Notices by Velocirooster adminensis :bc: (theropologist@beige.party), page 3

I was reading up on the xz backdoor and found a pretty good rundown on it here:

https://thenewstack.io/linux-xz-backdoor-damage-could-be-greater-than-feared/

A couple of thoughts on this. First, the scary thing about this on the surface was that the malicious code was intentionally introduced by a trusted contributer who had worked on the project for over two years. This was a supply chain attack, but also a bit of social engineering of the OSS community. Prior to this new contributer showing up out of the blue, xz had been languishing somewhat under a single maintainer who appeared to be less and less able to keep up with it. In short, he was looking for someone to pass it on to and Jia Tan seemed like the perfect candidate—apparently by design. So when we say he was a trusted contributer, we really only mean that he gained the trust of the original maintainer. You con the right person and show you are helpful and competent for a few years and you are handed the keys to the kingdom. And since the kingdom is a boring compression utility that most people don't think about, there's not as much scrutiny on it as you might think, or more accurately, hope.

But wait, you might say, isn't the whole point of open source that you have many eyes on the actual source code so that malicious code and vulnerabilities are discovered essentially through crowd sourcing? Yes! That is indeed a huge advantage of OSS. And if the actual code that was in the repo for everyone to see was actually being used by the package managers of major Linux distros, this would have never been a problem. Which brings me to point number two, which is far scarier to me. Apparently most distros prefer using manually built upstream tarballs over pulling git sources directly. Including boring old stable Debian, where the malicious code was first detected. To be clear this was in Debian sid, and the malicious code never made it to a stable release, but then again it was only found out because a software engineer at Microsoft decided to investigate why an ssh login was taking 500ms too long. Which is way too close for comfort in my book.

So why is this so shocking? Well, the malicious code never made it into the git repo where all of those crowdsourced eyeballs would have had a chance to catch it. Instead it was embedded in a build script in the upstream tarball that nobody was looking at. Instead of trusting the collective wisdom of the open source community, distros installing via this tarball were trusting only the person who signed the tarball. In this case Jia Tan, and that trust was extended only because the original maintainer trusted him and allowed him to create and sign the tarballs. So basically, because one person was conned, the entire infrastructure of the Internet was put at risk. To me, that's what we should really be worrying about.

Time and again, technology has promised to eliminate the need for personal trust. Mechanisms are created so that everything is in the open and can be verified, but those mechanisms only work as long as people understand them, and are paying attention, and the problem is that's a lot of work, so we fall back on ad-hoc systems of personal trust, which are a lot easier for our primate minds to understand. They feel more real than something as abstract as the collective wisdom of the open source community.

Or, to take another recent example, people want to get into crypto but they don't want to have to learn about blockchains and public and private keys so they trust conmen like SBF to do it for them because they saw a slick commercial with Larry David in it. Once again we use personal trust as a shortcut to gain access to the shiny new object that is only shiny and new because it's supposed to eliminate the need for that trust in the first place.

This is not to say that person-to-person trust is not valuable. As the admin of a small Mastodon instance I rely on building and maintaining that trust with my users. However, meditating that trust through technology doesn't make it easier or more secure, it just makes it harder in a different way. By the way I'm including systems of government and finance in the broad definition of "technology" here. If we develop systems to replace personal trust we need to understand that they are not a solution in and of themselves. The systems themselves must be maintained and understood, and we need to keep in mind that our brains are poorly suited to innately understanding the abstractions they produce. In short, technology doesn't obviate our need to think critically—it in fact makes it all the more critical for us to do so.

Remember in Blues Brothers when they end up at the Nazi rally and the point isn't even that Jake really hates Nazis, it's that Nazis are about the biggest losers that anyone could imagine. They are portrayed as completely pathetic dead-ender assholes.

Or in the Rocketeer when the mobsters find our the Sinclair guy is a Nazi and join forces with the FBI to stop them because Nazis are clearly the worst thing.

Or when Christopher Plummer rips the Nazi flag in two in Sound of Music.

None of these films were making bold political statements. The Nazis were the bad guys because that was something that everyone in the audience could agree one. Dunking on Nazis was a guaranteed crowd pleaser.

When the hell did we stop agreeing on something so simple and self-evident as Nazis Are Fucking Losers?

Some people may claim the Like button does nothing but it's actually the equivalent of giving the author a small kiss on the lips

It does wear a body down, being constantly at the mercy of so many motherfuckers.

OK, caveat: this has nothing to do with Mastodon. This is about simply trying to exist in a capitalist system in the year 2024 without having your soul completely crushed.

The most effective propaganda perpetrated by the right over the past 40 years has been creating a world so mind-numbingly shitty that even progressives can't imagine a brighter future anymore

Such a relief to learn that all of my problems are in my head. The thing that I am trapped in and can never escape.

:bc: Attention Beige Party-goers! :bc:

There have been a lot of questions about Threads and Meta lately, so for the record I want to say that yes, Beige Party has defederated from threads.net. This was not based on any particularly strong opinion about it on my part, but as a result of asking my users what they would prefer. The majority of responses were to block threads.net. Most of the questions and comments I've gotten in the past week seem to reinforce that previous decision.

Please keep in mind, however, that blocking threads.net only prevents communication through ActivityPub channels. Everything we post on Mastodon aside from DMs is public and can be used by anyone for pretty much any purpose. So if Meta decides to scrape all of our public data, blocking threads.net is not going to stop them.

The advantage that Mastodon has over proprietary social media software is that we don't collect your personal data in the first place. That means that whatever information you choose to share about yourself is entirely under your control. Just please keep in mind that everyone on the internet, including unscrupulous billionaires will be able to see it.

Thank you, stay safe, and Beige-bless 🇧🇧

When you cut through the alley on your way home from school and old Spaghetti Jones offers you a free sample of buttered noodles, and next thing you know you're passed out in the gutter dreaming creamy Alfredo dreams while a mangy old dog licks parmesan cheese off your face.

@RamenCatholic I remember thinking oh cool and then tilting it slightly to the side and then hearing the CD immediately start grinding against the casing. Nope, I guess I can't do that.

Remember when Sony came out with the Discman and they were like hey remember all the things you love about the Walkman? Well now you can have all of that but with CDs! Yeah, all shiny like cyber rainbows from the future, and now you can take em with you! And we know what you're thinking, but relax, we've got you covered. This baby's got anti-skip technology, so you can go skateboarding, ride a bus, stand in a stiff wind—no problem! You just can't clip it to your belt. And it's too wide to fit in your pocket so don't even try. That would void the warranty anyway. And don't even think about trying to wedge it in your waistband. The way you kids are these days with your baggy jeans, there's no way that's gonna work. But don't even sweat it, you can just hold it! No of course it doesn't fit comfortably in your hand, it has to be larger than a CD, but don't worry about it! Everyone's gonna think you look really cool just holding onto it, wherever you go, preferably completely level and horizontal, taking one hand completely out of commission until you can find a place to safely set it down. Just hold onto it, kid. It's not that hard. People are gonna respect you for it. You might lose your balance occasionally, but just learn to roll toward your free hand. You can do it, champ. Just think of it like one of your stupid skateboard tricks. You're gonna look so cool.

@RickiTarr Memory is oral history. The act of remembering is a process of telling the story of the memory to ourselves. Just like any story told again and again, it changes and evolves with each retelling.

@fuzzface @RickiTarr @Alice

Working from home is great because I have the flexibility to take a break from work stress whenever I want so I can stress about all the things I need to do around the house

I remember watching Spaceballs as a kid and being struck by the extreme version of the "lived in" future that is Lone Star and Barf's space Winnebago. Like at some point the technology would be so good that you could have a shitty rundown spaceship that was barely limping along, but at least it wouldn't kill you. The basic tech being sound enough that, like a car, you could afford to be cavalier about the upkeep, knowing you can get by without perfect maintenance.

Anyways, I run a website now.

Do not try to solve the trolley problem—that's impossible. Instead, only try to realize the truth: There is no trolley. General Motors bought them all up and had them dumped in the ocean.

@RickiTarr There are so many layers to what a collosal piece of shit this guy is. He's like an everlasting gobstopper of toxicity.

@RickiTarr Also, considering some folks are already treating this like an open invitation for a debate on the humanity of trans people, I will say that this issue is not up for debate and if you're interested in getting blocked from Beige Party by all means post some TERF bullshit here (This is sarcasm please keep your TERF bullshit to yourself)

All of these hot takes about how Mastodon is too hard to use for mass adoption are missing the point entirely. We are not some tech startup trying to "disrupt" the social media ecosystem. We don't have VCs breathing down our necks pushing for continuous growth at all costs. We're just regular people out here building communities.

If people don't like Mastodon and decide to go back to Twitter, that's fine. They are not commodities to be exploited. If people like Mastodon and decide to stay, that's great! They are going to be more invested in the community because they are actually deriving real value from it.

If there's one thing the global capitalist system cannot fathom is that value can exist that is not fungible with monetary value. There are plenty of ways to create value for people that do not involve buying and selling. In fact the whole notion that value = monetary value is a relatively recent innovation in human history.

I'm not saying that capitalism doesn't have its benefits, but our minds have become so warped by its zero-sum game vision of the world that it's easy to believe that generating profits is the only thing that matters. We may have to play that game to justify our existence on this planet, but there's a whole world of value to be found outside of it. Just because we're forced to play the game doesn't mean the game is all there is.

John Mastodon was a mean tootin' man
He died with a cell phone in his hand
Bad ol' Elon wouldn't cut him no slack
#JohnMastodon ain't ever comin' back