Paul Sutton @zleap@qoto.org

Don’t forget the very real human side of the xz debacle. Some well intentioned and unpaid folks are having the worst day of their lives (so far)

From: @gabek
https://social.gabekangas.com/objects/dc4e3e3f-d1a7-4c28-a393-2acc8aeaeffd

"Isn't that a bit alarmist?" No!

xz is a base-system package in literally every distro I know of. It's everywhere.

Compromised releases have been out for five weeks and we didn't notice. We only noticed because someone caught openssh taking 10x as long to do DH exchanges and auth. If the attacker had been sneakier we wouldn't have noticed at all.

The compromised xz was in Fedora's testing versions and they didn't notice. You had the compromised version in Arch for a month (and arguably still do, but a combination of build method and source acquisition method likely renders it safe).

If some random guy didn't go "Why is openssh so slow?" and dig really deep into that, it would have hit stable/live distros and then what? We don't know.

So, kids, what's the moral of the XZ story?

If you're going to backdoor something, make sure that your changes don't impact its performance. Nobody cares about security - but if your backdoor makes the thing half a second slower, some nerd is going to dig it up.

@coffeepine Community spaces are disappearing it's a real issue especially for younger and older people, but really everyone. I don't think it's an accident either. People who don't connect, can't organize.

10/10 no notes

Imagine writing an open source twitter alternative

One that is federated and built on open protocols

Then having to deal with users who are upset you are working with an established walled garden social platform to support those very open protocols

Girl, you can't have it both ways

We can build better mod/safety tools

But

You can't moderate who gets to participate in an open protocol

Maybe let's focus on the important aspect, better mod/safety tools

signed,
fedi developer

Did you know that the government of Kerala included free software in the school curriculum inspired by protests from free software enthusiasts and a favorable stance taken by a school teachers association? https://www.gnu.org/education/edu-system-india.html Help the free software community achieve the same for other states, countries, and regions worldwide by donating to support the FSF's advocacy for free software. https://donate.fsf.org/ #LearnLibre #FreeSoftware #SoftwareFreedom

“If the International Criminal Court wants to investigate what Israel has done in Gaza only since the 7th of October, it will be busy for decades.”

– UN Special Rapporteur Francesca Albanese

https://www.youtube.com/shorts/0ZhGCHnEfuQ

#israel #usa #UnitedStates #genocide #gaza #palestine #un #FrancescaAlbanese #warCrimes #ethnicCleansing #apartheid

Meta (Facebook, Instagram, #Threads, etc.):

1. Doesn’t moderate anti-transgender hate on its platforms.

https://glaad.org/smsi/report-meta-fails-to-moderate-extreme-anti-trans-hate-across-facebook-instagram-and-threads/

2. Secretly pays teenagers to use their VPN service so they can access all their web activity, gets busted, then uses same app to man-in-the-middle attack Snapchat users to get their encrypted data.

https://techcrunch.com/2024/03/26/facebook-secret-project-snooped-snapchat-user-traffic/?guccounter=1

3. Lets Netflix see user DMs.

https://arstechnica.com/gadgets/2024/03/netflix-ad-spend-led-to-facebook-dm-access-end-of-facebook-streaming-biz-lawsuit/

Mastodon, gGmbH to Meta:

🤗 Let’s be besties!

https://www.platformer.news/mastodon-interview-eugen-rochko-meta-bluesky-threads-federation/

#mastodon #meta