While checking checksums is important, it you’re getting them from the same place as the download you might as well ignore the checksum. If someone can replace the download they can very likely also replace the checksum file download.

Maybe not updating bot mitigation fast enough would cause an even bigger outage. We don’t know from the outside.

It wasn’t an unintentional update though, it was an intentional update with a bug.

5 minutes of uninterrupted DDoS traffic from a bot farm would be pretty bad.

I’m thinking of the Apache project, and all the important projects it covers that are under an Apache license and I’m not sure where the sudden worry comes from.

HTTPD and Nginx have had very permissive licensing for years and seem to do fine.

Why are they pushover licenses? Because they don’t force people to contribute back? Because a lot of companies aren’t doing that for GPL licensed software either.

Also not really sure how this would allow a takeover, because control of the project is not related to the license.

Ah, you mean it will help with games on Asahi Linux. Thought you meant it would help get Linux on more MacBooks.

Wasn’t the issue there that there are no drivers for the specific Apple silicon hardware, so someone needs to invent them? Because we’ve had raspberry pi for ages. Software for ARM is a solved problem AFAIK.

The link I posted focuses on security, what you post focuses on privacy. Wire is a very secure protocol but WhatsApp being owned by Meta still makes it a privacy nightmare.

Signal is probably a better choice in that case.

I don’t, since I read https://www.latacora.com/blog/2019/07/16/the-pgp-problem/

Yes, because scale is not the same as redundancy.

Scale, they need worldwide coverage.

https://mastodon.world/@Mer__edith/115445705126997025

That might be true, I don’t know much about GrapheneOS. But I do know that users of open source projects expecting changes to come out of thin air, and filing bugs when they don’t, is hurting the volunteers behind open source projects. So we should all make sure to volunteer some of our own time or money to keep the projects we love going, instead of just expecting them to fix the things we dislike.

Theoretically it might be, but it’s another patch you’ll have to maintain

But if Graphene chooses not to do this, they diverge from the Android project. Which will take more time to maintain the project which will ultimately lead to more developers burning out and dropping out of the project.

It doesn’t need to be affected, but most open source projects don’t have the resources to keep going against big companies when most of their users aren’t contributing.

Alsup allegedly failed to conduct a “rigorous analysis” of the potential class and instead based his judgment on his “50 years” of experience, Anthropic said.

The judge didn’t apply critical thinking but instead just did whatever was the most likely decision based on all the information it was fed in its training? That must be very inconvenient and it would be a shame if we had companies advertising exactly that as a world changing technology.

But mint wouldn’t be possible without the work that the Ubuntu community puts into making a stable and polished distribution. And Ubuntu wouldn’t be possible without the Debian community who put in the effort to make the distribution the best for their usage.

https://xkcd.com/927/

It was already a pretty attractive target because of servers for everything. I’m not sure reaching 5% desktop market share will really make it more attractive for malware.

Sounds like SteamOS might work? https://store.steampowered.com/steamos/