I think you are missing the part where the community also gives back to the project. At some point the project isn't really the creation of the original author anymore.
One good thing about zstd is that the main developer is full-time employed to work on it. Alas he's employed by meta to do that... But it's likely harder to social engineer your way into that project
Huh thanks for the link. I knew that just dd'ing doesn't work for windows Isos but I didn't know that it was the Linux distros doing the weird shenanigans this time around
The original email talks about a line that is in the release tar balls but not the repository itself that actually arms the exploit. This seems like something a maintainer should be able to verify.
Not saying that they should have immediately seen that that is an exploit, the exploit is obfuscated very well. But this should be a big red flag right?
I have to admit I have no practical experience as a package maintainer, but this case sounds like there is a diff between files checked into the repo and the ones provided by the tarball.
If the tarball contains new files that contain executable code that's still weird tbh, but I guess you have to trust the upstream maintainers to some degree. But a diff in a checked in file seems different to me.
I mean to be honest to only reason to use messengers is just costs, I wish SMS where as cheap as internet flatrates... But that might very well be a regional issue too
This is VERY debatable because statements that broad are almost always false. There is no need to have a cellular->IP->cellular bridge for 1:1 communication involving more servers, more service providers. If anyone wanted to they could implement at least the 1:1 signal protocol and probably even the messaging layer security protocol on top of SMS to get e2ee group communications.
Nobody wants to because cell providers sell SMS for horrendous prices compared to internet access.
The context I came upon this question is dbus filedescriptor passing but the question is valid more broadly. Assume you are implementing some service that is supposed to receive some kind of filedescriptor for client processes. You get a message that is in some kind or another malformed but you have already received the...
Just not handling the filedescriptors isn't really an option though. They should at least be closed to ensure the process doesn't run out of filedescriptors which would be a pretty easy way of DOS'ing that service
Even though millions of people left Twitter in 2023 – and millions more are ready to move as soon as there’s a viable alternative – the fediverse isn’t growing.1 One reason why: today’s fediverse is unsafe by design and unsafe by default – especially for Black and Indigenous people, women of color, LGBTAIQ2S+...
You could build something that prevents people from being offended. Let them answer simple questions like are you offenden by . If they answer yes, no allowed to join.
That would still require posts or communities to reliably label their contents correctly right?
Maybe the only solution is sulfuric acid. (or alcohol)
I strongly belief that if we all strived to get the maximum amount of alcohol into our bellies instead of the maximum amount of money into our accounts society would be much nicer.
Our school systems are admined by teachers with only half a clue of what they are doing with only a few hours per week as a budget. This isn’t meant as an offense, math teachers that like to fiddle with computers in their free time are just not qualified to run the infrastructure for schools
It kinda limits the spectrum of playable characters though right? The others can notice that that’s going on and either go PvP or kick the person out of the party. It can actually be a cool character arc to teach the character to share loot.
Of the player themselves aren’t able to learn that though… do the same as above but irl?
Amazon CEO Andy Jassy recently told employees that those who do not want to return to the office at least three days a week should consider finding employment elsewhere. According to a recording obtained by Insider, Jassy stated “It’s past the time to disagree and commit,” adding that if employees cannot commit to the new...
Much ado about "nothing" - Xe Iaso (==Goodbye NixOS) ( xeiaso.net )
https://discourse.nixos.org/t/much-ado-about-nothing/44236...
Fwupd Will Use Zstd Compression ( 9to5linux.com )
Linux Firmware Update Utility Fwupd Will Use Zstd Compression for Future Releases...
“the lesson *I'm* choosing to take from xz, as an oss maintainer, is that anyone trying to pressure or guilt me into doing something should immediately be told no, for security reasons” ( crabby.fyi )
GNU Coreutils 9.5 Can Yield 10~20% Throughput Boost For cp, mv & cat Commands ( www.phoronix.com )
openSUSE addresses supply chain attack against xz compression library ( news.opensuse.org )
openSUSE maintainers received notification of a supply chain attack against the “xz” compression tool and “liblzma5” library....
I apologise if this is already common knowledge, but I just found out you can have multiple layers of LUKS encryption on a drive! ( lemmy.ml )
[Image description:...
What the Cursor? - An introduction to the new hyprcursor format ( blog.vaxry.net )
KDE 6 FOR ARCH LINUX IS HEREEEEEEE ( lemmy.ml )
Signal Blog: Keep your phone number private with Signal usernames ( signal.org )
Finally, we can have usernames in Signal instead of giving our phone number to everybody.
[Question] How to correctly cleanup unknown filedescriptors received over unix socket
The context I came upon this question is dbus filedescriptor passing but the question is valid more broadly. Assume you are implementing some service that is supposed to receive some kind of filedescriptor for client processes. You get a message that is in some kind or another malformed but you have already received the...
How often do you contribute to open source projects?
Their ideas are as interesting as they are frightening ( ttrpg.network )
I once had a player that wanted a Decanter of Endless Water just to waterboard people 😳
Arc Browser is live for windows and its built in Swift ( twitter.com )
The Linux Kernel Preparing To Drop Infrastructure For Old & Obsolete Graphics Drivers - Phoronix ( www.phoronix.com )
Mastodon and today's fediverse are unsafe by design and unsafe by default ( privacy.thenexus.today )
Even though millions of people left Twitter in 2023 – and millions more are ready to move as soon as there’s a viable alternative – the fediverse isn’t growing.1 One reason why: today’s fediverse is unsafe by design and unsafe by default – especially for Black and Indigenous people, women of color, LGBTAIQ2S+...
A new pilot will investigate the use of Forgejo (A non profit FOSS alternative to github and gitea) in german schools ( blog.codeberg.org )
Because I do not want to race on who rolls Investigation the fastest every room and every fight. This is a coop game dammit. ( ttrpg.network )
Amazon CEO reportedly told remote employees: ‘It’s probably not going to work out’ - The Verge ( www.theverge.com )
Amazon CEO Andy Jassy recently told employees that those who do not want to return to the office at least three days a week should consider finding employment elsewhere. According to a recording obtained by Insider, Jassy stated “It’s past the time to disagree and commit,” adding that if employees cannot commit to the new...