rowanthorpe

joined 2 years ago
[–] rowanthorpe@lemmy.ml 1 points 2 months ago

I don't know the details of that part directly, but I do remember reading things like this which seemed to indicate delisting of some maintainers (positions of responsibility, as opposed to blocking all developer contributions) who were associated with certain sanctioned Russian companies. This seems to be in line with standard sanctions being imposed by many companies & organisations in various countries (not just USA). Regardless of personal opinions about whether that was "right, wrong, or otherwise" at the time it at least seems a far cry from "an NSA compromise".

[–] rowanthorpe@lemmy.ml 2 points 2 months ago

I will try to answer these, and hope someone corrects any potential innaccuracy:

what's red?

There is a comment there saying "see deep-dive for details" so the red-highlight caveat is likely explained there.

what's the globe icon?

My assumption is that icon just indicates Free/Open-Source projects which have no "owning company" (not "based" anywhere), just globally scattered contributors.

how come some products marked not majority EU owned have the EU flag?

My guess (merely a guess) is that those are run by EU-based companies, but which don't have a solid policy guaranteeing "majority of shareholders are in the EU" (...?)

[–] rowanthorpe@lemmy.ml 2 points 2 months ago (2 children)

Having not heard of this one, I was curious so checked some sites about it, like:

https://www.reddit.com/r/linux4noobs/comments/kd0yml/does_the_nsa_have_a_backdoor_to_linux_this/

https://www.theregister.com/2022/02/23/chinese_nsa_linux/

https://www.bleepingcomputer.com/news/security/nsa-linked-bvp47-linux-backdoor-widely-undetected-for-10-years/

My quick impression from those seems to match what was said by some commenters on the FreeBSD forum - https://forums.freebsd.org/threads/nsa-linked-bvp47-linux-backdoor-widely-undetected-for-10-years.84258/

msplsh: This looks like an implant that opens a backdoor, not an intrinsic backdoor built into the OS.

and:

sko: From el reg: To us it seems whoever created the code would compromise or infect a selected Linux system and then install the backdoor on it. So if someone already gained privileges to install anything on one of your machines, it doesn't matter what it is - this host is compromised and has to be nuked from orbit.

So, unless I'm missing something this is not really about "the Linux kernel devs being compromised by NSA" as much as the endless list of Windows-targetting malware is not about "the NT kernel devs being compromised by NSA".

[–] rowanthorpe@lemmy.ml 4 points 3 months ago

For those who might skip this video thinking it will be in French which they don't speak, it is actually in English.

[–] rowanthorpe@lemmy.ml 9 points 3 months ago* (last edited 3 months ago) (5 children)

I hadn't even heard of the underlying protocol NNCP yet, and it seems to solve out of the box several things I was trying to do in some of my own hobby-projects. I'd been battling with automating and integrating Tor/I2P, Openssl, Tox, GPG, Wireguard, etc. If NNCP lives up to the hype it will be a big shortcut, when I next get time to work on stuff :-)

[–] rowanthorpe@lemmy.ml 2 points 4 months ago

Maybe this is a good "gap in the market" moment then - some global, at least not US-centric, CDN/DDOS-mitigation/edge-compute/WAN/DNS/registry competition to cloudflare's core tech. Maybe the way to increase the odds of success would be to develop an easy-install (integrated, containerised/packaged) FLOSS framework and federated control-protocol for those things with main target-userbase being IXPs around the world (yes, IXPs, not ISPs, which means it would all have to be free and open, and able to be deployed in a way that cost-handling doesn't put the IXPs in an awkward conflict-of-interest position). Importantly there is already a lot of FLOSS code available for much of this, so a large part of the work would be integration, UX, etc. Maybe it would then not need to "compete" with a behemoth like Cloudflare but instead iterate towards making some of it "default internet functionality", sidestepping it being opt-in/paid extras entirely. I know such a simplistic high-level definition sounds woefully naive, but I think starting there and discussing real-world details could lead to something...

[–] rowanthorpe@lemmy.ml 4 points 4 months ago (1 children)

In the context of the parallels now being drawn between post-WW1 Germany's slide to WW2 and present-day USA's situation, I worry that the major quality-of-life hit starting to happen in the US might be at least slightly on purpose.

Aside from the "Krasnov" explanation for such intention (which seems compelling but I haven't yet seen enough evidence to have a strong opinion either way about), another perhaps simpler explanation (either instead of or in addition to that) could be that he is gambling that the same poor, disempowered, uneducated subset of people in the US who end up being easily stirred into a military mindset fever are the same ones who will easily forget that the leader promising them their "national pride and identity" back is the same one whose decisions accelerated that very descent into poverty, disempowerment, and poor education (& undermined press) in order to create that pliable situation.

I vividly remember in history class seeing the photos from the post-Versailles-treaty period, of German kids flying kites made of nearly worthless Deutchmarks, and people with wheelbarrows full of notes paying for bread. Hitler was able to so easily stir up people "with no hope or dignity left" by promising prosperity based on building autobahns, factories, etc - manipulating their despair to hijack rational or compassionate thought. Anyone informed and principled enough to see through that slide to madness and act accordingly ended up running for their lives (along with the many others who had to run just for being born a certain way). It looks a bit like the situation in the US is on the precipice of sliding that way, with the compounding factor that online click-hungry faux-press and automated disinformation/propaganda bots on social networks are able to very quickly create and maintain cult-like bubbles in which a "leader" can manufacture shadows and "instruct" followers to jump at those shadows in the same breath, under the assumption that enough people will be gullible and/or lazy enough to fall for it unquestioningly.

I really think the people in the US who are not part of that subset need to be very proactive (in real-life terms, not just rage-scrolling & rage-clicking) in being the bulwark against that slide to madness, and right now - starting to react months from now might already be too late to avoid dangerous global conflicts escalating, and new ones starting. I am very wary of doom-and-gloom hyperbole, and aware that overstating things can risk fostering apathy instead of overcoming it, but I think this is one of those rare historic moments when such statements are not hyperbole.

[–] rowanthorpe@lemmy.ml 6 points 4 months ago

Having just watched it with little ones I mostly concur - any - but would suggest that with kids <= 6 be a watchful parent/guardian during some of the more intense scenes. Not due to anything graphic, just a few emotionally harrowing bits where I saw my co-viewers gripping the armrests with widening eyes, so had to whisper that I think it will all be fine in a moment.

[–] rowanthorpe@lemmy.ml 5 points 4 months ago

In-band periodic key-exchange. Pre-arrange that keys expire every X messages, and that the last (Xth) message is dedicated to sending the new key encrypted by the previous one.

[–] rowanthorpe@lemmy.ml 2 points 4 months ago

That makes sense too. I guess it's a very difficult balance to hit, for all concerned. I think a lot of the famous outbursts that happen on LKML are probably an inevitable side-effect of that balancing-act, and of maintainers being stretched in multiple directions.

[–] rowanthorpe@lemmy.ml 12 points 4 months ago (2 children)

Yeah, maybe just a good steward quality-testing the Bus Factors?

 
view more: next ›