Very good video from Veritasium about that big backdoor issue on Linux recently:
- YouTube
Bekijk je favoriete video's, luister naar de muziek die je leuk vindt, upload originele content en deel alles met vrienden, familie en anderen op YouTube.
Of course this is an issue with our trade based society 100%. How? Easy:
- The incentive to do harm in this society is quite high. For profit, for power that also leads to profit, for the fact that tribes and people are divided into groups trying to outgame the other groups. Like Iran has an incentive to hack USA, USA has an incentive to hack China, Russia has an incentive to hack the EU, and so forth. They can get sensitive information, blackmail, etc.. This is a global situation that has trade (as a practice) as the director of motives. Making people do what they do. Tribes hold onto their own resources, exploit other tribes, etc.. And so fighting with each other is natural.
If we lived in a society where trading was not a necessity and provided for all equally, we would have no reason to have tribes with borders, exploit other tribes, fight against each other when we are all in fact a big tribe, the human tribe.
- The people working on a lot of open source software struggle to work on it since they also have "day jobs". They have to TRADE to survive. Imagine people had access to their basic needs trade-free, via an UBI or whatever. More time to focus on creating secure and better software, more people who can do that. Less of those incentivized to do harm and insert backdoors.
Overall it is a cancerous trade society where humans are livestock and wolves. Consuming and being consumed.
The only sane way out of it is to HELP PEOPLE DETACH FROM THE TRADE SOCIETY. So they can be people and focus on RELEVANT STUFF.
Else it is a game of those who want to exploit and those who try to stop them. Endless....
#spam #internet #linux #veritasium #trade #TradeRuinsEverything #trade-free #foss #opensource #exploit #redhat
like this
veroandi_br, Joseph, Roma, bewild and Sasha like this.
reshared this
cobratbq - cranky-by-design and Roma reshared this.
Violet Madder
in reply to Tio • • •What we need also is economies of generosity.
Art in particular needs to run on appreciation. People need to be able to freely express their appreciation for a thing somebody else made-- while every transaction is adverserial, everybody trying to pay as little as possible to get as much as possible, especially while we're struggling to get our most basic needs met, it doesn't come naturally to toss around donations just to honor things you really like.
Cy
in reply to Tio • • •Wait, is he starting out by saying that the xz utils backdoor was the fault of people demanding that software be free and open source?
Ugh, now he's going on about the man in the middle fallacy. I agree with you, but this video is kind of crunk.
Tio
in reply to Cy • • •Not at all. Watch till the end they make good points about how open source is far more secure and versatile than proprietary software and they explain how the open source thing started.
Cy
in reply to Cy • • •And then he shows how OpenSSH is linked to XZ via (sighhhh) systemd, without one single remark or criticism of systemd. Yeah I'm done.
CC: @tio@social.trom.tf
Tio
in reply to Cy • • •Cy
in reply to Tio • • •Because it was pushed on the community by brute force and trickery, and lo and behold adding a needless (mandatory) dependency to ssh, a dependency that itself is completely sloppy and depends on everything under the sun, introduces a vulnerability to ssh.
CC: @tio@social.trom.tf
Tio
in reply to Cy • • •Who forced it on the community?
But also isnt this besides the point of the video? The video is about how people work as volunteers and try to do good things and are not supported by this society and how some bad people can take advantage of that. Also about how wonderful Linux is.
Cy
in reply to Tio • • •It was Lennart Pottering's uh... "passion" project. He's the one who demanded we all use his sound server even though it added a layer of complexity and a new point of failure, and sound already worked. You might know it as PulseAudio. That particular fellow realized a critical vulnerability in the "open source" community. None of us compile anything anymore.
So if he could get projects to add "optional" systemd support that could only be removed at compile time, then binary distributions like Debian or Arch had to choose: require systemd, or forbid it. He also has big influence in the Redhat project, so they turned everything to use systemd, and their users couldn't do shit about it. Debian/Ubuntu followed, and Arch was soon after. Because once most people (using Redhat) were using systemd, they went through the trouble of learning how to use it, and came to expect it.
Even if it could be made secure, the way it was introduced makes it really hard to avoid vulnerabilities, because uh... it's mandatory, so you just have to hope it's secure. And it's a big fat kitchen s
... Show more...It was Lennart Pottering's uh... "passion" project. He's the one who demanded we all use his sound server even though it added a layer of complexity and a new point of failure, and sound already worked. You might know it as PulseAudio. That particular fellow realized a critical vulnerability in the "open source" community. None of us compile anything anymore.
So if he could get projects to add "optional" systemd support that could only be removed at compile time, then binary distributions like Debian or Arch had to choose: require systemd, or forbid it. He also has big influence in the Redhat project, so they turned everything to use systemd, and their users couldn't do shit about it. Debian/Ubuntu followed, and Arch was soon after. Because once most people (using Redhat) were using systemd, they went through the trouble of learning how to use it, and came to expect it.
Even if it could be made secure, the way it was introduced makes it really hard to avoid vulnerabilities, because uh... it's mandatory, so you just have to hope it's secure. And it's a big fat kitchen sink project with no discipline about keeping things secure, because it's mandatory, so they're accountable for nothing.
CC: @tio@social.trom.tf
Tio
in reply to Cy • • •Cy
in reply to Tio • • •I suppose. The way it's being presented is just grating on me. Needed at least some commentary on how we need less dependency hell. Or as you put it, "DETACH FROM THE TRADE SOCIETY"
CC: @tio@social.trom.tf