tal

Someone almost managed to inject a vulnerability into the source code for sshd.

You're probably thinking of the Jia Tan attack on xz; because of a distro patch in Debian, code in xz had the ability to affect sshd. The changes weren't actually to the sshd source, but trying to use an obscure route to affect sshd.

Notably, this and dotfiles are popular among devs using Mac, since MacOS has nearly all settings available either via config files or the defaults system from the command line. In comparison, Windows is total ass about configuring via the command line, and even Cinnamon gives me some headache by either not reloading or straight up overwriting my settings.

The application-level format isn't really designed for end user consumption, but WINE uses a text representation of the Windows registry. I imagine that one could probably put that in a git registry and that there's some way to apply that to a Windows registry. Or maybe a collectiom of .reg files, which are also text.

I'd say that now is one of the strongest arguments for upgradability. Memory is really expensive right now. At some point in something like 1-3 years, it will probably be considerably cheaper. If anything, CPUs and motherboards are expected to be cheaper during this period due to reduced demand for new PCs. If you can tolerate less memory now and want to save money, upgrading then would be a good idea.

Well...I'm agreeing that it happened and was a factor, but also pointing out that the "don't let black people have guns" practice predated the Black Panthers stuff by a considerable amount of time.

EDIT: Basically, a major concern in the US in the runup to the American Civil War was the prospect of a slave uprising. There were a lot of black people in the US who had been kept as slaves and were not super happy about the fact.

At about the same time, in Haiti, there had been such an uprising.

https://en.wikipedia.org/wiki/Haitian_Revolution

Shortly after the revolution:

https://en.wikipedia.org/wiki/1804_Haitian_massacre

The 1804 Haiti massacre was carried out by Haitian rebel soldiers, mostly former slaves, under orders from Jean-Jacques Dessalines[1][2][3][4] against much of the remaining European population in Haiti, which mainly included French Colonists.[5][6] The Haitian Revolution defeated the French army in November 1803 and the Haitian Declaration of Independence happened on 1 January 1804.[7]

Throughout the early-to-mid nineteenth century, the events of the massacre were well known in the United States. Additionally, many Saint Domingue refugees moved from Saint-Domingue to the U.S., settling in New Orleans, Charleston, New York, Baltimore, and other coastal cities. These events spurred fears of potential uprisings in the Southern U.S. and they also polarized public opinion on the question of the abolition of slavery.[9][10]

At the time of the American Civil War, a major pretext for Southern whites, most of whom did not own slaves, to support slave owners (and ultimately fight for the Confederacy) was fear of a slave uprising similar to the Haitian Revolution.[34] The perceived failure of abolition in Haiti and Jamaica were explicitly referred to in Confederate discourse as a reason for secession.[35] The slave revolt was a prominent theme in the discourse of Southern political leaders and had influenced U.S. public opinion since the events took place. Historian Kevin Julius writes:

As abolitionists loudly proclaimed that "All men are created equal", echoes of armed slave insurrections and racial genocide sounded in Southern ears. Much of their resentment towards the abolitionists can be seen as a reaction to the events in Haiti.[9]

In the run-up to the U.S. presidential election of 1860, Roger B. Taney, Chief Justice of the Supreme Court, wrote "I remember the horrors of St. Domingo" and said that the election "will determine whether anything like this is to be visited upon our own southern countrymen."[10]

Abolitionists recognized the strength of this argument on public opinion in both the North and South. In correspondence to the New York Times in September 1861 (during the war), an abolitionist named J. B. Lyon addressed this as a prominent argument of his opponents:

We don't know any better than to imagine that emancipation would result in the utter extinction of civilization in the South, because the slave-holders, and those in their interest, have persistently told us ... and they always instance the 'horrors of St. Domingo.'[36]

Lyon argued, however, that the abolition of slavery in the various Caribbean colonies of the European empires before the 1860s showed that an end to slavery could be achieved peacefully.[37]

John Brown attempted to induce such a slave revolt:

https://en.wikipedia.org/wiki/John_Brown%27s_raid_on_Harpers_Ferry

From October 16th to 18th, 1859, American abolitionist John Brown attempted to initiate a slave revolt in Southern states by raiding an armory[nb 1] in Harpers Ferry, Virginia (now West Virginia). The raid is frequently cited as one of the primary causes of the American Civil War.[3]

And you had Nat Turner's Rebellion:

https://en.wikipedia.org/wiki/Nat_Turner%27s_Rebellion

Nat Turner's Rebellion, historically known as the Southampton Insurrection, was a slave rebellion that took place in Southampton County, Virginia, in August 1831. Led by Nat Turner, the rebels, made up of enslaved African Americans, killed between 55 and 65 White people, making it the deadliest slave revolt for the latter racial group in U.S. history.

So you have the situation after the American Civil War where you have a lot of now-free black people who the US Constitution guarantees the right to arms...and a lot of white people really worried about what happens if they get ahold of said arms. They went out and tried to figure out whatever loopholes they could to make sure that blacks didn't have access to firearms.

The Black Panthers incident that you're referring to:

https://en.wikipedia.org/wiki/Mulford_Act

The Mulford Act is a 1967 California statute which prohibits public carrying of loaded firearms without a permit.[2] Named after Republican assemblyman Don Mulford and signed into law by governor of California Ronald Reagan, the law was initially crafted with the goal of disarming members of the Black Panther Party, which was conducting armed patrols of Oakland neighborhoods in what would later be termed copwatching.[3][4] They garnered national attention after Black Panthers members, bearing arms, marched upon the California State Capitol to protest the bill.[5][6]

But also, going back prior to that:

https://en.wikipedia.org/wiki/Saturday_night_special

The earliest law prohibiting inexpensive handguns was enacted in Tennessee, in the form of the "Army and Navy Law", passed in 1879, shortly after the 14th amendment and Civil Rights Act of 1875; previous laws invalidated by the constitutional amendment had stated that black freedmen could not own or carry any manner of firearm. The Army and Navy Law prohibited the sale of "belt or pocket pistols, or revolvers, or any other kind of pistols, except army or navy pistols", which were prohibitively expensive for black freedmen and poor whites to purchase.[21] These were large pistols in .36 caliber ("navy") or .44 caliber ("army"), and were the military issue cap and ball black-powder revolvers used during the Civil War by both Union and Confederate ground troops. The effect of the law was to restrict handgun possession to the upper economic classes.[22]

The next major attempt to regulate inexpensive firearms was the Gun Control Act of 1968, which used the "sporting purposes" test and a points system to exclude many small, inexpensive handguns which had been imported from European makers such as Röhm, located in Germany.

Oh, yeah, it's not that ollama itself is opening holes (other than adding something listening on a local port), or telling people to do that. I'm saying that the ollama team is explicitly promoting bad practices. I'm just saying that I'd guess that there are a number of people who are doing things like fully-exposing or port-forwarding to ollama or whatever because they want to be using the parallel compute hardware on their computer remotely. The easiest way to do that is to just expose ollama without setting up some kind of authentication mechanism, so...it's gonna happen.

I remember someone on here who had their phone and desktop set up so that they couldn't reach each other by default. They were fine with that, but they really wanted their phone to be able to access the LLM on their computer, and I was helping walk them through it. It was hard and confusing for them

they didn't really have a background in the stuff, but badly wanted the functionality. In their case, they just wanted local access, while the phone was on their home WiFi network. But...I can say pretty confidently that there are people who want access all the time, to access the thing remotely.

Might be helpful to have a reproducible test case for it.

The incident began from June 2025. Multiple independaent security researchers have assessed that the threat acotor is likely a Chinese state-sponsored group, which would explain the highly selective targeting obseved during the campaign.

I do kind of wonder about the emacs package management infrastructure system. Like, if attacking things that text editors use online is an actively-used vector.

he is closing the Kennedy Center for two years for a thorough renovation

For many years, the performing arts facility had suffered from an alarming lack of gilded bas-reliefs of Trump.

I mean, the article is talking about providing public inbound access, rather than having the software go outbound.

I suspect that in some cases, people just aren't aware that they are providing access to the world, and it's unintentional. Or maybe they just don't know how to set up a VPN or SSH tunnel or some kind of authenticated reverse proxy or something like that, and want to provide public access for remote use from, say, a phone or laptop or something, which is a legit use case.

ollama targets being easy to set up. I do kinda think that there's an argument that maybe it should try to facilitate configuration for that setup, even though it expands the scope of what they're doing, since I figure that there are probably a lot of people without a lot of, say, networking familiarity who just want to play with local LLMs setting these up.

EDIT: I do kind of think that there's a good argument that the consumer router situation plus personal firewall situation is kind of not good today. Like, "I want to have a computer at my house that I want to access remotely via some secure, authenticated mechanism without dicking it up via misconfiguration" is something that people understandably want to do and should be more straightforward.

I mean, we did it with Bluetooth, did a consumer-friendly way to establish secure communication over insecure airwaves. We don't really have that for accessing hardware remotely via the Internet.

If we want to avoid being normie, there are a lot of DOSes out there other than MS-DOS.

https://en.wikipedia.org/wiki/DOS

DOS (/dɒs/, /dɔːs/) is a family of disk-based operating systems for IBM PC compatible computers.[1] It primarily consists of IBM PC DOS and a rebranded version, Microsoft's MS-DOS, both of which were introduced in 1981. Later, compatible systems from other manufacturers are DR-DOS (1988), ROM-DOS (1989), PTS-DOS (1993), and FreeDOS (1994). MS-DOS dominated the IBM PC compatible market between 1981 and 1995.

And I'm sure that there are also incompatible-with-MS-DOS DOSes. The Apple II OS was ProDOS.

searches

https://en.wikipedia.org/wiki/List_of_disk_operating_systems_called_DOS

A ton I've never heard of on there.