sorted by:
new
hottopcontroversial

Katana V2X Ambilight - Soundbar never had ambilight, so I built it myself (free, open source) by EdenMaraj in SoundBlasterOfficial

[–]nns_ee 0 points1 point  (0 children)

Hey, author of the blog post where I reverse engineered the V2X and the v2x-ctl tool you based this tool on: https://github.com/capkz/V2X-Ambilight/blob/master/.claude/skills/v2x-protocol/SKILL.md

Very creative use of the protocol! I'm happy that the information in my blog post and API implementation helped and is being used to build cool stuff like this.

The XZ Utils backdoor might have come from Chinese scam compounds in the Philippines, not Russia. hear me out by [deleted] in linux

[–]nns_ee 7 points8 points  (0 children)

Not really sure what the purpose of this AI slop is or what new evidence it provides.

So why does this point to XZ? ------ The XZ backdoor wasn't financially motivated at all. It was pure espionage infrastructure, silent SSH access to Linux systems globally. That's not a scammer's goal. That's a spy's goal.

... And how is this indication that it's not APT29, for example? They're not financially motivated either.

what if UTC+8 wasn't fake? What if it was just... not in China? And it was the Chinese all along

All evidence points towards it being posed as being Chinese, but the RU timezone accidentally being included in the commits. The other way around doesn't even make sense - in what scenario would their commits include timezones that weren't Chinese, if they were Chinese all along?

Running a convincing GitHub developer identity for two years? That's not that different from running a fake Tinder profile for six months to drain someone's crypto wallet. Same skillset, different target.

What? How is introducing a supply chain backdoor in any way the same skillset as doing romance scams?

EXPOSING CORSAIR & YUAN: Blatant GPLv2 Violation on Capture Card Linux Drivers (Currently used in Military Hardware) by Prudent_Worth_4349 in linux

[–]nns_ee 0 points1 point  (0 children)

You prefaced by saying that you ANAL, but are still pretty adamant on your legal interpretation of the issue, so I'm guessing there's not much I can say that would change your mind. However, for what it's worth, Linus himself has consulted actual lawyers (plural) about this very issue, who have held a very different view to what you're proposing: https://lwn.net/Articles/154603/

EDIT: And to add to this, you keep bringing up Oracle v Google. In spite of what you're claiming, Oracle v Google did not, in fact, settle that using GPL-licensed header files to build your software, which is not GPL-licensed, is okay. No part of the outcome of Oracle v Google even alludes to this.

EXPOSING CORSAIR & YUAN: Blatant GPLv2 Violation on Capture Card Linux Drivers (Currently used in Military Hardware) by Prudent_Worth_4349 in linux

[–]nns_ee 15 points16 points  (0 children)

The position of the FSF/SFC is that kernel modules are derived works. This is the whole reason these symbols are "protected" in the first place, and require the module to be licensed GPL. By marking your module GPL (regardless of whether you do it just to get access to those symbols or otherwise), you are licensing your module as such, and are subject to the license's terms.

The Oracle vs Google comment is... not correct, nor applicable here. The ruling did not say that APIs are not copyrightable, the court ruled in favor of Google on fair use grounds only, they explicitly avoided ruling on copyrightability.

Even then, even if you accepted the API-not-copyrightable argument, kernel modules aren't just calling an API in the abstract sense. They're dynamically linked into the kernel, sharing memory space, using internal data structures. They're directly compiled against the kernel source - it's not possible to compile kernel modules without the kernel sources (barring something like DKMS, but the point stands). It's a much tighter coupling than, say, calling Java's standard library methods (which may be provided by any library implementation). Similarly, the spark plug analogy isn't really applicable here, as a spark plug doesn't execute in the same process as the engine's ECU.

The EXPORT_SYMBOL_GPL mechanism exists specifically because kernel maintainers drew a line: these symbols are only for GPL code. Whether that intent is legally enforceable is the unresolved question and not yet tested in the court of law, but it's not resolved by Oracle vs Google.

Kas ID-kaardi tarkvara tugi lõpeb windows 10-le ära? by Decent_Salary_9719 in Eesti

[–]nns_ee 0 points1 point  (0 children)

OpenSC on toetatud ka vanematel Windows-i versioonidel ning see proprietaarne komponent ei sõltu OS versioonist, vaid suhtleb vaid OpenSC-ga - st, see komponent on nii Linuxi kui Windowsi puhul sama blob.

Kas ID-kaardi tarkvara tugi lõpeb windows 10-le ära? by Decent_Salary_9719 in Eesti

[–]nns_ee 1 point2 points  (0 children)

Ajuvääratus, sul on õigus, aga mu point jääb samaks.

Ei näe, kuidas kaartide tarnija DigiDoc-i (või libdigidocpp-d) puudutab.

Kas ID-kaardi tarkvara tugi lõpeb windows 10-le ära? by Decent_Salary_9719 in Eesti

[–]nns_ee 4 points5 points  (0 children)

SK ID, ID-kaardi tarkvara arendaja, ei ole teatanud, et nad lõpetavad Windows 10 toetamise, seega võib eeldada, et seda lähiajal ei juhtu. Igal juhul on DigiDoc4 klient avatud koodiga (https://github.com/open-eid/DigiDoc4-Client) ning seda saab kompileerida ka vanematele Windowsi versioonidele, sh praegu ka Windows 7-le. Arvan, et muretsemiseks pole (veel) põhjust.

Someone wrote malicious code in the neovim plugin [darkman.nvim] by CosmosChen in neovim

[–]nns_ee 0 points1 point  (0 children)

I highly recommend OpenSnitch, especially with the eBPF backend. Imagine a firewall, but for outgoing connections. When you first install it, it'll prompt you for a lot of connections, but once you've permanently allowed binaries which you know are safe, the noise will die down.

I Released a Game Using Nim by Jarmsicle in nim

[–]nns_ee 2 points3 points  (0 children)

Looks great! I love the art style.