Tux is my copilot, and never tries to be a back-seat driver.

I think this could use some elaboration on what you mean by half dead.

I don’t remember the statement in the bug report verbatim, but it indicated that they intend to fix it, which is about what I had previously seen on other issues that they did subsequently fix. I expect it’s mainly a matter of prioritizing a long to-do list.

I can’t think of a reason why it wouldn’t be possible. The protocol is continually evolving, after all, and they already moved message content to an encrypted channel that didn’t originally exist. Moving other events into it seems like a perfectly sensible next step in that direction.

Indoctrinated fanatics scare me.

There are a few that do a good job of protecting our messages with end-to-end encryption, but no single one fits all use cases beyond that, so we have to prioritize our needs.

Signal is pretty okayish at meta-data protection (at the application level), but has a single point of failure/monitoring, requires linking a phone number to your account, can’t be self-hosted in any useful way, and is (practically speaking) bound to services run by privacy invaders like Google.

Matrix is decentralized, self-hostable, anonymous, and has good multi-device support, but hasn’t yet moved certain meta-data into the encrypted channel.

SimpleX makes it relatively easy to avoid revealing a single user ID to multiple contacts (queue IDs are user IDs despite the misleading marketing) and plans to implement multi-hop routing to protect meta-data better than Signal can (is this implemented yet?), but lacks multi-device support, lacks group calls, drops messages if they’re not retrieved within 3 weeks, and has an unclear future because it depends on venture capital to operate and to continue development.

I use Matrix because it has the features that I and my contacts expect, and can route around system failures, attacks, and government interference. This means it will still operate even if political and financial landscapes change, so I can count on at least some of my social network remaining intact for a long time to come, rather than having to ask everyone to adopt a new messenger again at some point. For my use case, these things are more important than hiding which accounts are talking to each other, so it’s a tradeoff that makes sense for me. (Also, Matrix has acknowledged the meta-data problem and indicated that they want to fix it eventually.)

Some people have different use cases, though. Notably, whistleblowers and journalists whose safety depends on hiding who they’re talking to should prioritize meta-data protection over things like multi-device support and long-term network resilience, and should avoid linking identifying info like a phone number to their account.

So you are basically saying that root CAs are unreliable or compromised?

Not exactly. They are pointing out that HTTPS assumes all is well if it sees a certificate from any “trusted” certificate authority. Browsers typically trust dozens of CAs (nearly 80 for Firefox) from jurisdictions all over the world. Anyone with sufficient access to any of them can forge a certificate. That access might come from a hack, a rogue employee, government pressure, a bug, improperly handled backups, or various other means. It can happen, has happened, and will happen again.

HTTPS is kind of mostly good enough for general use, since exploits are not so common as to make it useless, but if a government sees it as an obstacle, all bets are off. It is not comparable to a trustworthy VPN hosted outside of the government’s reach.

Also, HTTPS doesn’t cover all traffic like a properly configured VPN does. Even where it is used and not compromised, it’s not difficult for a well positioned snooper (like an internet provider that has to answer to government) to follow your traffic on the net and deduce what you’re doing.

Source code mirrors, since the code is legal: (This is not a case of copyright infringement.)

https://git.naxdy.org/Mirror/Ryujinx

https://git.l7y.media/mirrors/Ryujinx

The commit hashes on both of these mirrors match the official ones at least until March 2024 (v1.1.1217). I can’t vouch for the more recent commits that extend through today (v1.1.1403), but the two mirrors do at least match each other. Another user has confirmed that these hashes match his clone of the official repo through 2024-09-24.

Warning: A zip file in the ryujinx_202410 subdir of https://archive.org/download/ claims to have the full git history, but the hashes do not match the original source repo. It’s possible that the mismatch is an artifact of some accident, rather than malice, but I would avoid it just in case.

Reminds me of a recent Disney case:

https://www.bbc.com/news/articles/c8jl0ekjr0go

It bothers me that we as a society continue to surrender our agency, our rights, and even our well-being to whatever restrictions a corporation makes up to benefit itself, just because they’re in a (practically unavoidable) terms & conditions document.

It’s getting so bad that people sometimes mistake corporate policies for law, crying “that’s illegal” if someone steps outside the bounds of a software license.

Adding insult to injury, enforcement of these things is paid for by us, through taxes.

Thanks. This looks like about the best we’re going to get, given what PBS says about the debate moderation and hosting:

It’s being moderated by “CBS Evening News” anchor Norah O’Donnell and Margaret Brennan of CBS’ “Face the Nation.” CBS News is airing the debate on its broadcast network live and will livestream it on all platforms where CBS News 24/7 and Paramount+ are available. It’s also being made available for simulcast, and networks like PBS will air it.

Edit:

It looks like this PBS news stream will also have the debate, and at nominally higher resolution than the CBS stream:

https://www.youtube.com/watch?v=Z5g_ObRA4Y4

I’m watching this one, since I generally prefer the in-between segments on PBS to those on CBS.

I think it happened more than a few years ago. US citizens might want to see about overturning Citizens United.

I continue to be impressed by how far we’ve come in algorithmically imitating forces of nature. If you like this stuff, have a look at the EmberGen demo clips

If you care about keeping your domain enough that you don’t want there to be an excuse for someone to take it from you, then you use your real info, and choose a registrar that only exposes a proxy contact in your WHOIS entry.

If you don’t care about losing your domain, then you can use fake contact info.

I suppose I would avoid connecting to untrusted networks, or avoid opening print dialogs while on them, or uninstall CUPS until a fix is available.

That refers to the fact that printer advertisements can contain lies: When you see a familiar printer name appear on a network, it could always be an impostor secretly pointing to the address of a malicious device.

So my first advice stands: Avoid interaction with untrusted or potentially compromised print servers.

To be clear, when I say “interaction”, I don’t just mean printing to them. I mean any interaction at all. Even just browsing a network for printers could potentially mean your system contacts the devices at the advertised addresses, and receives data from them. This Qualys report doesn’t make clear whether this kind of interaction is safe, so I have to assume for now that it is not.

Exploitation involves sending a malicious UDP packet to port 631 on the target, directing it to an attacker-controlled IPP server.

Okay, so at least until this is patched, it would be a good idea to shut down any CUPS-related process that’s listening on port 631, and avoid interaction with untrusted or potentially compromised print servers.

Either of these commands will list such processes:

$ sudo lsof -i :631

$ sudo fuser -v 631/tcp 631/udp

I don’t want to diminish the urgency of this vulnerability, but it is worth noting that “affecting all GNU/Linux systems” does not mean that every affected system is actually running the vulnerable code. Some installations don’t run print services and don’t ever communicate with printers.

Also, I suspect that the author’s use of “GNU” in that warning is misleading, potentially giving a false sense of security. (Sadly, a certain unfortunate meme has led many people to think that all Linux systems are GNU systems, and the author appears to be among them.) I don’t see any reason to think musl builds of CUPS are immune, for example, so I don’t assume my Alpine systems are safe just because they are not GNU/Linux.

Good question. Please see my follow-up comment.

Not putting your WiFi password in would absolutely be reliable.

No, it would not.

I’d love to hear your ideas on how they’d remotely break into your WiFi Network

They wouldn’t, of course, nor did I say they would.

(But since you brought it up, we have already seen internet providers quietly using their CPE to create special-purpose wireless networks surrounding customers’ homes. These could obviously be made available to any company that paid the ISP for access, just as cellular networks have been made available to companies like OnStar. So a TV could do this with a business deal rather than breaking in to your normal WiFi.)

However, your network is not the only network in the world, and WiFi is not the only kind of link. Neighbors exist. Open guest networks exist. Drive-by and fly-by networks exist. Mesh networks exist (and are already created by devices like Amazon Echo). Power line networking exists. Bluetooth, LoRa, cellular, etc. etc. etc. Maybe you live on an isolated mountain top where these things are unlikely to reach you (at least until satellite links become a little smaller and cheaper) but even that is not absolute, and most of us don’t.

Unless you disassemble your TV and examine all the components within, and know what they do, it could have any number of these capabilities.

Also, partly due to how prevalent multi-network support is becoming in electronics integration, it is not unusual for related functionality to be dormant at first yet possible to activate later.

I’d love for you not to be adversarial, and to learn more about a topic before making bold claims about it in absolute terms.

Friendly reminder that gaming console monitors, computer monitors, projectors, dumb TVs, and commercial displays exist.

Yes, I could hack a smart TV to disable its networking capabilities. (Merely withholding my wifi password is not reliable.) But that would still be showing the manufacturers that I find spyware TVs acceptable, and supporting the production of those models.

Also, this would be a good time to pressure our legislators into criminalizing this nonsense.

It’s disappointing to see that a couple dozen people decided to hit your post with drive-by downvotes, rather than using their words to express themselves in a way that actually contributes to this community.

Your question is a legitimate one, and relevant at a time when Windows is increasingly bloated and invasive, spyware is out of control, and Linux is increasingly a viable alternative even in certain tough areas like games. I just wish you had elaborated on why you singled out Ubuntu when several other widely-supported Linux distributions exist.

If those were my only two options, I would pick Ubuntu over Windows, no contest. I would replace its default desktop with KDE Plasma (or just choose the Kubuntu variant in the first place), rip out as much of Snap as I could, update the kernel, and plan to migrate to a distro that I like better whenever I was able.

For what it’s worth, Debian Stable with a few hand-picked backports and flatpacks suits me well, mainly for gaming and software development. (I’m a bit of an outlier among Linux users who post on social media, though: Having my system be low-maintenance is more important to me than always having the latest features in every app, and I’ve been known to make my own debian packages and flatpaks when something I want isn’t ready-made.)

Linux Mint, Pop_OS, and Arch Linux are also popular. There are quite a few more.

All desktop environments are fancy compared to a simple window manager.