secretlyaddictedtolinux

joined 5 months ago
[–] secretlyaddictedtolinux@lemmy.world 1 points 4 days ago* (last edited 4 days ago) (1 children)

I've missed extremely discounted sales for services I like and have been frustrated about it before. It seems fine for protonvpn to do this just once but the should also just add a toggle.

This isn't about them being kicked out, this is about the fact we don't know the process that resulted in this. Was this a decision Linus made after a night coding and thinking about the world? Was the foundation ordered to do it?

It lacks transparency into the process even if the outcome is fine and the way it was done doesn't feel transparent, even if it makes sense not to include Russian coders in the project.

[–] secretlyaddictedtolinux@lemmy.world 0 points 2 weeks ago* (last edited 2 weeks ago) (1 children)

These projects are so big and complex that even with open-code a malicious actor is sometimes able to insert damaging code. Who suddenly made this decision? Did the US government order them to do this? If the US government can order them to do this, can they order the elevated coding status of a "benevolent" contributor on the US government payroll who is then ordered to put in a very hard to detect exploit? Open code doesn't mean exploit free, it means exploits are more likely to be patched.

You don't get it. It's the lack of transparency about kicking these people out, not the kicking these people out, that is the problem. Who made the decision?

It makes sense to sanction Russia for being an ass but the way this was done doesn't feel open, and many people sense it.

[–] secretlyaddictedtolinux@lemmy.world 2 points 2 weeks ago* (last edited 2 weeks ago)

It would be much better if the company were not in a place in which gag orders can be issued, leaving questions as to transparency.

As it stands now, it isn't clear if Linus is just "grouchy" about this with a unique personality or if the foundation got a NSL and can't say anything. And that leads to questions about whether there were other NSLs other than this one and if it's had an impact on the code.

Exploits are so hard to detect sometimes if done well and often although they get patched... eventually... the damage is done prior to the patch. The US government, despite doing lots of good things, engages in torture. And even if the US government is the "good guy," this leads to less trust in the open-source ecosystem, no matter what the justification.

[–] secretlyaddictedtolinux@lemmy.world -3 points 2 weeks ago (1 children)

But seriously, Linus’s comment regarding this was… just… I have no words… he basically put every Russian in the same basket, called them trolls

There are a huge number of online Russian trolls. That part of his response was not hyperbolic. They do have troll factories there to influence public opinion.

The problem is this still leads to questions about transparency about the project in general and how this decision was made and whether it was made by those involved in the project or was an order from the US government.

Yes, this is exactly my same thoughts.

This is terrifying.

I don't like what the Russian government is doing and Putin is cruel and evil, albeit intelligent (which makes him even more terrible).

That being said, in the US, government agencies can order a company to do certain things, put in certain code, or whatever and then issue a gag order as part of that preventing disclosure. And although there's a limit to how much that can screw over open-source software users, we do not know what exploits nation-states have, we don't know what backdoors are in different chipsets or closed-source firmware.

If a developer writing open source code can be blacklisted so easily without transparency into the process, it suggests the company is being ordered to do certain things and not disclose them by the US government, which is a government that still engages in torture.

Notice how they are not coming out and saying "We were not ordered to do this by any government agency."

Could the foundation be forced to elevate a developer with government ties who then is able to "accidentally" put in an extremely hard to detect exploit into linux that won't be detected at first and only patched later?

I really wish companies associated with linux were not in a country that lacked transparency with government regulations and in which gag orders were not possible.

 

I am considering hosting something and am concerned about DDOS attacks.

I am morally opposed to cloudflare because I think they are an unethical and shitty company.

What privacy focused solutions are there to reduce the likelihood of a successful DDOS attack?

 

Reddit is blocking vpns and invites users to create a ticket if they think there's been an error. I almost created a ticket with email address fuckyouspez@gmail.com saying i wasn't sure if I was using a VPN with the body text just being "fuckyouspez!!!!" over and over. I didn't submit it because I thought for a moment "would this be illegal to submit?" It probably isn't, but I am not sure.

 

from Dogsbody album

view more: next ›