WinRing0 is kinda funny, as a huge amount of gamers will be using it via tweaking utilities from big companies and small hobbyists, and gamers make a huge amount of fuss about low level anti-cheat being theoretically vulnerable while not caring about an actually vulnerable unmaintained thing because it does something they want. Then there's the conundrum about whether the solution is locking out low level additions to your OS, or freedom to do what you want, and the consequences of each
No joke. And those unpaid open source devs are about to crack. The Economist did a story on them and they don't have the time and resources to fix vulnerabilities that the rest of society is taking for granted. Literally average Joes working unpaid nights and weekends and *understand* that if they don't, the internet could collapse. A huge pressure that nobody acknowledges. Big tech is getting yet another free ride and the gov't needs to step up (but won't).
Now there are a lot of paid open source devs as well. Giants like IBM and Intel employ people who do full time kernel development. I have small contributions part of my job as well.
I've tried to get into open source before, but the the vast majority of open issues I've seen on Github have been for bullshit crypto or AI repos (which are almost always just wrappers for ChatGPT) wanting devs to do their work for them.
A lot of open source is freely giving not built for free. A lot of the time there will be a commercial side connected to the project either government contracts with open source stipulations, it's part of a larger internal project the company decides to open source, or it's based on an open source software thats license requires also being open source. That said please continue supporting open source it helps make good software cheap or free.
For instance, https://en.wikipedia.org/wiki/Npm_left-pad_incident, where one person, as revenge for having one of his package names stolen out from under him, deleted his left-pad package (that did one thing: add spaces to the left side of a piece of text until it is a given length), and as a result sites like Facebook, PayPal, Spotify, and Netflix went down for hours.
Oh, there's plenty of furries running the big things, but the really nitty gritty stuff like DNS and routing backbones? That's where you find the old guys in tunics who all turn to UNIX.
Explanation: Unpaid developer maintained a lot of simple projects. A new start-up used the name of one of these then went after the developer, software hosting company sided with the rich nepo baby and kicked him. Then the world found out how important all his little open-source projects were.
Weren't they even allowed to usurp left-pad? Or do you give up on ownership by using such a platform? If I wish my work gone for good, could I sue (if I want the hassle and have the money)? I assume you'd need to register the name as trademark or such to do this.
That was part of the problem: if you don't enforce a trademark you can lose it, so they had to write to the dev. Dev says no. Owners of trademark write to package manager and show they have the trademark. Package manager gives them the repo name. Developer deletes all public packages out of anger. Transient dependencies wreck havoc. (Also, left pad ran in quadratic time. WTH? Why did this need to be a package!?)
Even before string.repeat it was one line. An ugly line, but fewer than 80 characters. Hardest part was just making the blob of spaces for the prefix. IIRC: function left_pad(s, amount) { return Array(Math.max(0, amount-s.length)).join(" ") + s; }
On phone, so I haven't tested.
Left pad the package did it by repeatedly allocating a new string with one space at the start and copying the previous contents.
"Backdoored" seems to imply they snuck it in there and now the corporation relies on it. It's not even that sneaky. The entire world's cryptographic infrastructure that protects every workstation, server, banking transaction, secure email, encrypted message, military intelligence Signal chat, etc all rely on OpenSSL, a free open source package.
Oh right. It's a reference to how the xz project had a purposefully introduced security vulnerability. I forgot about that and thus, read it wrong. DISREGARD ALL THAT.
As if that's gonna help. They have the same issues there, if not worse. Listen, I love Linux, I have daily driven it for a decade and a half. But it is not a miracle cure for every problem.
The jury is still out on what effect this will have. But with PewDiePie releasing a 20 minute video about the glory of Linux (he uses Arch, btw), my hope is that Linux makes a little leap closer to the average user.
Making it better for the average user requires a ton of development work, it's not going to magically happen especially without some major organization driving it. And before someone says "valve", valve only seem to do just enough for what aligns with their needs, i.e. working with what they can sell on their store, I doubt they care about much outside of the steam client beyond making sure it's not entirely broken on the deck
It’s not going to happen unless a hardware manufacture starts shipping a box with Linux preloaded and offers the same standard of customer support for it that Microsoft would for Linux. (No, the litany of worthwhile questions and answers on the Linux stack exchange doesn’t count as customer support for these purposes.)
It HAS happened. For the average user, Linux is now basically better than Windows. You can do all the same stuff, but aren't treated as a baby, there aren't ads everywhere, and you feel like your computer actually does what you want it to.
I think the trouble comes when you try to define the average user, and what their expectations are from the personal computer tool. How many people look at the use of the computer itself as an activity they want to plough time into, versus the applications themselves - means to the end versus the ends themselves. I don't run windows, or KDE, or whatever because I like playing with them, I want to get on and do stuff. Most don't care about the details.
RowanUnderwood
Not another https://github.com/GermanAizek/WinRing0 post.
aducksayswhat
WinRing0 is kinda funny, as a huge amount of gamers will be using it via tweaking utilities from big companies and small hobbyists, and gamers make a huge amount of fuss about low level anti-cheat being theoretically vulnerable while not caring about an actually vulnerable unmaintained thing because it does something they want. Then there's the conundrum about whether the solution is locking out low level additions to your OS, or freedom to do what you want, and the consequences of each
AWdeV
and RFK wants to put them on a registry, smh.
nixego
No joke. And those unpaid open source devs are about to crack. The Economist did a story on them and they don't have the time and resources to fix vulnerabilities that the rest of society is taking for granted. Literally average Joes working unpaid nights and weekends and *understand* that if they don't, the internet could collapse. A huge pressure that nobody acknowledges. Big tech is getting yet another free ride and the gov't needs to step up (but won't).
obarey
Now there are a lot of paid open source devs as well. Giants like IBM and Intel employ people who do full time kernel development. I have small contributions part of my job as well.
CoinedWatcher
I like they took the time to photoshop the elephant's footprints in the sand
Wikipedo
Wait, this is fake?
LadyCrickett
Yeah, this amount of weight takes at least THREE ants. They clearly removed it.
Beardedgeek72
Where in this picture are the furries running the physical infrastructure?
BryanTenn
See WinRing 0 Driver.
carrotsonfire
I've tried to get into open source before, but the the vast majority of open issues I've seen on Github have been for bullshit crypto or AI repos (which are almost always just wrappers for ChatGPT) wanting devs to do their work for them.
DanceWithJakOTheShadows
A lot of open source is freely giving not built for free. A lot of the time there will be a commercial side connected to the project either government contracts with open source stipulations, it's part of a larger internal project the company decides to open source, or it's based on an open source software thats license requires also being open source. That said please continue supporting open source it helps make good software cheap or free.
Higure
For instance, https://en.wikipedia.org/wiki/Npm_left-pad_incident, where one person, as revenge for having one of his package names stolen out from under him, deleted his left-pad package (that did one thing: add spaces to the left side of a piece of text until it is a given length), and as a result sites like Facebook, PayPal, Spotify, and Netflix went down for hours.
Dustorm
Automapper
Skystriker8492
Where are the furries in this equation?
abrubtopinion
Obligatory XKCD: https://xkcd.com/2347/
nikolateslaismyhomeboy
PunnyTiger
pretty sure the ants are excell 97 spreadsheets still working
Ekibwurm
are you sure those are ants? i heard they where more of the ..hairy .. persuation.
vegivamp
Oh, there's plenty of furries running the big things, but the really nitty gritty stuff like DNS and routing backbones? That's where you find the old guys in tunics who all turn to UNIX.
TheUnnamedPoet
Almost... furry... one might say....
TheBunnyPants
KaptainObveeus
I also saw the furries on a plane post
CorGoBrrrr
Like spiders? They're great web designers. https://media2.giphy.com/media/v1.Y2lkPWE1NzM3M2U1cm43b2UzOXFldWgzdWl1bW9pdGtid3NyMW4zMGM4OHBvcDk0ang4YSZlcD12MV9naWZzX3NlYXJjaCZjdD1n/dXGvIqo9vrof6/200w.webp
regicidalveggie
Werewolves?
Hrafna55
Gnu?
JFMiskatonic
GNU Terry Pratchett
FlatPlutoSociety
Hey, that's not Unix!
SomeDetroitGuy
npm left-pad
AveryLynel
F
GenesisMachines
Explanation: Unpaid developer maintained a lot of simple projects. A new start-up used the name of one of these then went after the developer, software hosting company sided with the rich nepo baby and kicked him. Then the world found out how important all his little open-source projects were.
Hammerwell
Weren't they even allowed to usurp left-pad? Or do you give up on ownership by using such a platform? If I wish my work gone for good, could I sue (if I want the hassle and have the money)? I assume you'd need to register the name as trademark or such to do this.
ComicSansHumor
That was part of the problem: if you don't enforce a trademark you can lose it, so they had to write to the dev. Dev says no. Owners of trademark write to package manager and show they have the trademark. Package manager gives them the repo name. Developer deletes all public packages out of anger. Transient dependencies wreck havoc. (Also, left pad ran in quadratic time. WTH? Why did this need to be a package!?)
Septcanmat
The entire JavaScript ecosystem is a bloated mess of bad software practices piled upon worse software practices.
logicalawesomeness
"Bunch of string and duct taped string" one of my mentors used to say
aducksayswhat
Why did this need to be a package!? - IIRC at the time it was made the function wasn't part of the standard library
ComicSansHumor
Even before string.repeat it was one line. An ugly line, but fewer than 80 characters. Hardest part was just making the blob of spaces for the prefix. IIRC: function left_pad(s, amount) { return Array(Math.max(0, amount-s.length)).join(" ") + s; }
On phone, so I haven't tested.
Left pad the package did it by repeatedly allocating a new string with one space at the start and copying the previous contents.
LeftRightThere
ThatHurts
"Backdoored" seems to imply they snuck it in there and now the corporation relies on it. It's not even that sneaky. The entire world's cryptographic infrastructure that protects every workstation, server, banking transaction, secure email, encrypted message, military intelligence Signal chat, etc all rely on OpenSSL, a free open source package.
LeftRightThere
tiagogafe
It's an edit, original is "A project some random person in Nebraska has been thanklessly maintaining since 2003"
ThatHurts
Oh right. It's a reference to how the xz project had a purposefully introduced security vulnerability. I forgot about that and thus, read it wrong. DISREGARD ALL THAT.
khora
I think you are missing what happened to the XZ project.
aducksayswhat
OpenSSL works as well, see the Heartbleed vuln in 2014
khora
That was an implementation bug that didn't really affect anyone practically. XZ was absolutely a backdoor.
SOUPnCandy
Install Linux
Higure
As if that's gonna help. They have the same issues there, if not worse. Listen, I love Linux, I have daily driven it for a decade and a half. But it is not a miracle cure for every problem.
Beardedgeek72
1. if you think you are an average computer user, and use Linux, you are not an average computer user.
2. See "Random Open Source Project" above.
Higure
The jury is still out on what effect this will have. But with PewDiePie releasing a 20 minute video about the glory of Linux (he uses Arch, btw), my hope is that Linux makes a little leap closer to the average user.
aducksayswhat
Making it better for the average user requires a ton of development work, it's not going to magically happen especially without some major organization driving it. And before someone says "valve", valve only seem to do just enough for what aligns with their needs, i.e. working with what they can sell on their store, I doubt they care about much outside of the steam client beyond making sure it's not entirely broken on the deck
Septcanmat
It’s not going to happen unless a hardware manufacture starts shipping a box with Linux preloaded and offers the same standard of customer support for it that Microsoft would for Linux. (No, the litany of worthwhile questions and answers on the Linux stack exchange doesn’t count as customer support for these purposes.)
Higure
It HAS happened. For the average user, Linux is now basically better than Windows. You can do all the same stuff, but aren't treated as a baby, there aren't ads everywhere, and you feel like your computer actually does what you want it to.
aducksayswhat
I think the trouble comes when you try to define the average user, and what their expectations are from the personal computer tool. How many people look at the use of the computer itself as an activity they want to plough time into, versus the applications themselves - means to the end versus the ends themselves. I don't run windows, or KDE, or whatever because I like playing with them, I want to get on and do stuff. Most don't care about the details.