I happily use Fedora for workstation purposes but hate to admit I use it, so it’s an accurate critique. It’s a great operating system though, naming aside.

It literally was in the opening paragraph. Previous years keynotes are available in a playlist here, so I assume they’ll do the same for this year’s keynotes as well. The event only just ended yesterday.

Open Source Summit 2024 keynotes. I don’t think any of the recordings are available yet.

The malicious code is only thought to have affected deb/rpm packaging (i.e the backdoor only included itself with those packaging methods). Additionally, arch doesn’t link ssh against liblzma which means this specific vulnerability wasn’t applicable to arch. Arch may have still been vulnerable in other ways, but this specific vulnerability targeted deb/rpm distros

I hope you’re right and this isn’t about them getting ready to DRM brush handles to brush heads. Sonicare brush heads are ridiculously overpriced compared to the knock offs

You need to use chown if you want to own the libs

This is called the “Door in the face method” of bargaining. Start with a request so high and absurd that you “slam the door in their face” because it’s so absurd.

The next time they try, they’ll come back with an offer that sounds far more reasonable than the original request. Since you’re still primed with the previous context, your brain makes it sound less bad than it probably is ("At least it’s not the first offer!). You’re more likely to accept after this.

The opposite technique is called “foot in the door”, start with a small request (get your foot in the door) and then increase the ask after the small request goes over.

You need a budget, but it’s not free.

But with Intuit, you are the product, so it’s only free in the sense that they get your info and you get mint in return.

I don’t really use it for this, but here are some things I do use it for:

• metrics scraping on servers without needing to open ports or worry about ssl encryption. Works great for federating Prometheus instances or scraping exporters
• secure access to machines not directly exposed to the internet. I.e. ssh access to my home box while I’m traveling
• being an exit node for web traffic while traveling. I.e. maybe you are traveling and have a bank who is giving you grief about logging in – masquerade that connection from your home IP

I mostly just use it for metrics scraping though

Updated amd64-microcode for EPYC processors appears available for several distributions which has mitigations available. I went ahead and proactively grabbed the microcode update from Debian unstable (not the best practice) and applied it without issue to my Bullseye/EPYC.

This isn’t exactly condoned as it’s not officially a backport, but I’ll take my chances as this is pretty critical.

Date of the updated microcode should be July 19th.