> Valve is generously providing backing for two
critical projects that will have a huge impact on our distribution: a
build service infrastructure and a secure signing enclave.
It sounds like Valve is investing in the security of Arch Linux's build infrastructure to prevent supply chain attacks.
Could be nice if Google helped them out with servers and bandwidth, to make it work smoothly. The Internet Archive is great but often also very reminiscent of the web on 56K dial-up.
FALSE: A media organization known as Tenet Media reached out to political commentators as a publisher for their shows. This organization was found to have received funding from Russian sources. The commentators were unaware of this and are considered victims of the scheme, as per the indictment.
No no, the commentators claim to have been unaware. And even if they were unaware, they were actually paid by Russia to advance Russian interest and they did just that, so GP is still accurate.
It is very difficult to believe their ignorance if you watch things like the currently circulating video of Tim Pool pounding a table and screaming how Ukraine is the enemy of the United States[1]. I found it a comically forced and poor attempt at propaganda, like something from a SNL sketch or a Borat movie.
What's going to be more interesting is what hardware is added for this, and what it can be made to do other than this service that's obviously part of Google Play Services. Can it be made useful in some way on AOSP?
Great blog post. The company response was really great, but there was no mention of a bug bounty. This would be a perfect example if he got paid for his findings.
The bugs I find are usually just ones I stumble across, I don't go looking for them.
Bug bounty programs generally aren't worth the trouble for me anyway - I have to file taxes in both the US and the UK so the paperwork gets really annoying.
Adding to Ryan's concerns, submitting to a bug bounty program often means accepting terms and conditions that constrain your ability to publicly disclose the issue if the vendor decides to be a dick about it. Depending on how you think your career potentially benefits from freedom to discuss an issue, the long-term financial benefit is potentially greater from not going down the bug bounty path.
Maybe click the link and watch the video? The Director of Public Prosecutions actually said that. "If you retweet that, you're republishing that, and then potentially you're committing that offense".
"toxic information" translated to plain English: "information we don't like and want to see globally suppressed because it doesn't suit our devious interests"
1/3th hacked ISP, 1/3th applications downloading updates without signature validation, and 1/3th users downloading shady apps. I'd call this one a shared responsibility of foolishness.
It sounds like Valve is investing in the security of Arch Linux's build infrastructure to prevent supply chain attacks.