[conspire] xz exploit and backdoor

Rick Moen rick at linuxmafia.com
Fri Apr 5 17:06:30 PDT 2024 

Quoting Ron / BCLUG (admin at bclug.ca):

> It's been raised as a reason that Canonical packages browsers as
> snaps now - even for them (and like them or not, they're skilled),
> merely building & packaging them is daunting.
> 
> I heard recently that Canonical is now offering paid support for
> Ubuntu 14.04. Therefore there must be enough clients asking for this
> to make it worthwhile.
> 
> And, if so, the more they could bundle as snaps - once - and have
> run on 14.04 through 24.04... well, I can see the appeal.

I always try to see both sides, albeit as perhaps you're aware (nor
not), I take a dim view of the veering towards Snaps, and long ago added
it to my long list of reasons to be wary of all things *buntu. 

People of goodwill, of course, can and do hold greatly different views
on this.  Mine, for what it's worth, is (in part) that if your distro
cannot build and package its major component applications as real,
native software conforming to a serious policy, then maybe you lack the
resources to do a distro.

This perception spills over onto, and shakes hands with, my perception
of Canonical, Ltd., as a dramatically understaffed, dramatically
underfunded, pushy little for-profit corporation always seeking to
export costs onto others and special-plead for profits.  Shuttleworth
having founded it in a tax haven (Isle of Man) was the first clue, and
pretty much all his and his company's behaviour since then has further
cemented my scant regard.

Lots and lots of tiny little all-volunteer distros manage to do a
passable job packaging big Web browsers.  Heck, Rocky Linux does a
decent job with both Chromium and Firefox -- along with other major
codebases like LibreOffice, gnumeric, abiword, inkscape, gnucash, and
Krita.  But big-talking Canonical, Ltd. cries lack of resources and 
claims it has to ship the Linux 2020s reinterpretation of a Win32 .EXE
file, instead?  Cry me a river.

Some say for Canonical building and packaging Web browsers is daunting.
(I'm aware _you_ didn't make this characterisation; you correctly
paraphrased Canonical.)  Some of us see the evidence slide down the side
of Occam's Razor labelled "they're cheap and making excuses".

Mind you, I've not been, nor will I ever be, a project manager for
*buntu, so maybe I speak in ignorance.  But my hunch is that the package
maintenance job they're shirking isn't nearly as bad as they would have
us think, especially since, I think, Debian Project developers already
do the heavy lifting.


> Hey, that was filmed here. Cool.
> 
> I just spent way too much time looking for my old neighbourhood,
> with its Potemkin Village and studio buildings without luck.
> 
> Locations:
> 
> http://www.battlestarlocations.com/locations-guide

Oh, now I'm getting sentimental, and I haven't even yet visited
Vancouver, only in photos and videos.  (I did enjoy "Continuum", where
Vancouver got a rare chance to portray itself.)

Back in the day, I saw a lot of Vancouver and especially Simon Fraser U.
in photosets from my friend the late Prof. Barry L. Beyerstein, on the
Psychology faculty at SFU -- to the day he suddenly died, of an apparent
heart attack, in his office at the Burnaby Mountain campus.  Age 60.
Year 2007.

Barry was Chair (and co-founder with his brother Dale) of BC Skeptics
Society, when I was Chair of Bay Area Skeptics.

-- 
Cheers,    "Here is how platforms die: first, they are good to their users; then
Rick Moen   they abuse their users to make things better for their business cus-
rick at linuxmafia.com tomers; finally, they abuse those business customers to claw
McQ! (4x80) back the value for themselves.  Then, they die."    -- Cory Doctorow

More information about the conspire mailing list