That counterpoint says that the only CoC he would write is “don’t be an asshole” and refutes the transphobia misgendering shit by posting the wider context where the guy is explicitly an immediate, unprovoked asshole to the person for having pronouns in their username. Tries to claim that the trans person being mocked “started it” by misgendering first, when the person in question simply assumed a gender to prove a point about the utility of pronoun tags, unlike the guy who deliberately chose to use the wrong pronouns to address someone, like an asshole.

This man is a clown fuck hyprland.

if i had money to pay for a VPN i’d just use something like real debrid. and if my ISP is middlemanning my https certs then a VPN probably isn’t going to help much.

Because my ISP gets mad about torrents, I don’t usually rewatch things, I don’t have to wait for the download to finish, I can do it on my tablet, and I don’t want to deal with cleaning up old video files every time I need to make room for the next 100+GB game install.

I agree in the sense that there are always people who will see “Now with X!” and interpret that as a selling point even if they have no idea what X is or what it does for the product. I would wager there are more people out there that couldn’t describe what part of the product is the “AI” than there are people who are genuinely enthused by what the AI is doing.

Through various stages of my life I have used torrents, streaming, Usenet, Napster, limewire, aol/IRC chat rooms, discord, and even google searches. You must adapt to whatever works.

Microsoft is asking for it. https://www.theverge.com/2024/3/26/24112500/microsoft-ai-pc-intel-windows-copilot-key-requirements

It’s not as math heavy these days. Plenty of software out there that does most lot of the heavy lifting in that department. They can probably find someone willing to take their money to train an AI on Fox News transcripts or whatever but who cares; they aren’t going to gain any serious political win from running a glorified chatbot that insists there are only two genders.

I imagine if this attacker wasn’t in a rush to get the backdoor into the upcoming Debian and Fedora stable releases he would have been able to notice and correct the increased CPU usage tell and remain undetected.

I think ideas about prevention should be more concerned with the social engineering aspect of this attack. The code itself is certainly cleverly hidden, but any bad actor who gains the kind of access as Jia did could likely pull off something similar without duplicating their specific method or technique.

as long as you’re up to date on everything here: https://boehs.org/node/everything-i-know-about-the-xz-backdoor

the only additional thing i’ve seen noted is a possibilty that they were using Arch based on investigation of the tarball that they provided to package maintainers

I don’t foresee anyone with the kind of data needed to do more investigation releasing it to the public, so I doubt we’re going to be getting any satisfying answers to this. Microsoft may have an internal team combing through github logs, but if they find anything they’re unlikely to be sharing it with anyone but law enforcement agencies.

we know about the singapore VPN because they connected to IRC on libera chat with it. the only reason I can think people would believe they’re from hong kong is because of the pseudonym they used, but it’s not like that proves anything.

see link posted in another user’s reply: https://boehs.org/node/everything-i-know-about-the-xz-backdoor#irc

he was using a singapore VPN and had access to multiple sockpuppets. we know literally nothing else about them and anything you’ve heard to the contrary is baseless rumor.

leading theory is that it was a state-sponsored actor, but frankly even that much is speculation and which state is still way up in the air.

if the stakes are so low then blocking them is as low-stakes as not, so why make a fuss about it?

i also remember having the cube around the same time in OSX somehow but I forget the method

In fairness I may be mistaken. It seems ISPs were extended common carrier protections in relation to hosting Usenet and email and I conflated that with the protocols themselves. Either way it was a long time ago and I doubt they’d extend those protections to generic web platforms these days, but I’d sure like someone to set a precedent for it.

I don’t think comparing a federated message board to smuggling drugs is as fair a comparison as say email or Usenet, also federated services which have both been granted common carrier in the past, but go off I guess.

Legally I think they’d probably be exempted from liability as a common carrier, similar to how your email server isn’t going to get sued if you mail someone a link to piracy. I doubt they’re interested in testing that theory though.

those sure are reasons but I wouldn’t call any of them good reasons.

“The U.S. Supreme Court recently ruled that affirmative action is a violation of the 14th Amendment and we believe the same reasoning will eventually be applied to the CROWN Act,” he [Barbers Hill Independent School District Superintendent] said.

from the article. they’ll probably try to take this to the supreme court and get it overturned.