HackerLangs
トップ新着トレンドコメント過去質問紹介求人

pabs3

no profile record

投稿

[untitled]

17 ポイント·投稿者 pabs3·2 か月前·0 コメント

Megalodon: Mass GitHub Repo Backdooring via CI Workflows

safedep.io
2 ポイント·投稿者 pabs3·2 か月前·0 コメント

Achiving 900M Lines of the OIN Linux System Table

softwareheritage.org
2 ポイント·投稿者 pabs3·2 か月前·0 コメント

Yearslong fight over users' right to tweak smart TV software heads to trial

arstechnica.com
8 ポイント·投稿者 pabs3·2 か月前·8 コメント

Peter Neumann has died

tuhs.org
316 ポイント·投稿者 pabs3·2 か月前·25 コメント

Google: Continued commitment to Chromebooks, and looking ahead

cloud.google.com
4 ポイント·投稿者 pabs3·2 か月前·0 コメント

Language Registries Are Unstable by Default

nesbitt.io
2 ポイント·投稿者 pabs3·2 か月前·0 コメント

Fuck You, Bambu Lab. Go Ahead, Sue Us

gamersnexus.net
123 ポイント·投稿者 pabs3·2 か月前·19 コメント

Fossier – GitHub spam prevention for open source repositories

github.com
1 ポイント·投稿者 pabs3·2 か月前·0 コメント

The Cults of TDD and GenAI

drewdevault.com
4 ポイント·投稿者 pabs3·2 か月前·0 コメント

Open Source Volunteer Opportunities

ossvolunteers.com
1 ポイント·投稿者 pabs3·2 か月前·0 コメント

AI Hard Drive Shortage Making It More Expensive, Harder to Archive the Internet

404media.co
3 ポイント·投稿者 pabs3·2 か月前·1 コメント

Software Sustainability Maturity Model (2013)

oss-watch.ac.uk
2 ポイント·投稿者 pabs3·2 か月前·0 コメント

Remembering Planet Source Code: Sharing Code Before GitHub Made It Easy

pietschsoft.com
58 ポイント·投稿者 pabs3·2 か月前·13 コメント

Building for the future: Cloudflare lays off 1,100 employees

blog.cloudflare.com
3 ポイント·投稿者 pabs3·2 か月前·1 コメント

A free solution to the GitHub Actions supply chain crisis

developerwithacat.com
1 ポイント·投稿者 pabs3·2 か月前·0 コメント

Carrot Disclosure

dustri.org
6 ポイント·投稿者 pabs3·2 か月前·0 コメント

pgBackRest is dead. Now what?

mydbanotebook.org
4 ポイント·投稿者 pabs3·2 か月前·0 コメント

Enhancing Server Availability and Security Through Failure-Oblivious Computing [pdf]

people.csail.mit.edu
1 ポイント·投稿者 pabs3·2 か月前·0 コメント

How Tech Loses Out over at Companies, Countries and Continents

berthub.eu
1 ポイント·投稿者 pabs3·3 か月前·0 コメント

コメント

pabs3
·19 日前·議論
They should classify the ICANN and the RIRs as gatekeepers too, they are the biggest ones.
pabs3
·19 日前·議論
I've been a FOSS contributor since the early 2000s, I've stopped contributing and stopped maintaining projects completely in recent years, except for when I am paid, or where there is a problem that affects me directly that I can't workaround easily. I don't feel the FOSS community values that formed part of my identity are represented in the community much these days, and AI has made that situation worse.
pabs3
·2 か月前·議論
They are likely pretty busy with their lawsuit against Vizio, which is going to trial in August and would set a very interesting precedent if won.

https://sfconservancy.org/copyleft-compliance/vizio.html
pabs3
·2 か月前·議論
I feel like that is quite unlikely. Both the hash and bitwise comparisons read both files in both cases. In the not-equal case the hash reads the entirety of both files, so its slower than a start-to-end bitwise comparison, which exits at the first not-equal bit. In the equal case, both read the entirety of both files. Various other bitwise strategies can be faster than start-to-end, rdfind for example checks the start of the file first, then the end, then the rest of the file.
pabs3
·2 か月前·議論
The OpenMoko Freerunner only had 128MB RAM, it was able to run a Linux desktop of the time, Englightenment/E16. There were lots of apps for it too. IIRC the cut down QtMoko distro ran best though.

https://wiki.openmoko.org/wiki/Neo_Freerunner https://wiki.openmoko.org/wiki/Applications https://wiki.openmoko.org/wiki/QtMoko

Before that Linux ran on the Zaurus too:

https://en.wikipedia.org/wiki/Sharp_Zaurus https://en.wikipedia.org/wiki/OpenZaurus
pabs3
·2 か月前·議論
Indeed, the Reproducible Builds community is working on fixing non-deterministic build output https://reproducible-builds.org/
pabs3
·2 か月前·議論
Build reproducibility checks usually use bitwise comparison, not hash comparison.

The Reproducible Builds project also wrote diffoscope, which goes quite far with helping identify where differences occur and how to fix them.

https://reproducible-builds.org/ https://diffoscope.org/ https://try.diffoscope.org/
pabs3
·2 か月前·議論
That sounds like a GPLv2 violation:

https://sfconservancy.org/blog/2021/mar/25/install-gplv2/ https://sfconservancy.org/blog/2021/jul/23/tivoization-and-t...
pabs3
·2 か月前·議論
There were 5G towers being attacked during COVID, because of delusional conspiracy theories:

https://www.bbc.com/news/stories-53285610 https://www.telstra.com.au/exchange/5g-health-concerns-and-c... https://www.abc.net.au/news/2020-08-03/5g-conspiracy-theory-...
pabs3
·2 か月前·議論
There is a copy of it on Software Heritage:

https://archive.softwareheritage.org/browse/origin/directory...
pabs3
·2 か月前·議論
Some links about GPL & TiVo:

https://sfconservancy.org/blog/2021/mar/25/install-gplv2/ https://sfconservancy.org/blog/2021/jul/23/tivoization-and-t... https://events19.linuxfoundation.org/wp-content/uploads/2017...
pabs3
·2 か月前·議論
I don't know what the solution to slop is. Maybe the bubble will implode at some point. Until then, just close down issues/pulls or remove projects from GitHub I guess.
pabs3
·2 か月前·議論
The xz incident was only discovered by accident, not by someone actually verifying the tarball and test cases were not malicious. We still don't have verification of tarball build reproducibility anywhere. The closest you can get to verified builds is what the bootstrappable builds community built in hex0/stage0, and what stagex built on top of that. I'm guessing even they haven't read through all that source code though. There aren't even good tools for distributing reviews, there is crev, but the stagex folks think it has some deficiencies.

https://news.ycombinator.com/item?id=47701394
pabs3
·2 か月前·議論
Thats the entire history of companies right there though? They have always socialised costs, privatised profits.
pabs3
·2 か月前·議論
Under the LGPL, statically linked Qt is also fine, as long as the user can relink your proprietary code with a modified Qt library.
pabs3
·2 か月前·議論
> someone (or something) who's concealing their identity has nothing to gain from recognition

The xz supply chain attacker hid their real identity, created fakes one and gained recognition over time in order to gain more access and add the backdoor. So TLAs and other bad actors at least are interested in gaining recognition.
pabs3
·2 か月前·議論
Tesla is full of open source software, including the Linux kernel. They probably are GPL violators though.

https://sfconservancy.org/blog/2018/may/18/tesla-incomplete-... https://sfconservancy.org/blog/2019/oct/30/calling-all-tesla... https://sfconservancy.org/blog/2023/dec/21/tesla-no-source-c...

See also this interesting slide deck about the GPLv3 and cars, I expect that regulations would mean you could not drive cars with modified software (similar to what happens with solar inverters):

https://events19.linuxfoundation.org/wp-content/uploads/2017...
pabs3
·2 か月前·議論
Related post from GamersNexus:

https://gamersnexus.net/fk-you-bambu-lab
pabs3
·2 か月前·議論
Don't get me wrong, Amazon are evil for sure, and worse than those companies.
pabs3
·2 か月前·議論
That is incorrect, the FSF licenses would require Amazon contribute code forward to their users, not back to the project.

Also, Amazon were already contributing code back when these companies changed their licenses, the companies don't care about code contributions, just money.