>>3117 I was withholding funds because of the RMS resignation, but I will go ahead and send it now.

>>3310 The biggest tragedy is not that someone would post retarded shit like that, the biggest tragedy is that some people would actually take seriously something that has shit like >I’m a white dude with a British accent. /Of course/ I have white male privilege. I used to joke that I fell into every job I’ve had (including my doctorate) – that, right there, is white male privilege. I have so much, that I can move to a xenophobic racist country and get a complete pass from the ‘immigrants are bad’ mentality. Many of you on the SC have such privilege – if you don’t think such privilege affects you, /then you have it/. written in it. The gall of some people to outright admit they're worthless and ask for the removal of someone else in the same email.

<US government confirms Russian SVR behind the SolarWinds hack >The United States government is formally accusing the Russian government of the SolarWinds supply-chain attack that gave hackers access to the network of multiple U.S. agencies and private tech sector companies. >The press release from the White House confirms past media reports citing unofficial sources that the Russian Foreign Intelligence Service, the SVR, was behind the SolarWinds hack. https://archive.is/Yzz89 Is it happening yet?

>>3563 not until the nukes drop. till then it's all blame shifting.

>>3563 They're just trying to ease the public into awareness. SVR even had passwords belonging to Dominions Voting System's staff since 2018, and probably fucked with that election too you can find it in the DB torrents floating around on Pirate bay.

///RESEARCHERS\\\ INTENTIONALLY CONTRIBUTE MALICIOUS CODE TO THE LINUX PROJECT https://archive.is/oHKlR

>>3761 >maintainers are cucks and don't permaban all contributions from the institution as a warning Pathetic.

>>3762 That is literally what they did though? what kind of crack cocaine are you on?

>>3761 literally nothing, this has been happening forever even gnu and anything open source gets troll submissions all the time most of what they call malicious is just amateurs coders not knowing what the fuck theyre doing and opening up security holes thats why theres so many forks for testing, its 90% to check things breaking and 10% for letting autists do the maintainers work for them and find fuck ups and troll code thats why anything outside pure debian or freebsd should be considered a joke

>>3775 >most of what they call malicious is just amateurs coders not knowing what the fuck theyre doing and opening up security holes Did you read the article? They admitted to it publicly by publishing a paper discussing potential security holes in the review process. Or at least, that was their cover. They didn't notify the maintainers beforehand. This was not amateurs submitting amateur code.

>>3776 I was speaking generally test builds are always littered with junk that gets filtered out over time by the community, the maintainers dont really do much, its why theres always a divided in distros whenever a new kernel gets released

>>3776 Those in charge of merge requests also approved it, despite the submission having a massive security flaw while only claiming to fix some typos, and banned the entire university email domain from submitting requests, when all of the malicious submissions from the University were apparently all from Gmail accounts, that I assume were handmade for this test; turning a massive repository into an imprompptu guinea pig was a shameful idea, but it reveals a major weakness in open-source development; for whatever reason (that I have suspicions for that I won't go into detail because it's almost irrelevant; no, I'm not alledging that it was sabotage, though it's not an impossible option; it's simply not what I'm thinking of at this moment), some people don't check enough to see if the things they download haven't tampered with, aside from not going to incredibly obvious websites filled with malware. Some even insist that open-source software is inherently safe, which is ill-advise and encourages the sort of mental laziness that got modern software into the mess it's in today; open-source software is only more likely to get fixed faster if security is compromised because anyone with the knowledge can fix it and submit a pull request (which does not necessarily mean it will be merged into the master branch). Here are at least two reasons why this is not the same as "open-source software is inherently safe": >you need to recompile the program or download the new latest binary of the program in order to have said patch apply to your version in the first place >as I alluded to before, a pull request may not get immediately accepted, or even accepted at all, for a myriad of reasons There's also the fact that fixing a problem is not the same as not having a problem at all, it just means the problem is less able to be a problem. But because some people don't do this, they don't actually take the time to understand what the code for the program they want to use actually does, let alone use any hash verification methods that the owner of the repository may have given the users as an option to verify if the binary is the one that the owner of the repository attempted to serve to the users. The lesson to take from this is to pay attention to merge requests. Understand the languages of the programs that you're using, pay attention to the pull requests and what they actually change, and if you download binaries, at least verify the hashes so that you're at least more sure that it's the intended one and not some malicious executable that was able to pass itself off as the real thing because you either didn't know how to verify, or you did, but you didn't do so this time and you're about to regret it. Also, banning the entire domain probably earned them some bad blood between them and some members of the university (and maybe even outside the university); again, none of the university's email addresses were submitting the malicious pull requests, so they may have angered an undetermined amount of people for an action that won't actually defend the project against malicious pull requests, or even punish those who submitted said pull requests. >>3762 As >>3763 said, they did and that's the problem; they target on the entire university's domain when the malicious code was apparently submitted by pull requests by Gmail accounts; they not only were neglectful about checking what the submission actually did, they also did an incredibly bad job at punishing the university; if they ever wanted to do it again, nothing about them banning the university's domain will stop them, as they almost never used them back in this incident (there was apparently one, but it quite literally did nothing).

>>3841 This was a pretty great post, anon; I'm increasingly interested in Information Security, so I enjoyed reading it. Thanks for the effortpost. >let alone use any hash verification methods that the owner of the repository may have given the users as an option This is probably a retarded question, but I've always wondered: what's stopping the developers from just changing the hash to cover up any changes they've made to the software after the fact? If you're given both ends of the verification process by the same people, isn't that a massive security risk in itself? I understand that it works against unintended alterations by attackers, but what if the source itself is knowingly compromised?

>>3848 Different anon here. >I understand that it works against unintended alterations by attackers That's the only thing the hash method is intended to do. The functionality (malicious or not) of the software is outside of the scope of this protection. >what if the source itself is knowingly compromised? There's no real solution outside of reading the code. You can mitigate this by only using software you get from reputable sources or sandboxing programs or whatever other method works for you, but ultimately if whatever you're using has malicious stuff in it or vulnerabilities then the only thing you can do to avert using it is reading the code. There's no magic solution.

>>3864 >That's the only thing the hash method is intended to do. Fair enough. >ultimately if whatever you're using has malicious stuff in it or vulnerabilities then the only thing you can do to avert using it is reading the code. There's no magic solution. Makes sense. Ultimately, I guess it goes without saying that's why FOSS is so important. I'm really starting to wonder if stuff like Rust, the (((Ethical Software))) "movement", the grsecurity issue, the U Minnesota scandal, the RMS goings-on, and so forth aren't all part of a coordinated dogpile to discredit FOSS now that more people are seriously interested in it. Wouldn't surprise me in the least.

>>3865 ...Huh. Apparently echoes glow even when covered in pitch-black darkness. That's actually pretty hilarious.

Over 25% Of Tor Exit Relays Spied On Users' Dark Web Activities archive.is/Cuck0

>>3848 yes, ive made that point so many times, dsa hashing is to detect changes not made by whoever signed it, eg. a mitm glownigger sending you an infected copy or an indian playing around at the hosting server its protection from thirdparties not the devs themselves if they wanted to they could put up clean source code and then compile malware, sign it and put it up for download with a clean checksum, so you check the source code -- its clean download the binary and verify the hash -- its clean and then run the malware like a fool thats why smart people are so anal about compiling from source and dont give a fuck about dsa, you can do all the fancy cryptographic buffoonery you want, it wont do shit when the attackers are the devs themselves thats why you unironically never trust code from a team with a jew in it, NEVER, t@lpiot and the israeli botnet is real

Glimpse, the fork of Gimp created solely because some cunts disliked the name, is officially pausing its development because the only guy that was developing it got fed up with the size of the project and everyone else only knew how to beg for donations or manage a social media account. The project's repository was archived, and the Discord group doesn't accept new members, so it's safe to claim that Glimpse is dead. Source: https://archive.is/ip8lc

>>4205 Wow who could've predicted this.

>go get new MVPS hosts file after getting new phone >find message at top of page >just got out of the Hospital ... I now have some severe health issues to deal with (complete Kidney failure ... need a Kidney transplant) plus another operation ... large needles inserted into my spine ...however I will try to better maintain the MVPS HOSTS file. Well just got back from Hospital again (excessive water in lungs) I find out the world goes more to shit in even the smallest of ways every day.

News on the linux phones made by Purism, they have just started shipping their very expensive USA manufactured phones this June, their most recent post on their website says there's a 60 day lead time but otherwise no estimation on when customers will receive their product and still no sign of their cheaper ///chinese\\\ made phones beginning production. For the full bloated news, it's on https://puri.sm/posts/

I'm surprised none of you faggots posted anything about this yet. Due to dev autism, Pale Turd won't support Firefox extensions anymore: https://archive.is/hs3Cy https://archive.is/QI1Xv It was already nearly unusable janky garbage before, now it has become completely unusable. I don't get why don't they just discontinue the project instead of suiciding it this way.

>>4575 What a giant fucking retard. I'm guessing the dev workload finally caught up to him.

>>4575 Waterfox is also planning to discontinue the Classic branch. I guess the old extensions will all die out soon enough.

>>4580 Waterfox modern branch fully supports modern Firefox extensions though. That's not what's hapenning with Pale Moon. Pale Moon from 29.2 onwards ONLY supports extensions that directly target Pale Moon. It doesn't and won't support any Firefox extensions at all anymore, classic or present. This means PM doesn't even have a proper adblock extension anymore, unless one of Moonchild's cumgobblers decide to port and maintain UBO.

BREAKING NEWS John McAffee was suicided today in a Spanish prison. https://archive.is/r7gUg

>>4586 What a fucking nutty man

>>4584 >modern Firefox extensions It's fucking nothing. Besides, what reasons would someone have to use Waterfox modern instead of regular Firefox? >This means PM doesn't even have a proper adblock extension anymore Yeah, that would be a much worse situation, but it can't possibly be that bad. Right? >>4586 Shit, I was still waiting for more Mcafee shenanigans to happen. That sketch he recorded was fucking genius. He didn't even go out in style.

>>4588 >what reasons would someone have to use Waterfox modern instead of regular Firefox? afaik less tracking / telemetry out of the box? >Yeah, that would be a much worse situation, but it can't possibly be that bad. Right? It is. Some users have already discovered hacks/workarounds to keep classic Firefox extensions working, but the devs said that these workarounds will be patched in future versions (so they can't be used anymore). Removing support for classic Firefox was not a tech-driven decision, it was an ego-driven decision on Moonchild's part. >He didn't even go out in style. Reminder that McAffee has publicly said that he would never kill himself and that if he ever showed up suicided it would be 100% a set up.

>>4590 Pretty sure waterfox is barely or not at all hardened against telemetry. There's literally no reason to use anything but Librewolf as your browser.

>>3111 Old news I guess but I just came across Debian's stance regarding this. They had a vote on April with 8 options >Choice 1: Call for the FSF board removal, as in rms-open-letter.github.io >Choice 2: Call for Stallman's resignation from all FSF bodies >Choice 3: Discourage collaboration with the FSF while Stallman is in a leading position >Choice 4: Call on the FSF to further its governance processes >Choice 5: Support Stallman's reinstatement, as in rms-support-letter.github.io >Choice 6: Denounce the witch-hunt against RMS and the FSF >Choice 7: Debian will not issue a public statement on this issue >Choice 8: Further Discussion 4 commie options, 2 non subversive options 2 neutral options. The system they use to select the winner seems rather complicated and I don't have the time to go through it but the non subversive options appear to have been eliminated due to not even receiving enough votes to be considered and ultimately option 7 ended up winning. https://www.debian.org/vote/2021/vote_002

>>4591 Or GNU Icecat, though Icecat is just a barebones stripped Firefox anyways.