Wes_Dev @ Wes_Dev @lemmy.ml

Posts

1

Comments

219

Joined

2 yr. ago

Cut to a younger me looking at HDDs in Walmart, and wondering why the fuck they were using much higher numbers than what the drive actually had. That's when I learned the difference, and started grow my hate for advertising bullshit.

This isn't the same thing, but I'm reminded of Minecraft.

Minecraft is a massively popular game. Notch once said he planned to make it open source when its popularity died down. But now Microsoft owns it.

Not only that, but Mojang accounts don't work anymore. You have to have a Microsoft account to play it now. Even trying to download and play an older version of the game offline requires Microsoft to approve it. Microsoft is actively tightening the leash on the game because it makes them money. Open sourcing the game will likely never happen now. The best we can hope for it for versions to fall into public domain after 70-ish years.

That's how I see Microsoft. They only care about what its beneficial for them to drive profits. Working on open source projects, and open sourcing a few of their tools to get the benefits of community adoption and code review is great, sure. But they'd sooner try to incorporate Linux into Windows to keep people in their surveillance ecosystem, than to open source Windows.

Remember when Windows 10 was the last version, until they changed their minds? Remember when they floated the idea of charging a recurring subscription to use Windows, before they silently dropped the idea? Remember when there was credible talk about the next version of Windows being cloud-based where they controlled all your data and you had no privacy? Hell, you have basically no privacy on Windows 10. Trying to reclaim some involves registry edits, special third party tools, and a constant battle with automatic updates reverting your changes.

I'll say it again. Microsoft doesn't care about OSS. It's just currently beneficial for them to pretend they do.

Goggle seemed to care a lot about OSS, then started making everything in Android depend on their proprietary ecosystem to function. Now Google is using the dominant position they got by taking advantage of OSS adoption, and have been pushing privacy-invading standards and trying to get rid of ad blockers online, among many other things.

For these huge companies, OSS is just a tool to get more control and power. The moment it's no longer useful, they'll find ways to work around the license and enshitify everything again.

It keeps happening. I refuse to keep trusting bad actors every time they dangle a shiny trinket over our heads.

I do appreciate the work this person did in finding the bug. It's not all doom and gloom.

Damn fine work all around.

I know this is an issue fraught with potential legal and political BS, and it's impossible to check everything without automation these days, but is there an organization that trains and pays people to work as security researchers or QA for open source projects?

Basically, a watchdog group that finds exploitable security vulnerabilities, and works with individuals or vendors to patch them? Maybe make it a publicly owned and operated group with mandatory reporting of some kind. An international project funded by multiple governments, where it's harder for a single point of influence to hide exploits, abuse secrets, or interfere with the researchers? They don't own or control any code, just find security issues and advise.

I don't know.

Just thinking that modern security is getting pretty complicated, with so many moving parts and all.

I'm pretty sure it was Debian in the early aughts.

From Wikipedia:

Dabie bandavirus, also called SFTS virus, is a tick-borne virus in the genus Bandavirus in the family Phenuiviridae, order Bunyavirales.[2] The clinical condition it caused is known as severe fever with thrombocytopenia syndrome (SFTS).[2] SFTS is an emerging infectious disease that was first described in northeast and central China 2009 and now has also been discovered in Japan, South Korea, Vietnam and Taiwan in 2015. SFTS has a fatality rate of 12% and as high as over 30% in some areas. The major clinical symptoms of SFTS are fever, vomiting, diarrhea, multiple organ failure, thrombocytopenia (low platelet count), leukopenia (low white blood cell count) and elevated liver enzyme levels. Another outbreak occurred in East China in the early half of 2020.

This creates a single backdoor for all sign-ons on your phone.

When companies tell you they respect your privacy and you should give them your data, you tell them it doesn't matter. Because policies can change, and at the end of the day, your privacy isn't always up to an single company.

Wait. This was last year, so not the capitol riot. What happened in January last year? I'm in a decent mood today. Just going to skip looking deeper into this one. I have Factorio to play!

Oh! I think I see what you mean now. I think I get it.

I hope so. It's more likely something infected Firefox itself, and didn't get into the OS. But when I checked the modem logs, it happened up to a couple of months after the fact. That's worrying.

What's even more worrying is that a couple of websites told me I had an IP address that didn't match my home IP, but would provide the correct one if I refreshed the page a couple of times. So some kind of covert proxy or VPN type of thing was happening.

I ended up just wiping everything, to be safe. Still a bit paranoid though.

You're not wrong. But also keep in mind that headlines prime readers to think in a certain way before they even get a chance to read the context. No one will admit it, because headlines make money, but all it takes is one carefully worded headline to change how people interpret, feel about, and react to a story. Even when you're aware of this trick, it's impossible to avoid all the time. That's just how our brains work.

I'm not seeing the downside here.

"Bless your soul."

I know this story is more-so about a trojan in a trusted place, and not general security, but I have an anecdote to share.

So, time to fess up here. I previously complained about Google trapping me in captcha-hell for enabling Ublock Origin.

I was wrong.

Turns out that I had visited a movie streaming site a while before to watch a season of some show, I forget which. Without any downloads or noticeable input on my part. My Linux box apparently got hacked/malware. All I did was click the occasional "I am a human" box on the website, and sit back with popcorn.

I found out when my ISP starting blocking IP addresses some time later. I checked my modem's logs, and they showed some unexplained traffic to impossible "unassigned" IP addresses afterward. I didn't notice for a while.

I was stupid. Even worse, my phone also started behaving badly after that. I think I watched the last few episodes in bed, so must have infected that too.

Don't assume any system is automatically safe.

Context. People seemed to be complaining about Mozilla's CEO. That's why I wanted to clarify for anyone reading the comments first.

SC-Controller, although it seems to have been abandoned.

Gpodder-adaptive

People. This is talking about the CEO for Onerep, not the CEO for Mozilla.

The headline is ambiguous here. The CEO in question is from Onerep, not Mozilla.

lol, no prob.

Don't do this to me, man. Don't bring real shit into my escapism. 😣

Pretty sure the thought process goes something like this:

Since Trump is being charged under RICO, we'll point at Biden and say "Him too!".