(no subject)

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

(no subject)

jon zingale
Roger,

You say, "It's already happened more than once.  People, acting as if they cared about the code have taken over existing projects when the current developer loses interest.  Then they modify the code so it does something evil in addition to its original purpose, say stealing bitcoin wallet credentials.  Others have submitted packages which were one letter typos for trusted packages, with the same sort of surprises hidden in them."

Isn't this exactly why there is a git history? Version control exists, to some extent,
exactly so we can say who has done what and to what effect.

Jonathan Zingale

.-. .- -. -.. --- -- -..-. -.. --- - ... -..-. .- -. -.. -..-. -.. .- ... .... . ...
FRIAM Applied Complexity Group listserv
Zoom Fridays 9:30a-12p Mtn GMT-6  bit.ly/virtualfriam
unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com
archives: http://friam.471366.n2.nabble.com/
FRIAM-COMIC http://friam-comic.blogspot.com/ 
Reply | Threaded
Open this post in threaded view
|

Re: (no subject)

Roger Critchlow-2
Right, https://www.git-scm.com/docs/git-blame - Show what revision and author last modified each line of a file

-- rec --

On Thu, May 7, 2020 at 5:19 PM Jon Zingale <[hidden email]> wrote:
Roger,

You say, "It's already happened more than once.  People, acting as if they cared about the code have taken over existing projects when the current developer loses interest.  Then they modify the code so it does something evil in addition to its original purpose, say stealing bitcoin wallet credentials.  Others have submitted packages which were one letter typos for trusted packages, with the same sort of surprises hidden in them."

Isn't this exactly why there is a git history? Version control exists, to some extent,
exactly so we can say who has done what and to what effect.

Jonathan Zingale
.-. .- -. -.. --- -- -..-. -.. --- - ... -..-. .- -. -.. -..-. -.. .- ... .... . ...
FRIAM Applied Complexity Group listserv
Zoom Fridays 9:30a-12p Mtn GMT-6  bit.ly/virtualfriam
unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com
archives: http://friam.471366.n2.nabble.com/
FRIAM-COMIC http://friam-comic.blogspot.com/

.-. .- -. -.. --- -- -..-. -.. --- - ... -..-. .- -. -.. -..-. -.. .- ... .... . ...
FRIAM Applied Complexity Group listserv
Zoom Fridays 9:30a-12p Mtn GMT-6  bit.ly/virtualfriam
unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com
archives: http://friam.471366.n2.nabble.com/
FRIAM-COMIC http://friam-comic.blogspot.com/ 
Reply | Threaded
Open this post in threaded view
|

Re: (no subject)

Marcus G. Daniels

The long con would be to get a semi-trusted agent as a committer.   Someone that could appear to be a student or a bland mid-level employee but is just playing that part.   Being open source, it would be a simple matter to anonymously clone it and study it for a while, advising their agent on what apparently benign mistakes to make.   (If the employee gets laid off for some mistakes that makes it all the more plausible and their agent is free and clear.)   Then the sponsoring organization waits for that code to spread into other organizations.   With their bugs in place, they have a period of exploitation before the bugs are identified.   All it takes for that is money and/or extortion.

 

From: Friam <[hidden email]> on behalf of Roger Critchlow <[hidden email]>
Reply-To: The Friday Morning Applied Complexity Coffee Group <[hidden email]>
Date: Thursday, May 7, 2020 at 2:55 PM
To: The Friday Morning Applied Complexity Coffee Group <[hidden email]>
Subject: Re: [FRIAM] (no subject)

 

Right, https://www.git-scm.com/docs/git-blame - Show what revision and author last modified each line of a file

 

-- rec --

 

On Thu, May 7, 2020 at 5:19 PM Jon Zingale <[hidden email]> wrote:

Roger,

 

You say, "It's already happened more than once.  People, acting as if they cared about the code have taken over existing projects when the current developer loses interest.  Then they modify the code so it does something evil in addition to its original purpose, say stealing bitcoin wallet credentials.  Others have submitted packages which were one letter typos for trusted packages, with the same sort of surprises hidden in them."

 

Isn't this exactly why there is a git history? Version control exists, to some extent,

exactly so we can say who has done what and to what effect.

 

Jonathan Zingale

.-. .- -. -.. --- -- -..-. -.. --- - ... -..-. .- -. -.. -..-. -.. .- ... .... . ...
FRIAM Applied Complexity Group listserv
Zoom Fridays 9:30a-12p Mtn GMT-6  bit.ly/virtualfriam
unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com
archives: http://friam.471366.n2.nabble.com/
FRIAM-COMIC http://friam-comic.blogspot.com/


.-. .- -. -.. --- -- -..-. -.. --- - ... -..-. .- -. -.. -..-. -.. .- ... .... . ...
FRIAM Applied Complexity Group listserv
Zoom Fridays 9:30a-12p Mtn GMT-6  bit.ly/virtualfriam
unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com
archives: http://friam.471366.n2.nabble.com/
FRIAM-COMIC http://friam-comic.blogspot.com/ 
Reply | Threaded
Open this post in threaded view
|

Re: (no subject)

Roger Critchlow-2
This was a nice line

in an algorithmic tunnel of unreliable sources


-- rec -- 

On Thu, May 7, 2020 at 6:08 PM Marcus Daniels <[hidden email]> wrote:

The long con would be to get a semi-trusted agent as a committer.   Someone that could appear to be a student or a bland mid-level employee but is just playing that part.   Being open source, it would be a simple matter to anonymously clone it and study it for a while, advising their agent on what apparently benign mistakes to make.   (If the employee gets laid off for some mistakes that makes it all the more plausible and their agent is free and clear.)   Then the sponsoring organization waits for that code to spread into other organizations.   With their bugs in place, they have a period of exploitation before the bugs are identified.   All it takes for that is money and/or extortion.

 

From: Friam <[hidden email]> on behalf of Roger Critchlow <[hidden email]>
Reply-To: The Friday Morning Applied Complexity Coffee Group <[hidden email]>
Date: Thursday, May 7, 2020 at 2:55 PM
To: The Friday Morning Applied Complexity Coffee Group <[hidden email]>
Subject: Re: [FRIAM] (no subject)

 

Right, https://www.git-scm.com/docs/git-blame - Show what revision and author last modified each line of a file

 

-- rec --

 

On Thu, May 7, 2020 at 5:19 PM Jon Zingale <[hidden email]> wrote:

Roger,

 

You say, "It's already happened more than once.  People, acting as if they cared about the code have taken over existing projects when the current developer loses interest.  Then they modify the code so it does something evil in addition to its original purpose, say stealing bitcoin wallet credentials.  Others have submitted packages which were one letter typos for trusted packages, with the same sort of surprises hidden in them."

 

Isn't this exactly why there is a git history? Version control exists, to some extent,

exactly so we can say who has done what and to what effect.

 

Jonathan Zingale

.-. .- -. -.. --- -- -..-. -.. --- - ... -..-. .- -. -.. -..-. -.. .- ... .... . ...
FRIAM Applied Complexity Group listserv
Zoom Fridays 9:30a-12p Mtn GMT-6  bit.ly/virtualfriam
unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com
archives: http://friam.471366.n2.nabble.com/
FRIAM-COMIC http://friam-comic.blogspot.com/

.-. .- -. -.. --- -- -..-. -.. --- - ... -..-. .- -. -.. -..-. -.. .- ... .... . ...
FRIAM Applied Complexity Group listserv
Zoom Fridays 9:30a-12p Mtn GMT-6  bit.ly/virtualfriam
unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com
archives: http://friam.471366.n2.nabble.com/
FRIAM-COMIC http://friam-comic.blogspot.com/

.-. .- -. -.. --- -- -..-. -.. --- - ... -..-. .- -. -.. -..-. -.. .- ... .... . ...
FRIAM Applied Complexity Group listserv
Zoom Fridays 9:30a-12p Mtn GMT-6  bit.ly/virtualfriam
unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com
archives: http://friam.471366.n2.nabble.com/
FRIAM-COMIC http://friam-comic.blogspot.com/ 
Reply | Threaded
Open this post in threaded view
|

Re: (no subject)

gepr
For some reason, the link to Gorski's debunking is messed up in that article. I had to go looking for it:  https://respectfulinsolence.com/2020/05/06/judy-mikovits-pandemic/

You *forced* me to watch Plandemic, too. I'll never get that time back. 8^D

On 5/7/20 3:46 PM, Roger Critchlow wrote:
> This was a nice line
>
>     in an algorithmic tunnel of unreliable sources
>
>
> from https://www.technologyreview.com/2020/05/07/1001469/facebook-youtube-plandemic-covid-misinformation/

--
☣ uǝlƃ

.-. .- -. -.. --- -- -..-. -.. --- - ... -..-. .- -. -.. -..-. -.. .- ... .... . ...
FRIAM Applied Complexity Group listserv
Zoom Fridays 9:30a-12p Mtn GMT-6  bit.ly/virtualfriam
unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com
archives: http://friam.471366.n2.nabble.com/
FRIAM-COMIC http://friam-comic.blogspot.com/ 
uǝʃƃ ⊥ glen