Alt account of @Badabinski
Just a sweaty nerd interested in software, home automation, emotional issues, and polite discourse about all of the above.
Sounds like they either used a boilerplate EULA or hired a lawyer who is unaware of the requirements imposed by the GPL. If it’s the latter then I hope they can get their money back.
EDIT: yeah, this looks like an unmodified GPL to me: https://github.com/layground/pockaw/blob/master/LICENSE.md
I use one of those daily and god they’re all terrible. They’re huge and they all break really easily. My phone is fucking huge, just give me a built in headphone jack!
I dunno, I’d slow your roll on that. Hanlon’s razor came to notoriety in the field of computer science for a reason. I’ve done software dev professionally for over ten years now and you wouldn’t believe the stupid shit I’ve seen people write. The only thing that sucks more than a computer is the human writing software for it.
For those unfamiliar, here’s Hanlon’s razor:
Never attribute to malice that which is adequately explained by stupidity.
EDIT: After a quick look at the CVEs, this definitely sounds like a big ol’ fuckup. It sounds like there might be some unsafe defaults in polkit as well?
EDIT: Here’s the report from the actual researchers which is MUCH more cogent than OP’s article: https://www.openwall.com/lists/oss-security/2025/06/17/4
It’s chaining two separate oopsies together. This overview on GitHub also provides more details about the libblockdev side of things: https://github.com/advisories/GHSA-mpgj-hch9-5rvx
Specifically, this section:
However, a local attacker can create a specially crafted XFS image containing a SUID-root shell, then trick udisks into resizing it. This mounts their malicious filesystem with root privileges, allowing them to execute their SUID-root shell and gain complete control of the system.
That really doesn’t sound like something intentional to me. That sounds like a HUGE oopsy-woopsy fucky-wucky, to get technical about it.
Absolutely fucking yes w.r.t. the characters being stupid in the show. In the books, the people from Preservation are incredibly competent.
As an example, book Mensah would NOT have had a fucking panic attack dragging a sensor up a mountain alone because she would not have been foolish enough to put herself in that situation. Book Mensah does not take needless risks. She only does inadvisable things when her moral code requires her to do so.
Mensah and the other preservation folks are acting too much like the corporates. The books show you that living under a corporate boot makes you stunted and limited because that’s a natural consequence of the profit-focused environment they create. Preservation cares about people, so the people from there are well rounded and don’t do stupid things quite as often.
It’s really hurting my enjoyment of the show. Why can’t we have competence porn like we used to with shows like TNG and DS9?
For people like me who didn’t know what this was:
Stremio offers a secure, modern and seamless entertainment experience. With its easy-to-use interface and diverse content library, including 4K HDR support, users can enjoy their favorite movies and TV shows across all their devices. And with its commitment to security, Stremio is the ultimate choice for a worry-free, high-quality streaming experience.
edit: honestly, that’s a shitty description. This one seems a bit better:
Stremio is a modern media center that gives you the freedom to watch everything you want.
There’s also ZZ 👉😎👉 Same caveats apply, smash that fukken esc key (for bonus points rebind caps lock as esc) then ZZ Top your way out of that shit.
I feel like bpf would be a decent solution for anticheat. I believe you can limit what an ebpf program can look at quite effectively.
Yep. Thankfully, the project is AGPL v3 licensed.
In particular, the companies purchase financial information from a data broker before offering a nurse a shift; if the nurse is carrying a lot of credit-card debt, especially if some of that is delinquent, the amount offered is reduced. “Because, the more desperate you are, the less you’ll accept to come into work and do that grunt work of caring for the sick, the elderly, and the dying.” That is horrific on many levels, he said, but “it is emblematic of ‘enshittification’”, which is one of the reasons he highlighted it.
What the ACTUAL FUCK‽ This is the type of shit Neal Stephenson would put in a fucking cyberpunk dystopia novel. I am filled with so much fucking rage. My sister is a nurse and goes through so much fucking bullshit at her job already. Nurses really do not need more shit thrown at them.
I knew I had heard of this game, but I couldn’t remember its premise. For anyone else like me:
THE LONG DARK is a thoughtful, exploration-survival experience that challenges solo players to think for themselves as they explore an expansive frozen wilderness in the aftermath of a geomagnetic disaster. There are no zombies – only you, the cold, and all the threats Mother Nature can muster.
These are good points. I was in a shitty mood when I made my comment and upon reflection, it’s an overstatement and not a very good take. I do still strongly support copyleft licenses and DCOs over CLAs, but I shouldn’t turn my nose up when something is released without those.
I used to be excited when companies open-sourced stuff, and that is no longer the case. I suppose I’m just frustrated and bitter and cynical when it comes to large companies doing good things.
Hence my initial whinging about how this was released with a permissive license and a copyright transfer. The longer I’m involved in this industry, the less I like permissive software licensing. There’s obviously a place for it, but my tolerance for permissive licensing is directly tied to my trust for the person or organization backing the software. I don’t trust Microsoft, and I don’t think I will ever personally contribute to their software unless my contribution is made under a copyleft license and with a DCO, not a copyright-transferring CLA.
You’re correct, but I don’t believe that a company shouldn’t be allowed to take my code and change its license in the future. If they want to take something proprietary, they can go ahead and remove my contribution from it first.
You absolutely do not need a CLA with a copyright transfer. There are plenty of large projects that use a Developer Certificate of Origin that protects the company while not allowing them to change the license of your contribution.
I’ll grant that my original post was pissy and angry and not a great take, however. You make good points here.
From the repo’s CONTRIBUTING.md:
Most contributions require you to agree to a Contributor License Agreement (CLA)
Meh, a permissive license + a copyright transfer means this shit is just a potential rugpull. MSFT can change the license of the project to source-available or even proprietary at any time and you’ll be powerless to stop it.
For anyone else who doesn’t know what this is:
This is my build of Proton with the most recent bleeding-edge Proton Experimental WINE.
Things it contains that Valve’s Proton does not:
copied from the other place this was posted.
CNC—computer numerical control, where a computer makes the cutty/smushy/printy parts move through meatspace.
CNC—computer numerical control, where a computer makes the cutty/smushy/printy parts move through meatspace.
This beautiful series of images and the corresponding text from old reddit. Folks, I present kinder surprise sorry. Old reddit was a fun place sometimes.
Your link is borked. Here’s a fixed version: https://www.c-span.org/program/senate-committee/meta-whistleblower-testifies-on-facebook-practices/658354