Telegram's server side software is closed source, owned and ran by them exclusively so they really have no room to talk. WhatsApp doesn't even have OSS clients so they're even worse in that regard

How does the xz incident impacts the average user ?

It doesn't.

Average person:

• not running Debian sid, Fedora nightly, ~~Arch~~, OpenSUSE Tumbleweed, or tbh any flavour of Linux. (Arch reportedly unafffected)
• ssh service not exposed publicly

The malicious code was discovered within ~~a day or two~~ a month of upload iirc and presumably very few people were affected by this. There's more to it but it's technical and not directly relevant to your question.

For the average person it has no practical impact. For those involved with or interested in software supply chain security, it's a big deal.

Edit:
Corrections:

• OpenSUSE Tumbleweed was affected; Arch received malicious package but due to how it is implemented did not result in compromised SSH service.
• Affected package was out in the wild for about a month, suggesting many more affected systems before malicious package was discovered and rolled back.

Top comment from HN discussion:

Makes it a complete no-go for me

iamdamian 9 days ago

I check out Warp every 6 months or so, because I’d love to see more innovation with the terminal, and the screenshots look great. But the story’s the same every time: I download the app, fire it up, and am greeted by a mandatory ‘sign up’ screen and privacy policy, at which point I close and immediately delete the app.

I will never be okay with a terminal that requires me to have a proprietary login to operate on my own local file system with local tooling.

I'm all for bots that are used as tools for the community, the invidious one seems pretty great too. A bit concerned about what the potential "bot army" on some of these instances will be used for going forward though.

Assuming they're generally on the same instance ::cough EH cough:: others can just defederate if they want. Those that are harassing and spreading hate speech on mixed servers can be blocked, banned from communities, or the instance in question if egregious enough.

Edit: Am I resurrecting a 3 year old post rn?

Good bot

Wait, is that even a thing here?

Keep calm folks, they're just not profitable right now. Unlike some of the smaller players with a viable business model, they just need to remain profit-driven until those profits arrive.

Rust > PHP

Same same

Lots already. Of course depends on what your interest are. For ex. my subs

• /c/[email protected]
• /c/[email protected]
• /c/[email protected]
• /c//c/[email protected]
• /c/[email protected]
• /c/[email protected]
• /c/[email protected]
• /c/[email protected]
• /c/[email protected]
• /c/[email protected]
• /c/[email protected]
• /c/[email protected]
• /c/[email protected]
• /c/[email protected]
• /c/[email protected]
• /c/[email protected]
• /c/[email protected]
• /c/[email protected]
• /c/[email protected]
• /c/[email protected]
• /c/[email protected]
• /c/[email protected]
• /c/[email protected]
• /c/[email protected]
• /c/[email protected]
• /c/[email protected]
• /c/[email protected]
• /c/[email protected]
• /c/[email protected]
• /c/[email protected]
• /c/[email protected]
• /c/[email protected]
• /c/[email protected]
• /c/[email protected]
• /c/[email protected]
• /c/[email protected]
• /c/[email protected]
• /c/[email protected]
• /c/[email protected]
• /c/[email protected]
• /c/[email protected]
• /c/[email protected]
• /c/[email protected]
• /c/[email protected]
• /c/[email protected]
• /c/[email protected]
• /c/[email protected]
• /c/[email protected]
• /c/[email protected]
• /c/[email protected]
• /c/[email protected]
• /c/[email protected]
• /c/[email protected]
• /c/[email protected]
• /c/[email protected]
• /c/[email protected]
• /c/[email protected]
• /c/[email protected]
• /c/[email protected]
• /c/[email protected]
• /c/[email protected]
• /c/[email protected]
• /c/[email protected]
• /c/[email protected]
• /c/[email protected]
• /c/[email protected]
• /c/[email protected]
• /c/[email protected]
• /c/[email protected]
• /c/[email protected]
• /c/[email protected]
• /c/[email protected]
• /c/[email protected]
• /c/[email protected]

Edit: Fixed links for desktop, no idea if it works the same for mobile apps

Write it like [/c/[email protected]](/c/[email protected]) and it will link correctly. If it's giving you a 404 error just wait a minute and try again, the server needs to download the sub first

I think that's where they're headed intentional or not, but probably intentional. I think they're trying to pivot their business model. If I had to guess what will happen going forward in broad strokes.

• Strike will break one way or another (mod removal most likely)
• Huge mod turnover
• Moderation quality takes a nosedive with spam, thinly-veiled ads, porn, and trolling ending up more and more prevalent in regular subs
• Confidence of power-users starts to evaporate once the post quality sucks and niche subs devolve to /pics and discussion turns into the Youtube comments section
• Comments become heavily restricted by Admins to pump their upcoming IPO
• NSFW content either gets eradicated or heavily restricted by admins to pump their upcoming IPO
• Slow diaspora of power-users to nowhere/federated platforms/new centralized platforms/niche forums/discord
• Vast majority that's left are Tiktok adjacent crowd scrolling though the site upvoting and downvoting (though that's being gamed even more than currently) with little meaningful discussion or community in subs anymore

so like 9gag.

Bonus-round predictions:

• Google has to re-rank search results because Reddit isn't a treasure trove of niche knowledge and mostly-real user experiences anymore
• AI firms scraping Reddit for LLM data will cease eventually and most likely start redirecting that to where the real discussion's are happening
• /spez will have cashed out soon after the IPO, carrying buckets of money off into the sunset
• New leadership and duty to make all the cash will finish strangling the holdout's of Old Reddit
• Invasive ads and lack of anything resembling good content will make the site a shell of its former self.

I'll be surprised if this process takes another 5 years, but by year 10 I definitely think the downfall will be complete.

My long and mostly complete list:

• Audiobookshelf (GH)
  • Using for audiobooks. Ebooks, comics, and podcast support in early stages.
• Authelia (GH)
  • Using for two-factor authentication in front of all of my services. Critical infrastructure.
• Bazarr (GH)
  • Using for automated subtitle management. Have not needed to rely on it much.
• Code-Server (GH)
  • Using for a plethora of things. I could write an entire post on this alone.
• Courier
  • Using (occasionally) for package-tracking from various carriers.
• EmulatorJS
  • Using for retro-emulation.
• Gitea (GH) x2
  • Using as a git repo server, package repository, and for CI/CD automation. Is critical infrastructure in my lab. Could also write an entire post on this one.
• Headscale with Headscale-UI. Tailscale clients on various VMs LXCs, etc.
  • Using to securely network with my remote servers.
• Homepage
  • Using as a "single-pane-of-glass" to get an overview of service health with links to the various services.
• Invidious
  • Using in-place of YouTube.
• IT-Tools (GH)
  • Using for the myriad of various useful tools it offers.
• Jellyfin (GH)
  • My media player of choice. Using for movies and television, but supports music, ebooks, and photos in addition.
• Kopia Server (GH)
  • Using for data backups to my Minio instance on local NAS and Wasabi. Simple, fast, and reliable.
• Librespeed (GH)
  • Using for the occasional speedtest to my remote servers.
• Matrix stack using Conduit back end and Element-Web front end
  • Federated Discord essentially. Using as a private instance for friends and family.
• Minio
  • Using primarily as a gateway to storing backups, also serves git-lfs for Gitea.
• N8N (GH)
  • Using for home-automation, backing up my Reddit saved posts to a database, deal-alerts, and part of a CI/CD pipeline.
• NTFY (GH)
  • Using for infrastructure notifications mostly. Very simple and versatile alerting solution.
• NZBGet
  • Using for getting "usenet articles".
• Paperless-NGX
  • Using for document archival. Important receipts, documentation, letters, etc. live here.
• Portainer (GH) with multiple agents on VM's LXCs and VPSs
  • High level management of my various docker containers.
• Prowlarr
  • Using to provide torznab API to websites that dont natively have it. Integrates with Radarr and Sonarr
• Radarr (GH)
  • Using for movie management.
• Radicale
  • Using for contacts and calendar server.
• Raneto (GH)
  • Using as a knowledge base. Lab documentation, lists, recipes, lots of things live here. Using with with code-server and Gitea.
• Readarr (GH)
  • Using for book management
• Recyclarr (GH)
  • Using for Radar and Sonarr to sync search terms for their automations. Very useful, hard to summarize.
• Requestrr
  • Using (very rarely) as a requests bot for Radarr and Sonarr.
• SFTP-Go
  • Using mostly in-place of Nextcloud. Used to back up phones mostly.
• Shaarli (GH)
  • Using as a read-it-later service. Went through lots of these, and Shaarli has been good enough.
• Singlefile-Archive
  • A hacky way of presenting pages saved with the singlefile browser extension. Not exactly happy with the solution, but for my ocasional use it does work.
• Sonarr (GH)
  • Using as TV series manager
• Speedtest-Tracker (GH)
  • Using to get periodic speedtests. Plan to automate results to blast my ISP if my service speed gets too low.
• Traefik (GH) on each seperate host
  • Using as a web proxy in front of my various services. Critical infrastructure.
• Transmission (GH)
  • Using to get "Linux ISOs"
• Uptime Kuma (GH)
  • Using to monitor site and services status along with a few others. Integrated with NTFY for alerts.
• Vaultwarden
  • Using as my password manager. Have been using for years, cannot recommend enough.
• A handful of static websites served with NGINX
  • The old standby, its been reliable as a webserver.

These services are the result of years of development and administrating my lab and while there is still some cruft, it's mostly services that I think have real utility.

As far as hardware:

• Running pfsense on a toughbook laptop as a router-firewall.

• A SuperMicro 24 bay disk-shelf with Proxmox and ZFS for NAS duties and a couple services.

• Lenovo Tiny boxes with a Proxmox cluster for the majority of my local services.

• Dell managed switch

• A few Raspberry-pi's with Raspbian for various things.

• Linksys AP for wifi

Edit: Spelling is hard.