• 0 Posts
  • 15 Comments
Joined 1 year ago
cake
Cake day: August 13th, 2023

help-circle
  • The massive negative outcry over this fairly uninteresting change certainly seems oddly overblown, almost as if there are parties trying to turn it into a big political issue to paint Russia as a victim. But idk, nerds freak out over stuff all the time completely on their own.

    Giving them the benefit of the doubt, I think the Linux Foundation has a hard time being clear on the matter because it just isn’t clear. These are new laws and a global open source cooperation run by a non-profit is likely a corner case that the lawmakers did not think about at all when making them.


  • Yes, the sanctions against Russia, as mentioned by Linus. The change also said the maintainers “can come back in the future if sufficient documentation is provided”.

    My guess is that the Linux Foundation must ensure that none of the people they work with are in any way associated with any organisation, person or activity on the sanctions list. And that they preemptively removed all maintainers that might risk violating the sanctions while they work with them to establish whether they might be covered by the sanctions or not.

    Regardless of what you or they think of the sanctions, they are the law, and I don’t think anyone wants the Linux Foundation to have to spend their money on lawyers and fines because they had a maintainer who also worked on a research project funded by a sanctioned entity. (If that is how it works, IANAL)





  • This is likely because docker runs Linux in a VM on MacOS right?

    We’ve had similar problems with stuff that works on the developers Mac but not the server which is case sensitive. It can be quite insidious if it does not cause an immediate “file not found”-error but say falls back to a default config because the provided one has the wrong casing.


  • Well completion-ignore-case is enough to solve this particular problem, the other options are just sugar on top :)

    I’m going to add completion-prefix-display-length to these related bonus tips (I have it set to 9). This makes it a lot easier to compare files with long names in your tab completion.

    For example if you have a folder with these files:

    FoobarSystem-v20.69.11-CrashLog2022-12-22 FoobarSystem-v20.69.11.config FoobarSystem-v20.69.12 FoobarSystem-v20.69.12-CrashLog2023-10-02 FoobarSystem-v20.69.12.config FoobarSystem-v20.69.12.userprofiles

    Just type vim TAB to see

     ...1-CrashLog2022-12-22   ...1.config   ...2   ...2-CrashLog2023-10-02   ...2.config   ...2.userprofiles
    $vim FoobarSystem-v20.69.1
    

    GNU Readline (which is what Bash uses for input) has a lot of options (e.g. making it behave like vim), and your settings are also used in any other programs that use it for their CLI which is a nice bonus. The config file is ~/.inputrc and you’d enable the above mentioned options like this

    $include /etc/inputrc
    
    set completion-ignore-case on
    set show-all-if-ambiguous on
    set completion-map-case on
    set completion-prefix-display-length 9
    




  • But that post is Mozilla clearly speaking out against SREN because they do not want to be compelled to block certain sites.

    Are you then talking about Google Safe Browsing? Which is enabled by default in Firefox, but which does not “monitor your activities”. It compares the site you are about to visit to a downloaded list of known bad ones and warns you if it’s on the list. Hardly an Orwellian nightmare. Just turn it off or ignore the warning if you do not want it. I keep it on because I’ve never seen a false positive on that list and I understand that even I’m vulnerable to attack.

    We should be free to customize programs, free to block what we don’t need

    And you are. If you don’t want to use safe browsing, turn it off, is right there in the menu. They have given you a default that’s best for most people and the option to customize.

    Further, since it’s free software there’s really no limit to your power to customize or get rid of what you don’t need. (I understand that this is not possible for most people, but that’s why you have the menu options, this is just a final line of defense.)


  • That’s interesting. The first site on the list is the self-service login page for Banco do Brasil. Doing a little bit of digging suggests that attacking the users local environment to steal money via self-service is a widespread problem in Brazil. That would explain the need to block all add-ons that are not known safe for a page like this so they can’t swap that login QR-code. Here’s an (old) article detailing some of these types of attacks https://securelist.com/attacks-against-boletos/66591/

    I wish Mozilla would be more transparent about this, but I speculate that they might be provided these domains under NDA from the Brazilian CERT or police.

    TBH I think malicious add-ons are the new frontier of cybercrime. Most classic attacks methods are well mitigated these days, but browser add-ons are unaffected by pretty much all protections and all the sensitive business happens in the browser anyway.

    remotely monitored their browsing real-time

    it’s kind of inevitable that sometimes they have to support that giant

    What more specifically are you talking about here? The functionality we are talking about can not be used for remote monitoring. Are you saying Mozilla added this feature under duress from Google?


  • While I don’t completely understand the use cases for Mozilla’s add-on domain blocklist, I also don’t see any reason to assume malicious intent. Malicious add-ons are a very real and serious threat and it’s obvious that Mozilla need a way to quickly and remotely protect users. Doing so on a domain level is much less impactful than completely shutting down an add-on.

    Since it is obvious to the user if this is triggered, and the user has the option of disabling it per add-on or completely, what’s the real problem?

    (That said I think it’s great that people are being skeptical even of Mozilla)

    Edit: Sorry I misunderstood how this is displayed, it is not as obvious as I thought. Hopefully this will be improved. Though doing so might come with the drawback of making unwitting users more likely to disable the protection.


  • People think it’s about Stallman being bitter. But it’s because GNU is a political project with the goal of total user freedom and control over their computer. The software is a step on the way there. But if people use free software without understanding, valuing or taking advantage of the freedom it gives them, the GNU project has failed.


  • I think this is what people mean with it being “unstable”. If you keep the system up to date, things will break at some point, and it’s up to you to sort that out. This is because Arch makes very different promises and tradeoffs than something like Debian. It’s a distro for those who want or need to customize or just like to tinker.

    The reason I left Arch was because I carelessly installed a new major version of my WM which took me hours to get working. This made me realize that while learning how things work is fun, I want my OS to be a tool rather than a project.

    (If you needed to reinstall Ubuntu every six months I guess you were already using it as if it was Arch ;D)