Ok, because it could be read the other way as well which would be seriously fucked up :/

Found the war criminal! 🙋

Are you suggesting that the massacre itself wasn’t a mistake?

EDIT: To clarify, are you saying it wasn’t an immoral choice? Or simply that it was intentional?

Except we know what the lifecycle of physical storage is, it’s rate of performance decay (virtually none for solid state until failure), and that the computers performing the operations have consistent performance for the same operations over time. And again, while for a car such a small amount can’t be reasonably extrapolated, for a computer processing an extremely simple format like JSON, when it is designed to handle FAR more difficult tasks on the GPU involving billions of floating point operations, it is absolutely, without a doubt enough.

You don’t have to believe me if you don’t want but I’m very confident in my understanding of JSON’s complexity relative to typical GPU workloads, computational analysis, computer hardware durability lifecycles, and software testing principles and best practices. 🤷

Imagine you have a car powered by a nuclear reactor with enough fuel to last 100 years and a stable output of energy. Then you put it on a 5 mile road that is comprised of the same 250 small segments in various configurations, but you know for a fact that starts and ends at the same elevation. You also know that this car gains exactly as much performance going downhill as it loses going uphill.

You set the car driving and determine that, it takes 15 minutes to travel 5 miles. You reconfigure the road, same rules, and do it again. Same result, 15 minutes. You do this again and again and again and always get 15 minutes.

Do you need to test the car on a 20 mile road of the same configuration to know that it goes 20mph?

JSON is a text-based, uncompressed format. It has very strict rules and a limited number of data types and structures. Further, it cannot contain computational logic on it’s own. The contents can interpreted after being read to extract logic, but the JSON itself cannot change it’s own computational complexity. As such, it’s simple to express every possible form and complexity a JSON object can take within just 0.6 MB of data. And once they know they can process that file in however-the-fuck-many microseconds, they can extrapolate to Gbps from there

And that is the patriarchy in a nutshell: a system that is advantageous to men, and then teaches men to consider any critique of that system as a while, rather than of individuals, a threat or insult to be stamped out with vehemence. The people who do this shit genuinely believe that it’s unfair to be treated this way, never realizing that their attitude provides the infrastructure that allows thereally bad people to continue doing what they do.

It’s like ACAB; it doesn’t necessarily mean that every cop will abuse a minority given the chance, but that nearly every cop actively participates in a system that enables and protects the abuse of minorities, and that it is impossible to distinguish who the select few truly “good” cops are.

You’re still not listening and it’s obvious you don’t want to. You seem incapable of stepping outside of your own lived experience and considering the experience of others. You take everything personally, rather than looking at why the generalization might be valid even if you consider yourself an exception.

I’m a 6’1" burly, hairy, white guy with a deep voice. My wife knows I couldn’t hurt anyone. The stranger on the street does not. So I don’t take it personally when women get startled in public if I’m unexpectedly boisterous near them. And I wouldn’t take it personally if, given the chance, a woman chose to create space between us on an empty street at night.

The fact is, other men have made the world harder for us. And that sucks. But not nearly as hard as they make it for women. So if you’re going to be pissy with anyone, aim your disdain at the shithead men who created this situation instead of the women who just want to feel safe.

It’s easy to demand women “don’t discriminate” against you. It’s hard to demand men behave better. That’s the difference between punching up and punching down. Learn to punch up instead of taking the easy way.

And to head off the obvious counter argument: it’s different than race because men actually, demonstrably hold positions of power and privilege over women simply by being men. The same is not true of skin color, etc. Again, punching up vs punching down.

I don’t normally upvote flagrant trash talk but gotdam this is so on the nose for the issue at hand that I can’t help it. Can’t unilaterally condone the tone but if there were ever a time, place, and subject, this is it

You’re not listening. YOU are not portrayed as a predator. YOU need to take a backseat for the betterment of the lives of the victims of injustice. Just because something isn’t your fault doesn’t mean it’s not your responsibility to deal with it when you are in the class of people benefitting from the injustice.

As the other commentor said: punching up is very, very different than punching down.

When a specific person treats you, specifically, poorly because you’re a man, THEN you can talk about how you are not a threat, and try to convey that you are actually an ally (which is questionable based on your reactions here). But when there is a conversation about average behavior and expectations, side with the victims. You are not a victim. You do not lose more than you gain from being a man. Maybe you get weird looks when you’re solo-parenting but you still make $1 to a woman’s $0.79 or whatever the number is today for soemeone in the same job.

So please, stop focusing on yourself. It’s selfish. Try to think about the bigger picture. And yeah, take one for the team when it comes to memes about bears

Gee, I wonder if there are other groups of people who have been painted with one brush. Perhaps the is a group that is assumed to be less skilled at STEM jobs. Or another group assumed to be more prone to criminal behavior. Wouldn’t that just be something? /s

We men, especially we white men, get a fraction of the same treatment women and minorities have been getting for hundreds of years and freak out over how unfair it is. And that’s an excuse to demand everyone use kid gloves when talking about these issues?

If you’re only doing the right thing because people recognize you for it, I suggest you may not really be doing the right thing. If you’re a good person, then you should understand why the average woman may show fear and caution when encountering an unknown man.

Things like the bear meme aren’t asking about YOU. When people say “I’d rather choose the bear than a man” they aren’t saying every man. Yes, the generalization stings when you think about it being applied to yourself. But if you truly understand the issues and the hypothetical you understand that the answer isn’t about you. It’s about what women have learned to expect when encountering a man they don’t already know well enough based on prior experience

There is no question that most myths and legends were originally an attempt to convey facts, theories, or guesses into the future.

Humans are built to be pattern matching machines and prediction engines; it’s one of the big survival traits we developed through evolution and we’re better at it than any other species we know of.

BUT objectively speaking we were still really, really bad at it. Yet that doesn’t stop us from trying.

So we tend to do the best we can with the information we have available at the time.

As others have said, “physics” - and science in general - is by definition immutable. It is the thing that can be tested with specific predictions that always turn out to be correct. If I can perform an experiment today, and you can perform the same experiment 100 years from now, and (adjusting for environmental factors and measurement accuracy) we get the same results, and we can repeat that over and over, that’s science.

But our understanding, our knowledge of it, can change as you say. That doesn’t make physics less true, it just make our knowledge of and ability to describe physics less accurate.

We can trace so many stories - including modern religions - to origins that attempt to explain our limited observations in the past. They were our best effort at matching patterns and predicting outcomes in the world around us. And the inaccuracies, the limitations don’t mean we should stop believing the things we think we understand today.

It just means that we must recognize new information when it arrives as testable data, and incorporate it into our current understanding, relegating the wisdom of the past to history.

Arbitrary. It could be whatever they wanted at any time. This was a full on remote code execution (RCE) exploit. And baking it into an RSA key is pretty novel

And you’re welcome :)

Here’s how it was intended to work:

• debian, fedora, or another RPM-based distribution updates references to liblzma to 5.6.x in their latest release
• the package repository is updated (usually through automation) by getting the infected tarball and compiling it into an RPM or DEB which is added to the repo
• if the package is built using glibc and the gnu linker, and for a system that uses systemd, the exploit is enabled during compilation of the x86-64 version of the package; otherwise the result is normal
• when an application is installed that depends on liblzma, possibly during OS installation itself, the infected RPM/DEB package from the package repository is downloaded and installed (assuming the system matches the requirements above)
• in this particular case, OpenSSH was the primary target; if the attacker wanted to, it could have targeted any web-facing service that uses liblzma such as OpenSSL + Apache/nginx, etc
• when the OpenSSH server is started on an infected system, it loads the infected liblzma binary
• the attacker starts an SSH connection to the infected server, having already known about the server or by scanning the internet for visible ssh servers
• during creation of the SSH connection, the user has the option of trying to sign in using an RSA key. The attacker uses a specially formed RSA key only available to the attacker that also contains a chunk of code (the “payload”) that they want executed on the server
• liblzma is utilized to compress data in transit; when the infected liblzma decompresses the RSA key on the server, the exploit recognizes the attacker’s special RSA key and executes the payload on the host system. Otherwise, the ssh session continues as normal

This would not impact MacOS because you couldnt install the infected package, since it is only ever built for debian or RPM-based systems running systemd, using glibc and the gnu linker, and for x86-64. Unless I’m misunderstanding something, there is no way to get the compiled binaries that are infected to work on a MacOS system

Additionally, I should note that I’m not exactly an expert on this stuff; I’m just in the security space and have been reading about this as it happens, so it’s possible there are errors in my understanding. But that should at least give you the gist of the attack

Quick summary:

• only impacts Debian and Linux distributions that utilize RPM for packages
• only impacts cases where liblzma is compiled from a tarball, rather than cloned source repository or precompiled binary
• only impacts x64 architecture
• introduced in liblzma 5.6.0 which was released in late February so only impacts installs receiving updates to liblzma since then

liblzma is a library for the lzma compression format. Loosely, this means it’s used by various other pieces of software that need this type of compression, rather than being an application itself.

It is very widely used. It comes installed on most major Linux distributions and is used by software like openssh, one of the standard remote connection packages.

However, since it was only in the tarball, you wouldn’t see it widely until debian, fedora, et al release a new version that includes the latest liblzma updates. This version hadn’t been added to any of the stable release channels yet, so the typical user wouldn’t have gotten it yet.

I believe this would have gone out in debian 12.6 next week, and the attacker was actively petitioning fedora maintainers to get it added to fedora 40 & 41

The interesting thing about this situation was how much effort the attacker put in to gain trust just to get to the point where they could do this, and how targeted the vulnerability seems to have been. They tried very hard to reduce the likelihood of being caught by only hitting a limited set of configurations

All good. One can never quite tell over text heh

It’s a Starship Troopers reference

“I’m doing my part 🫡”

Or read the article instead of the bullshit click bait headline

This is a trash headline and complete click bait

Tourists are not being banned from the geisha district

Tourists will be FINED if they enter PRIVATE STREETS that are not meant for or prepared to handle the tourism industry

The geisha district will remain open to tourists. Full stop.

Sky News is garbage

Yup! Especially now that there is WingetUI I always check there first when I want to install something new