Badabinski

I dunno, I’d slow your roll on that. Hanlon’s razor came to notoriety in the field of computer science for a reason. I’ve done software dev professionally for over ten years now and you wouldn’t believe the stupid shit I’ve seen people write. The only thing that sucks more than a computer is the human writing software for it.

For those unfamiliar, here’s Hanlon’s razor:

Never attribute to malice that which is adequately explained by stupidity.

EDIT: After a quick look at the CVEs, this definitely sounds like a big ol’ fuckup. It sounds like there might be some unsafe defaults in polkit as well?

EDIT: Here’s the report from the actual researchers which is MUCH more cogent than OP’s article: https://www.openwall.com/lists/oss-security/2025/06/17/4

It’s chaining two separate oopsies together. This overview on GitHub also provides more details about the libblockdev side of things: https://github.com/advisories/GHSA-mpgj-hch9-5rvx

Specifically, this section:

However, a local attacker can create a specially crafted XFS image containing a SUID-root shell, then trick udisks into resizing it. This mounts their malicious filesystem with root privileges, allowing them to execute their SUID-root shell and gain complete control of the system.

That really doesn’t sound like something intentional to me. That sounds like a HUGE oopsy-woopsy fucky-wucky, to get technical about it.

God damn that cat is chill as hell.

EDIT: just like, really fucking chill as shit yo

For people like me who didn’t know what this was:

Stremio offers a secure, modern and seamless entertainment experience. With its easy-to-use interface and diverse content library, including 4K HDR support, users can enjoy their favorite movies and TV shows across all their devices. And with its commitment to security, Stremio is the ultimate choice for a worry-free, high-quality streaming experience.

edit: honestly, that’s a shitty description. This one seems a bit better:

Stremio is a modern media center that gives you the freedom to watch everything you want.

I feel like bpf would be a decent solution for anticheat. I believe you can limit what an ebpf program can look at quite effectively.

Should have just used AGPL from the start, instead of falling back to this fucked up modified BSD license. It wouldn’t stop people from stripping the branding, but they’d have to release source code which would tell all users what they’re actually using.

These are good points. I was in a shitty mood when I made my comment and upon reflection, it’s an overstatement and not a very good take. I do still strongly support copyleft licenses and DCOs over CLAs, but I shouldn’t turn my nose up when something is released without those.

I used to be excited when companies open-sourced stuff, and that is no longer the case. I suppose I’m just frustrated and bitter and cynical when it comes to large companies doing good things.

Hence my initial whinging about how this was released with a permissive license and a copyright transfer. The longer I’m involved in this industry, the less I like permissive software licensing. There’s obviously a place for it, but my tolerance for permissive licensing is directly tied to my trust for the person or organization backing the software. I don’t trust Microsoft, and I don’t think I will ever personally contribute to their software unless my contribution is made under a copyleft license and with a DCO, not a copyright-transferring CLA.

You’re correct, but I don’t believe that a company shouldn’t be allowed to take my code and change its license in the future. If they want to take something proprietary, they can go ahead and remove my contribution from it first.

You absolutely do not need a CLA with a copyright transfer. There are plenty of large projects that use a Developer Certificate of Origin that protects the company while not allowing them to change the license of your contribution.

I’ll grant that my original post was pissy and angry and not a great take, however. You make good points here.

From the repo’s CONTRIBUTING.md:

Most contributions require you to agree to a Contributor License Agreement (CLA)

Meh, a permissive license + a copyright transfer means this shit is just a potential rugpull. MSFT can change the license of the project to source-available or even proprietary at any time and you’ll be powerless to stop it.

But k3s so niiiice.

I’ve yet to find anything more efficient than opening my shell and typing ssh or scp. Remote desktop is irrelevant to me because none of the systems I administrate will ever have a GUI.

EDIT: tab auto completion also makes things far, far smoother.

Arch Linux, on an old Compaq pizza box server when I was 16. It took me 3 months to install Arch because there was a DIP switch on the motherboard that somehow prevented you from updating the MBR or some shit.

I basically never used it and didn’t touch Linux again until 7 years later, when I used SLES 11 SP2 at a job.

“Get off vent, or I’ll have you bent.”

I wish those stupid videos weren’t the first thing my brain goes for when I see the word “Ventrilo.”

Wireguard was written with the explicit goal of having sane, secure defaults. I totally feel you w.r.t. openvpn or ipsec, since it’s easy to do something wrong. Wireguard is much easier because it simply refuses to give you the choice to do things incorrectly.

w.r.t. the certificate thing, you could set up a reverse proxy and do HSTS to ensure nobody can load up a rogue CA on your devices. HSTS has the issue that SSH has (trust on first use or whatever it’s called), but you just need to make sure nobody is MITM you for that first connecting and then you’ll be good to go. This would let you use a self-signed certificate if you do desired.

There’s a !bpsoc community around here somewhere that would love a cross post.

EDIT: it’s this: !blurrypicturesofcats@lemmy.world

I believe you can force pycharm to launch using Wayland. There’s some option you can pass to it when you launch it.

For people like me who lack context:

Authelia is an open-source authentication and authorization server and portal fulfilling the identity and access management (IAM) role of information security in providing multi-factor authentication and single sign-on (SSO) for your applications via a web portal. It acts as a companion for common reverse proxies.

I love rust and projects rewritten in Rust, but I’ve felt pretty mixed about this particular project. The strong copyleft on GNU coreutils is part of what keeps many Linux distros truly free. There’s stuff like BusyBox or BSD coreutils if you need something you can make non-free, but GNU coreutils are just so nice. I wish this reimplementation in rust had been licensed with GPL or a similar copyleft license. At least there’s no CLA with copyright transfer.

If you want to make things even more spicy, try doing in pure bash with no external process calls. Things like cat are trivial to replace. I saw some uses of sort that might be more difficult, but it wouldn’t surprise me if newer Bash versions had a way to sort arrays nicely.