Recent content by Mazzspeed

Personally, I'm a fan of KDE Neon user edition myself.

Wayland runs fine on Plasma 6 with the exception of flickering at times due to the fact Wayland devs have been dragging their heels merging explicit sync at the request of Nvidia quite some time ago.

A luxury is not a necessity and can be discarded when cost of living expenses are, globally, out of control. For example: Food and shelter are basic human necessities.

I see net neutrality as a good thing, I don't want large multinationals getting bandwidth priority over someone downloading a large file - The net should be neutral. As it is, where I'm located, I notice that of an evening streaming services stream just fine while speedtests highlight that my...

Which is absolutely no different to proprietary code. The facts as they stand highlight that in this case, another pair of eyes, possibly in another part of the globe the malicious actor operated from - found the payload before it was deployed on large scale. Could it have been luck? Possibly...

They seem pretty open to the problem to me, I don't see anything being kept secret in that article.

This is a good pictorial analysis of the attack. Once again, inspecting the source code wouldn't have highlighted any striking problems regarding this attack, as the malicious code was injected at compile time via the makefile and only if you downloaded the tarball - The fact that multiple devs...

This wasn't some seat of your pants attack, this was well orchestrated by someone quite knowledgeable regarding SSH & systemd dependencies - certain technical defenses were even disabled by the insertion of a single dot in an autoconf file. As stated before, you could have audited the source...

With so many eyes pouring over the code, there's no chance a backdoor or malicious actor could be kept secret in the open source community.

Perhaps my search skills are rubbish, but I can't find any such post. Is it possible for you to PM me a link?

That's a bit of an assumption. The reality is: We really have no idea how proprietary software development progresses behind the scenes, or how efficient it is for others to view commit history. Stating it's harder for malicious actors to infiltrate the proprietary software development chain...

You may not have seen my edit:

Lets not forget the point I highlighted earlier: There's little doubt the ability to readily go back through commits and audit the code is the larger part of what saved the day in this example. Without that ability, the individual that found the exploit would have just shrugged off such a...

Which is a quote out of context when they explain their reasons why. I think discovered (in time) is what the article was specifically stating. Another article elaborating on the vulnerabilities and strengths of OSS software in such a scenario (linked off Lemmy as you need an account under 'X'...