2024-04-05 00:59:08
Baltimore shipping channel to open by end of May - National Zero
https://nationalzero.com/2024/04/04/baltimore-shipping-channel-to-open-by-end-of-may/
Baltimore shipping channel to open by end of May - National Zero
https://nationalzero.com/2024/04/04/baltimore-shipping-channel-to-open-by-end-of-may/
🔊 #NowPlaying on BBCRadio2's #RomeshRanganathan:ForTheLoveOfHipHop
Westside Connection:
🎵 Gangsta Nation (feat. Nate Dogg)
#WestsideConnection
https://open.spotify.com/track/5riuy3KfL7XIRHKCZYRL7F
https://djsaywhaat.bandcamp.com/track/westside-connection-gangsta-nation-8bars
Everybody complaining about Biden should consider that we are pressuring a sovereign nation to change how it treats its ersatz citizenry when we have little to no standing to do so - just like not having standing in court cases.
Israel agrees to increase humanitarian aid delivery to Gaza under U.S. pressure
htt…
🔊 Auf radioeins läuft...
Nation of Language:
🎵 Spare Me The Decision
#NowPlaying #NationofLanguage
https://open.spotify.com/track/055hvmkl2KJAg0o3wMJXrF
https://nationoflanguage.bandcamp.com/track/spare-me-the-decision
My takeaway from the #xz backdoor is that I will now treat any and all “is this still being maintained”-esque messages in open source repositories with the hostility merited a nation-state supply-chain attack on open source as a concept.
"open source needs more funding!"
*nation state pays for backdoor*
"not like that!"
🔊 #NowPlaying on #KEXP's #VarietyMix
Terminal Nation:
🎵 Echoes of the Devil’s Den
#TerminalNation #newRelease 🆕 album
#Bandcamp
🎶 #Show #playlist 👇
#KEXP #playlist 👇
https://open.spotify.com/playlist/6VNALrOa3gWbk794YuIrwg
Total strangers or "bullied off the network". #Mastodon turns out to be no island of happiness. Everyones network costs a sight of a public space or forum that is disparate and ensemble. The great welcoming of this part of the Fediverse seems to rely on "internal knowledge that’s not really written down anywhere". Practise and text, law?, are informal in terms of open reading. Don&…
"open source needs more funding!"
*nation state pays for backdoor*
"not like that!"
Need a good news story? This little orca is free and back out in to the open ocean! 🥰
https://press.coop/@CBCNews/112338532034535300
🔊 Auf radioeins läuft...
The White Stripes:
🎵 Seven Nation Army
#NowPlaying #TheWhiteStripes
https://open.spotify.com/track/3dPQuX8Gs42Y7b454ybpMR
https://knsti.bandcamp.com/track/the-white-stripes-seven-nation-army-knsti-bootleg
🔊 #NowPlaying on BBCRadio1's #Breakfast with #GregJames
The White Stripes:
🎵 Seven Nation Army
#BBCR1 #TheWhiteStripes
https://open.spotify.com/track/3dPQuX8Gs42Y7b454ybpMR
https://knsti.bandcamp.com/track/the-white-stripes-seven-nation-army-knsti-bootleg
Glencore’s Hail Creek open cut coal mine released more methane pollution in 16 days than the company reported over an entire year.
https://www.thenewdaily.com.au/news/national/2024/04/16/coal-gas-giants-notice-methane-plume…
🔊 Auf radioeins läuft...
Nation of Language:
🎵 Spare Me The Decision
#NowPlaying #NationofLanguage
https://open.spotify.com/track/055hvmkl2KJAg0o3wMJXrF
https://nationoflanguage.bandcamp.com/track/spare-me-the-decision
The unholy triad of 2024: Christian nationalism, Jan. 6 and Donald Trump
Trump is supported by a Christian nationalist movement that had strong ties to the Jan. 6 perpetrators
— the jailed ones he calls “hostages,” whom he will free if elected.
Christian Nationalism is
the belief that America is a Christian nation whose divine destiny must be preserved, even if that entails open rebellion against lawful constitutional authority.
This belief flies in the face o…
🔊 #NowPlaying on KEXP's #DriveTime
Nation of Language:
🎵 Spare Me the Decision
#NationofLanguage
https://open.spotify.com/track/055hvmkl2KJAg0o3wMJXrF
https://nationoflanguage.bandcamp.com/track/spare-me-the-decision
🔊 Auf radioeins läuft...
Nation of Language:
🎵 Spare Me The Decision
#NowPlaying #NationofLanguage
https://open.spotify.com/track/055hvmkl2KJAg0o3wMJXrF
https://nationoflanguage.bandcamp.com/track/spare-me-the-decision
🔊 #NowPlaying on BBCRadio1's #Breakfast with #GregJames
The White Stripes:
🎵 Seven Nation Army
#BBCR1 #TheWhiteStripes
https://open.spotify.com/track/3dPQuX8Gs42Y7b454ybpMR
https://knsti.bandcamp.com/track/the-white-stripes-seven-nation-army-knsti-bootleg
🔊 #NowPlaying on KEXP's #DriveTime
Nation of Language:
🎵 Spare Me the Decision
#NationofLanguage
https://open.spotify.com/track/055hvmkl2KJAg0o3wMJXrF
https://nationoflanguage.bandcamp.com/track/spare-me-the-decision
🔊 Auf radioeins läuft...
Nation Of Language:
🎵 On Divison St
#NowPlaying #NationOfLanguage
https://open.spotify.com/track/353uoaeULMS88FV1HXETXo
https://nationoflanguage.bandcamp.com/track/on-division-st
My current take on the #xz situation, not having read the actual source backdoor commits yet (thanks a lot #Github for hiding the evidence at this point...) besides reading what others have written about it (cf. #rustlang for such central library dependencies would maybe (really big maybe) have made it a bit harder to push a backdoor like this because - if and only if the safety features are used idiomatically in an open source project - reasonably looking code is (a bit?) more limited in the sneaky behavior it could include. We should still very much use those languages over C/C for infrastructure code because the much larger class of unintentional bugs is significantly mitigated, but I believe (without data to back it up) that even such "bugdoor" type changes will be harder to execute. However, given the sophistication in this case, it may not have helped at all. The attacker(s) have shown to be clever enough.
6. Sandboxing library code may have helped - as the attacker(s) explicitly disabled e.g. landlock, that might already have had some impact. We should create better tooling to make it much easier to link to infrastructure libraries in a sandboxed way (although that will have performance implications in many cases).
7. Automatic reproducible builds verification would have mitigated this particular vector of backdoor distribution, and the Debian team seems to be using the reproducibility advances of the last decade to verify/rebuild the build servers. We should build library and infrastructure code in a fully reproducible manner *and* automatically verify it, e.g. with added transparency logs for both source and binary artefacts. In general, it does however not prevent this kind of supply chain attack that directly targets source code at the "leaf" projects in Git commits.
8. Verifying the real-life identity of contributors to open source projects is hard and a difficult trade-off. Something similar to the #Debian #OpenPGP #web-of-trust would potentially have mitigated this style of attack somewhat, but with a different trade-off. We might have to think much harder about trust in individual accounts, and for some projects requiring a link to a real-world country-issued ID document may be the right balance (for others it wouldn't work). That is neither an easy nor a quick path, though. Also note that sophisticated nation state attackers will probably not have a problem procuring "good" fake IDs. It might still raise the bar, though.
9. What happened here seems clearly criminal - at least under my IANAL naive understanding of EU criminal law. There was clear intent to cause harm, and that makes the specific method less important. The legal system should also be able to help in mitigating supply chain attacks; not in preventing them, but in making them more costly if attackers can be tracked down (this is difficult in itself, see point 8) and face risk of punishment after the fact.
H/T @… @… @… @… @…
🔊 Auf radioeins läuft...
Nation of Language:
🎵 Spare Me The Decision
#NowPlaying #NationofLanguage
https://open.spotify.com/track/055hvmkl2KJAg0o3wMJXrF
https://nationoflanguage.bandcamp.com/track/spare-me-the-decision
🔊 #NowPlaying on KEXP's #VarietyMix
The White Stripes:
🎵 Seven Nation Army
#TheWhiteStripes
#Bandcamp
My current take on the #xz situation, not having read the actual source backdoor commits yet (thanks a lot #Github for hiding the evidence at this point...) besides reading what others have written about it (cf. #rustlang for such central library dependencies would maybe (really big maybe) have made it a bit harder to push a backdoor like this because - if and only if the safety features are used idiomatically in an open source project - reasonably looking code is (a bit?) more limited in the sneaky behavior it could include. We should still very much use those languages over C/C for infrastructure code because the much larger class of unintentional bugs is significantly mitigated, but I believe (without data to back it up) that even such "bugdoor" type changes will be harder to execute. However, given the sophistication in this case, it may not have helped at all. The attacker(s) have shown to be clever enough.
6. Sandboxing library code may have helped - as the attacker(s) explicitly disabled e.g. landlock, that might already have had some impact. We should create better tooling to make it much easier to link to infrastructure libraries in a sandboxed way (although that will have performance implications in many cases).
7. Automatic reproducible builds verification would have mitigated this particular vector of backdoor distribution, and the Debian team seems to be using the reproducibility advances of the last decade to verify/rebuild the build servers. We should build library and infrastructure code in a fully reproducible manner *and* automatically verify it, e.g. with added transparency logs for both source and binary artefacts. In general, it does however not prevent this kind of supply chain attack that directly targets source code at the "leaf" projects in Git commits.
8. Verifying the real-life identity of contributors to open source projects is hard and a difficult trade-off. Something similar to the #Debian #OpenPGP #web-of-trust would potentially have mitigated this style of attack somewhat, but with a different trade-off. We might have to think much harder about trust in individual accounts, and for some projects requiring a link to a real-world country-issued ID document may be the right balance (for others it wouldn't work). That is neither an easy nor a quick path, though. Also note that sophisticated nation state attackers will probably not have a problem procuring "good" fake IDs. It might still raise the bar, though.
9. What happened here seems clearly criminal - at least under my IANAL naive understanding of EU criminal law. There was clear intent to cause harm, and that makes the specific method less important. The legal system should also be able to help in mitigating supply chain attacks; not in preventing them, but in making them more costly if attackers can be tracked down (this is difficult in itself, see point 8) and face risk of punishment after the fact.
H/T @… @… @… @… @…
🔊 Auf radioeins läuft...
Nation of Language:
🎵 Spare Me The Decision
#NowPlaying #NationofLanguage
https://open.spotify.com/track/055hvmkl2KJAg0o3wMJXrF
https://nationoflanguage.bandcamp.com/track/spare-me-the-decision
🔊 #NowPlaying on KEXP's #VarietyMix
Tanya Tagaq:
🎵 Colonizer (The Halluci Nation remix)
#TanyaTagaq
https://open.spotify.com/track/5f4EAqwXpQ7kJGgZ7oVN60
https://tanyatagaq.bandcamp.com/track/colonizer
🔊 Auf radioeins läuft...
Nation of Language:
🎵 Spare Me The Decision
#NowPlaying #NationofLanguage
https://open.spotify.com/track/055hvmkl2KJAg0o3wMJXrF
https://nationoflanguage.bandcamp.com/track/spare-me-the-decision
🔊 Auf radioeins läuft...
Nation of Language:
🎵 Spare Me The Decision
#NowPlaying #NationofLanguage
https://open.spotify.com/track/055hvmkl2KJAg0o3wMJXrF
https://nationoflanguage.bandcamp.com/track/spare-me-the-decision
🔊 Auf radioeins läuft...
Nation of Language:
🎵 Spare Me The Decision
#NowPlaying #NationofLanguage
https://open.spotify.com/track/055hvmkl2KJAg0o3wMJXrF
https://nationoflanguage.bandcamp.com/track/spare-me-the-decision
🔊 Auf radioeins läuft...
Zombie Nation:
🎵 Unload
#NowPlaying #ZombieNation
https://open.spotify.com/track/60d92hjxEdPKnreVo1QVhG
https://djkeoki.bandcamp.com/track/unload
🔊 Auf radioeins läuft...
Nation of Language:
🎵 Spare Me The Decision
#NowPlaying #NationofLanguage
https://open.spotify.com/track/055hvmkl2KJAg0o3wMJXrF
https://nationoflanguage.bandcamp.com/track/spare-me-the-decision
🔊 Auf radioeins läuft...
Nation Of Language:
🎵 On Divison St
#NowPlaying #NationOfLanguage
https://open.spotify.com/track/0gUJlYlu4cV90iyV2gTUmr
https://nationoflanguage.bandcamp.com/track/on-division-st
🔊 #NowPlaying on #KEXP's #DriveTime
Nation of Language:
🎵 Spare Me the Decision
#NationofLanguage
https://open.spotify.com/track/055hvmkl2KJAg0o3wMJXrF
https://nationoflanguage.bandcamp.com/track/spare-me-the-decision