relies on volunteer labor to function
|
#
?
Mar 30, 2024 02:39
|
|
|
|
| # ? May 2, 2024 18:57 |
|
|
dont use open sores software
|
|
#
?
Mar 30, 2024 02:45
|
|
|
pretty sure the bugs thing was hilariously contradicted by heartbleed and no one ever says that now i do all my posting by dictating it to my secretary who types it up on an old olivetti typewriter (with a new ribbon everytime) and having her hand deliver it to jeffrey. can’t be too careful
|
|
#
?
Mar 30, 2024 07:45
|
|
|
Shaggar posted:dont use open sores software i agree, i think you should stop using this php/apache application
|
|
#
?
Mar 30, 2024 07:46
|
|
|
common misconception. pretty much all of the important parts of linux are done by paid professionals. I can see why you’d be think otherwise, because it still looks and feels like unmanaged pile of junk written by some weirdos in their mom’s basement.
|
|
#
?
Mar 30, 2024 07:57
|
|
|
The Management posted:common misconception. pretty much all of the important parts of linux are done by paid professionals. and yet here we are
|
|
#
?
Mar 30, 2024 08:01
|
|
|
all the “important” stuff is done by paid professionals but its still a dependency _chain_ and the “unimportant” links matter just as much
|
|
#
?
Mar 30, 2024 08:22
|
|
|
i get your kick against open source but pretending that poo poo wouldn't be as busted if we only left it to paid professionals is laughable. software is hot dogshit everywhere.
|
|
#
?
Mar 30, 2024 17:41
|
|
|
best programmer in the world can't meaningfully kick back against a dumbass dipshit manager that insists on pushing some bullshit change just to make a bullet point for their review/resume
|
|
#
?
Mar 30, 2024 17:42
|
|
|
idk, firstly it is unlikely that Jai Tan is a real existing person, and even if they are, it seems unlikely that what they did (the non-covert bits) would be consistent with the job they're hired to do, so to some extent code getting written by actual people actually being hired to do so would be less likely to have this happen.
|
|
#
?
Mar 30, 2024 18:05
|
|
|
Farmer Crack-rear end posted:i get your kick against open source but pretending that poo poo wouldn't be as busted if we only left it to paid professionals is laughable. software is hot dogshit everywhere. my beef is backwards from this. I am angry that people upon whose backs our entire infrastructure rests are burning out and dealing with untreated health issues because theyre spending all their time doing unglamorous, thankless and unpaid volunteer work.
|
|
#
?
Mar 30, 2024 18:47
|
|
|
oh got it. yeah, i agree with you on that. those people should stop and take care of themselves, and force industry to pony up.
|
|
#
?
Mar 30, 2024 21:02
|
|
|
i mean it'd be better if they got big paydays from all those years of toil, but i think we both know that ain't ever gonna happen
|
|
#
?
Mar 30, 2024 21:03
|
|
|
thank goodness runk hasn’t been compromised
|
|
#
?
Mar 30, 2024 22:06
|
|
|
just learned about this because i checked the company slack before going to bed like a dummy. this is gonna be fun to unfuck for all my customers
|
|
#
?
Apr 1, 2024 04:02
|
|
|
u have a strange mind necco
|
|
#
?
Apr 1, 2024 04:13
|
|
|
wait thats necco? i thought it was tusen takk
|
|
#
?
Apr 1, 2024 04:13
|
|
|
Jonny 290 posted:wait thats necco? i thought it was tusen takk no i think tusen takk is fat32 shamer
|
|
#
?
Apr 1, 2024 04:15
|
|
|
many people get the esr quote wrong. what he actually said was “with enough eyes, all bugs are Shallow Hal,” a reference to the 2001 Jack Black rom / com
|
|
#
?
Apr 1, 2024 04:28
|
|
|
rotor posted:feel free to post here every time that esr dickhead and his bullshit "enough eyes means all bugs are shallow" horseshit are proven wrong, or every time critical poo poo like sshd or openssh is hosed up because the entire software industry relies on volunteer labor to function On one level, this is it actually working. The defect was eventually discovered and fixed. Also seems to only apply to Fedora as all the other distributions are so behind on updates  https://www.helpnetsecurity.com/202...20this%20issue.
|
|
#
?
Apr 1, 2024 04:37
|
|
|
fart simpson posted:no i think tusen takk is fat32 shamer incorrect
|
|
#
?
Apr 1, 2024 05:15
|
|
|
graph posted:incorrect hmm
|
|
#
?
Apr 1, 2024 05:19
|
|
|
Jonny 290 posted:wait thats necco? i thought it was tusen takk lol yes i'm necco
|
|
#
?
Apr 1, 2024 14:22
|
|
|
if the sql is no, it's prob necco
|
|
#
?
Apr 1, 2024 14:23
|
|
|
i think the "enough eyes" thing works as long as those eyes are actually reviewing changes and not just banging out another "lgtm". closed source isnt much better because that poo poo'll be backdoored and you'll never know it
|
|
#
?
Apr 2, 2024 06:31
|
|
|
MrMoo posted:On one level, this is it actually working. The defect was eventually discovered and fixed. Agree somewhat. I mean, the entire reason this was discovered was that a rando on a mailing list noticed that some part of the software ran a bit slow and then started investigating. If this was closed-source, the only thing they could have done was to shrug their shoulders because I guess the sshd guys or whoever were being terrible programmers again. And I don't know what fantasies people have about the so called paid professionals; 5 minute review, "lgtm" and approve happens plenty among those. Let's remember this was a trusted IC*. Do you read all PRs by your coworkers as if they were a NSA mole? * and yeah, it's harder to become one of those in a professional setting vs. random projects on the internet. But certainly doable by the caliber of black-hat we're talking about here.
|
|
#
?
Apr 2, 2024 07:57
|
|
|
Which doesn't mean OSS work should continue to be done unpaid. That the work may get done in a better way should at most be a secondary concern. One of the real reason is of course that all socially useful labour time should be well compensated. FOSS is like care work in that way. If the people currently doing it stop doing it, society breaks down sooner or later. Yet they aren't paid. Obligatory reminder that any satisfactory solution to this involves smashing capitalism. But unlike care work, it isn't as morally dubious to just stop doing volunteer FOSS work for free. If I were a FOSS dev/maintainer/whatever, I would put a non-commercial license on everything* and wouldn't lift a drat finger until I got money on the table (or the contractual guarantee thereof). It is not zx's maintainers' problem that others decided to call their code in programs that run on millions of devices. Just like, dare to act in your own interests, people. And don't confuse your own interests with those of others. Rich Hickey got this right. * which doesn't mean companies can't use the software. Just not under the terms of the OSS license. That this may not make it officially Free Software or whatever is one of the political mistakes of the Free Software movement, and really makes that movement right-wing libertarian. Ocean of Milk fucked around with this message at 08:28 on Apr 2, 2024 |
|
#
?
Apr 2, 2024 08:24
|
|
|
open sores
|
|
#
?
Apr 2, 2024 08:37
|
|
|
|
|
#
?
Apr 2, 2024 08:38
|
|
|
a few of my classmates from college adopted the warrior monk foss lifestyle and the problem with asking them to just charge money is that they’re allergic to it. like straight up don’t want to work a job ever because that would mean making money and gently caress that
|
|
#
?
Apr 2, 2024 15:36
|
|
|
PIZZA.BAT posted:a few of my classmates from college adopted the warrior monk foss lifestyle and the problem with asking them to just charge money is that they’re allergic to it. like straight up don’t want to work a job ever because that would mean making money and gently caress that ? ? ? I get not wanting to work a job, but because it makes them money is weird reasoning. how do they uh, live. going to RMSs convent in the woods
|
|
#
?
Apr 2, 2024 16:06
|
|
|
never ask a jobless full-time open source contributor why both his parents have wikipedia pages
|
|
#
?
Apr 2, 2024 18:33
|
|
|
idk where he gets his money i've never interrogated it. but when i say he's living the monk lifestyle i mean it
|
|
#
?
Apr 2, 2024 18:50
|
|
|
like is he at a monastery or temple? taking care of the grounds and like performing religious/spiritual services ? or do you mean hes like obnoxiously vegan and somewhat unkempt
|
|
#
?
Apr 2, 2024 21:55
|
|
|
Share Bear posted:somewhat unkempt this would be an upgrade for a FOSS guy
|
|
#
?
Apr 2, 2024 22:34
|
|
|
PIZZA.BAT posted:idk where he gets his money i've never interrogated it. but when i say he's living the monk lifestyle i mean it he lives in a monastery or temple? am i close?
|
|
#
?
Apr 3, 2024 01:50
|
|
|
foreverally tonsured and loving it
|
|
#
?
Apr 3, 2024 01:57
|
|
|
mastodon doesn't embed on SA so you'll have to trust me that this is a good link https://mstdn.ca/@mjg59@nondeterministic.computer/112188888431503469
|
|
#
?
Apr 3, 2024 02:14
|
|
|
https://x.com/FFmpeg/status/1775178803129602500 https://x.com/FFmpeg/status/1775180561411186706
|
|
#
?
Apr 3, 2024 04:35
|
|
|
|
| # ? May 2, 2024 18:57 |
|
|
this is what i'm talkin about
|
|
#
?
Apr 3, 2024 04:48
|
|