Alt account of @Badabinski

Just a sweaty nerd interested in software, home automation, emotional issues, and polite discourse about all of the above.

  • 0 Posts
  • 108 Comments
Joined 1 year ago
cake
Cake day: June 9th, 2024

help-circle
  • I dunno, I’d slow your roll on that. Hanlon’s razor came to notoriety in the field of computer science for a reason. I’ve done software dev professionally for over ten years now and you wouldn’t believe the stupid shit I’ve seen people write. The only thing that sucks more than a computer is the human writing software for it.

    For those unfamiliar, here’s Hanlon’s razor:

    Never attribute to malice that which is adequately explained by stupidity.

    EDIT: After a quick look at the CVEs, this definitely sounds like a big ol’ fuckup. It sounds like there might be some unsafe defaults in polkit as well?

    EDIT: Here’s the report from the actual researchers which is MUCH more cogent than OP’s article: https://www.openwall.com/lists/oss-security/2025/06/17/4

    It’s chaining two separate oopsies together. This overview on GitHub also provides more details about the libblockdev side of things: https://github.com/advisories/GHSA-mpgj-hch9-5rvx

    Specifically, this section:

    However, a local attacker can create a specially crafted XFS image containing a SUID-root shell, then trick udisks into resizing it. This mounts their malicious filesystem with root privileges, allowing them to execute their SUID-root shell and gain complete control of the system.

    That really doesn’t sound like something intentional to me. That sounds like a HUGE oopsy-woopsy fucky-wucky, to get technical about it.


  • For people like me who didn’t know what this was:

    Stremio offers a secure, modern and seamless entertainment experience. With its easy-to-use interface and diverse content library, including 4K HDR support, users can enjoy their favorite movies and TV shows across all their devices. And with its commitment to security, Stremio is the ultimate choice for a worry-free, high-quality streaming experience.

    edit: honestly, that’s a shitty description. This one seems a bit better:

    Stremio is a modern media center that gives you the freedom to watch everything you want.






  • These are good points. I was in a shitty mood when I made my comment and upon reflection, it’s an overstatement and not a very good take. I do still strongly support copyleft licenses and DCOs over CLAs, but I shouldn’t turn my nose up when something is released without those.

    I used to be excited when companies open-sourced stuff, and that is no longer the case. I suppose I’m just frustrated and bitter and cynical when it comes to large companies doing good things.


  • Hence my initial whinging about how this was released with a permissive license and a copyright transfer. The longer I’m involved in this industry, the less I like permissive software licensing. There’s obviously a place for it, but my tolerance for permissive licensing is directly tied to my trust for the person or organization backing the software. I don’t trust Microsoft, and I don’t think I will ever personally contribute to their software unless my contribution is made under a copyleft license and with a DCO, not a copyright-transferring CLA.












  • In the short term? Grey rock your “friend.” This person is an enabling shit who does not have your best interests at heart. You are being physically abused. What you describe isn’t corporal punishment (which I personally consider to still be physical abuse), it is abuse. Starving someone to punish them is abuse. Anyone who takes part in, or enables said abuse is not someone you want in your life.

    Do you have anyone safe in your life that you could go to? Other friends that would not condone what you are experiencing? An estranged parent? Even a trustworthy teacher? I’d recommend trying to build up a support network of people who actually care for your well being before pushing this enabling piece of trash out of your life.