RE: https://chaos.social/@blinry/116512007546010561

We updated our contribution policy last week, which now states the following:

"We do not accept any contributions that contain content generated by LLMs. This also includes all written communication on GitHub. We will close any pull request, issue, or discussion that does not comply to this policy."

@blinry wrote a thread on some of the reasons for this:

A lot of people are apparently happily running a script clearly marked as a root exploit from some random website using curl | bash  

Some do inspect the script, but then still run it using curl | bash anyway.  

Incidentally, this very relevant blogpost about detecting curl | bash and serving different scripts based on that is almost exactly a decade old:
https://web.archive.org/web/20230318063325/https://www.idontplaydarts.com/2016/04/detecting-curl-pipe-bash-server-side/

#CopyFail #InfoSec

There is a lot of buzz today about this Linux kernel vulnerability. I for one find the disclosure an irresponsible disgrace by a bunch of self-centred AI bros that want to get attention. Not waiting for major distros to push out fixed kernels, which takes time, because, you know, backports to LTS branches, is downright insane, and tells me you don’t value security at all, you just want to ride the free wave of publicity, claims of “wow, AI” and perhaps even the outrage.

Well done AI bros, you just proved my point you’re a bunch of selfish egotists that only care about breaking things and riding the hype to make money. In the meantime, you made the days of millions of responsible, hardworking sysadmins around the world thoroughly miserable.

Once again, my professional recommendation in response to the latest Linux kernel vulnerability in the news is that you should gather up all your electronic devices, cast them into the sea, and retreat to the woods.

Each night, gather your children and tell them tales of the Before Times when the hubris of humanity grew so large that we made idols of sand and spoke to them as equals. Remind them that the sand, of course, did not speak or think, but we imagined it could, and let it guide us to folly.

Should a stranger ever come to your village with a glowing rectangle, encourage the youth to beat them with sticks.

#infosec

GNU LilyPond 2.26.0 was released today as the first ”stable“ version since 2022.

LilyPond is a music engraving program devoted to producing the highest-quality sheet music possible. It brings the aesthetics of traditionally engraved music to computer printouts.

Changelog: https://lilypond.org/doc/v2.26/Documentation/changes/

Download: https://lilypond.org/download.html or https://gitlab.com/lilypond/lilypond/-/releases/v2.26.0

I suggest installing it from within Frescobaldi, the Lilypond IDE:
https://www.frescobaldi.org/

#LilyPond #typesetting #engraving

How Free #OpenSource software tools bailed out a disaster recovery team in #Turkey
https://www.fsf.org/bulletin/2023/spring/ground-zero-navigating-in-freedom

from #FreeSoftwareFoundation Bulletin
Spring 2023

At ground zero, #OpenStreetMap provided us with the mapping that we very much needed. When I was finally...deployed on the field, nobody was yet able to navigate properly. Along with much of our critical equipment, our dedicated GPS devices were sent somewhere else because the location of the earthquake's epicenter was misjudged, and almost all the personnel were trying to use their data connection to download the same maps over and over again in order to respond to every direction given by the command center. It was in this setting that I introduced a powerful free software tool called "OsmAnd~" (#OSM for Android), along with pre-downloaded maps that I had on my handheld device, which I was using to flawlessly navigate through the city.

When others saw this, it was received by the group as "magic."

#FLOSS #FreeSoftware

The recent post criticising Free Software advocates for advocating user-modifiable software and then being annoyed at LLMs annoys me and the reason is best illustrated by this analogy:

Public-transport advocates spend years advocating for a connected public-transport infrastructure, where it’s easy to take a small combination of busses, metros, trams, and trains to get from anywhere to anywhere. The network would be efficient and operated as a non-profit-making public good, making individual movement cheap (or, ideally, free). They work with municipalities to build out some of this infrastructure, persuade national governments to invest in the longer routes, and so on.

Someone comes along with a massive subsidy for a handful of private taxi companies to hire a bunch of drivers and give free (paid for by investors) ride to everyone. The drivers are immigrants who don’t speak the language very well, which is great for the taxi companies because they are easy to exploit (they are, in fact, underpaid and put in dangerous situations routinely). The owners of the taxis are pocketing a load of investor money for every ride though.

When you get in one of these taxis, there’s a 90% chance they’ll take you where you want, a 9% chance they’ll take you somewhere nearby, and a 1% chance they’ll just drop you off in a dangerous part of town. A bunch of people are mugged and a few more murdered as a result of this, but the companies aren’t liable. The investors behind this tell everyone ‘don’t bother learning to drive, there’s no point, our taxis will take you anywhere, for much less money!’. At the same time, ridership on existing public transport drops off, leading to calls to cut its funding and there are mass redundancies for bus drivers and so on. The taxis are all diesel and heavily polluting, leading to worse air quality everywhere they go. To make sure that they can pick people up easily, the ones not actively giving rides are constantly circulating, placing huge strain on road infrastructure and further increasing pollution.

And then someone says to those public-transport advocates: ‘this is what you wanted, why are you unhappy just because it’s not delivered in the way you imagined?’