eb

eb , 9 days ago to random

Sensationalism will be the death of us. They sprayed the rocks with corn starch and food dye. But “protestors spray Stonehenge with cornstarch” doesn’t generate the clicks.

Here’s the story in a way you never heard it:

“It’s time for us to think about what our civilisation will leave behind – what is our legacy? Standing inert for generations works well for stones – not climate policy.”

For the sake of our future, the media must do better.

eb OP , 9 days ago

@GuerillaOntologist a couple things:

1. The media’s job is to inform. I don’t care what conclusions people draw, so long as they are informed. But the media, including the liberal media, is exhibiting disgusting bias
2. Re: your opinion, historically, this sort of peaceful demonstration has proved effective. Targeting oil wouldn’t tell their story: “oil is coming for the things we love”. The paint is symbolic of that. IMO people would be much more sympathetic without the spin.

briankrebs , 1 month ago to random

It's always amazed me that ID.me, which you have to use in order to interact w/ the IRS online these days, has a top level domain from the country of Montenegro. Ublock Origin says they're injecting tracking links from Italy's TLD when you login at the irs.gov website.

What's next? Cookies from Colombia? AI from Anguilla?

eb , 1 month ago

@briankrebs The US is in a position of power where I don't think a country would consider hijacking domains it uses. Not to defend this, but

eb , 1 month ago

@briankrebs @alex related: my recent https://boehs.org/node/medicicnes

eb , 1 month ago

@briankrebs @alex I’ve received private disclosure of a potential vulnerability that I have independently verified as still active. I would disclose it as we are a whole year past the responsible disclosure period, but it’s the state of Georgia and incompetent governments don’t take too kindly to this: https://www.theverge.com/2021/10/14/22726866/missouri-governor-department-elementary-secondary-education-ssn-vulnerability-disclosure

eb , 3 months ago to random

Unfolding now: https://news.ycombinator.com/item?id=39865810

• https://www.openwall.com/lists/oss-security/2024/03/29/4
• https://github.com/tukaani-project/xz/commit/cf44e4b7f5dfdbf8c78aef377c10f71e274f63c0

An incredibly technically complex #backdoor in xz (potentially also in libarchive and elsewhere) was just discovered. This backdoor has been quietly implemented over years, with the assistance of a wide array of subtly interconnected accounts:

• https://github.com/tukaani-project/xz/commit/ee44863ae88e377a5df10db007ba9bfadde3d314
• https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1067708
• https://github.com/jamespfennell/xz/pull/2

The timeline on this is going to take so long to unravel

#security #linux

eb OP , 3 months ago

https://boehs.org/node/everything-i-know-about-the-xz-backdoor

I have begun a post explaining this situation in a more detailed writeup. This is updating in realtime, and there is a lot still missing.

#security #xz #linux

eb OP , 3 months ago

Holy shit.

dabeaz , 4 months ago to random

Thought: I'd bet a lot of projects would have fewer dependencies if pip was 100x slower. Maybe we should try to do that.

eb , 3 months ago

@colby @robpike @akkartik @rhempel @dabeaz what about performance?