This is so great to see at a time when so many other services are putting more and more of their content behind a gate (cough Twitter). It's sad that it even feels radical at all.
Collin has been writing more extensively on IRC. A screenshot of one of his posts can be seen in [this YouTube video](https://youtu.be/0pT-dWpmwhA?t=1158).
He notes that while he was unsatisfied with some of the changes Tan introduced, Tan was nonetheless extremely helpful.
I want to caution against taking a good thing too far.
There's a certain kind of talented person who is all too conscious of their abilities and is arrogant, irascible, and demanding as a result. Linus Torvalds, Steve Jobs, Casey Muratori come to mind. Much as we might want these characters to be kinder, their irascibility is inseparable from their more admirable qualities.
Sometimes good things, even the best things, are made by difficult people, and we would lose a lot by making a community that alienates them.
That's a tough one - It's hard to fully disagree but in my experience you can have all the benefits without the poison. Accepting the poison just because of the benefits is kind of just giving up. I don't feel like the your hypothesis that the two are irrevocably linked holds up under examination.
Linus Torvalds is apparently trying to do better (although I haven't followed up with the progress), but more importantly, while he might be (have been) unnecessarily rude and aggressive, he's not entitled (as far as I know). I don't think he would jump into an issue tracker of some project he doesn't maintain and demand that certain changes be made.
It does, but has there ever been a movie that successfully portrayed a compelling drama that takes place entirely on a computer monitor? It's hard to even imagine. It's why I think the novel is still relevant in our age because all the great stories that unfold on a screen can't be acted out on a sound stage.
Searching [0] gets you halfway there: its about a compelling drama which takes place mostly in real life, but is portrayed entirely on a computer monitor.
I liked "How to Sell Drugs Online (Fast)", first season.
Generally speaking, you can use the xz story as a background for every type of movie set in the present, an eg.: think about the God's Eye story from the Fast & Furious series. Theoretically, the xz rce can give you more or less the same power God's Eys gives you in the film.
Yes, Lesse, there are many people who rely on this project and it is sad to see it fall into its current state. You must hand it over to someone who knows what they are doing. Now!
I'm guessing not just teenagers. Every day on Twitter, I see posts like [this](https://twitter.com/BGatesIsaPyscho/status/17741956933237925...) by accounts with hundreds of thousands of followers that are indistinguishable from schizophrenic ideation. These consist of extremely idiosyncratic delusions that, thanks purely to social media, find a community of believers who can reassure each other that no, they're not crazy, they're not alone, they're just the fortunate ones who've escaped the Matrix, etc. whereas in the past, their beliefs would have been penalized by the sane peers around them.
Do you ever read the newspaper or watch TV (or US State Department announcements about "what is going on")? If so, do you have similarly negative reactions to the horrible logic and epistemology on show there (not to mention the scope of influence)?
I see that post, on its own (I don't do twitter), and think it's just a clever satirical post. Something above the stage of "John Wilkes Booth drank water, and so did Joe Biden. Coincidence?"
That might be plausible if you consider the post in isolation, but the account that posted it does nothing but post paranoid ragebait of a similar flavor a dozen times a day and racked up an enormous following doing so. They're not making fun of their own audience.
>In fact, here’s an interesting thought: perhaps they have known for a while. Would we be able to tell the difference between a carefully-timed disclosure — presumably engineered to conceal “methods and sources” — and a serendipitous discovery?
I laughed way harder than I should have at this. Touted as the absolute cutting edge of automotive design by fans and yet even the Soviets did a better job with basic fitment.
Someone replied to this video by sticking his hand in his cybertruck trunk with the same result (his hand got caught). Luckily, it looked like he could bend the body panels enough for his fingers to fit in the ungodly large gaps without getting cut off.
I think this was a fanboy's attempt to say exactly what you said, but without the sarcasm.
When all this is over and Collin is in the right state of mind, I'd appreciate if they could shed some light on the social engineering side of this exploit. i.e. the process by which the intruder introduced themselves, gained and exploited their trust, any warning signs or red flags, etc.
Their experience could make for a valuable lesson and prevent future occurrences.
From what I read, it looks it was not really social engineering per se but the good old way of earning trust, just like any ordinary engineer: the intruder joined the project three years ago and started to contributed patches. He also made good suggestions on design changes. Eventually he became a committer because he consistently made value contributions to the project.
P.S., this does not look like an individual behavior. It's hard to imagine that an individual would spend three years just to plant a backdoor in sshd.
given how widespread sshd is, i'd think it is realistic because the payoff would just be worth it if successful. the whole thing is also complex enough that it would take a while to develop. the attacker starts learning the internals of xz and in the process they develop the skills to contribute patches. so development of the attack and gaining trust go hand in hand.
I mean that is still social engineering, it is just really long-game social engineering.
And IDK that we've entirely ruled out that Jia Tan didn't wind up being blackmailed or coerced or something -- although if they were really running sockpuppets to get themselves added to the project up front that is probably less likely.
