℉ⅈℕℹℸℽ @finity@qoto.org

@kateiacy @sundogplanets Go farmer!

This place.

Quote of the day (from the Fedora devel list):

We have no mechanism to flag when J. Random Packager adds "Supplements: glibc" to their random leaf node package. As a reminder, *we are a project that allows 1,601 minimally-vetted people to deliver arbitrary code executed as root on hundreds of thousands of systems*, and this mechanism allows any one of those people to cause the package they have complete control over to be automatically pulled in as a dependency on virtually every single one of those systems.

— Adam Williamson

Again the FOSS world has proven to be vigilant and proactive in finding bugs and backdoors, IMHO. The level of transparency is stellar, especially compared to proprietary software companies. What the FOSS world has accomplished in 24 hours after detection of the backdoor code in #xz deserves a moment of humbleness. Instead we have flamewars and armchair experts shouting that we must change everything NOW. Which would introduce even more risks. Progress is made iteratively. Learn, adapt, repeat.

Easter Sunday and #TransDayOfVisibility on the same day?

This seems rather appropriate.

#TDoV #LoveThyNeighbor #Easter

people are saying the xz backdoor is likely the work of a nation state actor, and given that it appears to been slow rolled for a couple of years and immediately became obsolete before it was fully launched - you do have to admit it bears the hallmarks of a government IT project

I've long been convinced that the actual changed line of code is one of the most hilarious lines of code ever written

if ((options == (__WCLONE|__WALL)) && (current->uid = 0))
retval = -EINVAL;

I finally got around to writing about my favorite concept that came out of Apple in the 80s. https://512pixels.net/2024/03/apple-jonathan-modular-concept/