• 7 Posts
  • 43 Comments
Joined 1 year ago
cake
Cake day: June 8th, 2023

help-circle

  • And the article content posted is just an excerpt. The rest of the article focuses on how AI can improve the efficiency of workers, not replace them.

    Ideally, you’ve got a learned individual using AI to process data more efficiently, but one that is smart enough to ignore or toss out the crap and knows to carefully review that output with a critical eye. I suspect the reality is that most of those individuals using AI will just pass it along uncritically.

    I’m less worried about employees scared of AI and more worried about employees and employers embracing AI without any skepticism.








  • As a guy responsible for a 1,000 employee O365 tenant, I’ve been watching this with concern.

    I don’t think I’m a target of state actors. I also don’t have any E5 licenses.

    I’m disturbed at the opaqueness of MS’ response. From what they have explained, it sounds like the bad actors could self-sign a valid token to access cloud resources. That’s obviously a huge concern. It also sounds like the bad actors only accessed Exchange Online resources. My understanding is they could have done more, if they had a valid token. I feel like the fact that they didn’t means something’s not yet public.

    I’m very disturbed by the fact that it sounds like I’d have no way to know this sort of breach was even occurring.

    Compared to decades ago, I have a generally positive view of MS and security. It bothers me that this breach was a month in before the US government notified MS of it. It also bothers me that MS hasn’t been terribly forthcoming about what happened. Likely, there’s no need to mention I’m bothered that I’m so deep into the O365 environment that I can’t pull out.


  • Does the GPL cover having to give redistribution rights to the exact same code used to replicate a certain build of a product?

    It does, and very explicitly and intentionally. What it doesn’t say is that you have to make that source code available publically, just that you have to make it available to those you give or sell the binary to.

    What Red Hat is doing is saying you have the full right to the code, and you have the right to redistribute the code. However, if you exercise that right, we’ll pull your license to our binaries and you lose access to code fixes.

    That’s probably legal under the GPL, though smarter people than me are arguing it isn’t. However, if those writing GPLv2 had thought of this type of attack at the time, I suspect it wouldn’t be legal under the GPL.



  • I believe you are correct. Any paying Red Hat customer consuming GPL code has the right to redistribute that code. What Red Hat seems to be suggesting is that if you exercise that right, they’ll cut you as a customer, and thus you no longer have access to bug fixes going forward.

    I suspect it’s legal under the GPL. I’m certain it violates the spirit of the GPL.


  • I am not a lawyer, but I have been a follower of FLOSS projects for a long time.

    Me too. I know what I’m suggesting is functionally impossible. I’m wondering if it could be done in compliance with the GPL.

    All of those contributors have done so using language that says GPLv2 or higher. Specifically says you can modify or redistribute under GPLv2 or later versions. So nothing stops the Linux Foundation from asking new contributors to contribute under the GPLv4 and then releasing the combined work of the new kernel under GPLv4.

    The old code would still be available under the GPLv2, but I suspect subsequent releases could be released under a later version and still comply with original contributions.

    Again, I know it won’t happen, just like I believe Red Hat’s behavior is within the rules of the GPL. I’d love to hear arguments as to how Red Hat is violating the GPL or reasons why the kernel couldn’t be released under GPLv3 or higher.



  • Upvotes and downvotes.

    Right now, I can browse by New on my subscribed communities and see every post since the last time I did that.

    I can view or re-view posts and read every response. If the responses are legion, I can play with hot/top and get the meat of the discussion.

    Did you notice that last sentence? On the few posts where there are too many responses to view all, I’ll try to get at those that are relevant.

    If the Lemmy community grows large enough, I’ll need to do the same for posts. I will no longer be able to regularly view by new and have time to see everything.

    So, I’ll need to rely on some sorting method to make certain I see relevant stuff.

    Someone with millions of bots that never post have millions of upvotes and downvotes to influence the score used by the sorting algorithm that I’ll use to decide what to read.






  • That’s a Red Hat employee that has nothing to do with code. The comments about emabargoed stuff appearing in Red Hat before CentOS Stream are for coordinated code releases to fix a bug that’s not been released yet. (e.g. there’s a remote code exploit in the network stack related to intel NICs. Intel will coordinate with people like Red Hat and MS to get the release out in a coordinated fashion, but the data Intel supplies is embargoed until the coordinated release.)

    Rocky reports their release cycles are all tied to automation of the git repos that are going away. https://forums.rockylinux.org/t/has-red-hat-just-killed-rocky-linux/10378

    So, while in theory someone who has a license can use source RPM’s to get at code, Rocky, and likely Alma, aren’t set up to deal with that as upstream sources. Plus, even though that matches the GPL (if someone sells you code, they have to supply source without restitrictions), I’d imagine the GPL doesn’t say that if someone sells a GPL’d product, they have to sell to you.

    My guess is Alma and Rocky will figure a way around this, but id also guess it’s going to be tough.