deadryn.

• Your experience and expertise with Linux is not universal.
• Many major Linux distros are at a transition point between Xorg and Wayland, and that will be hell for nvidia users (who should not be fucking shamed for just happening to have/need an nvidia gpu) (and yes, I'm aware a new driver drop is coming in the summer. No, I don't think that will magically solve all the problems plaguing nvidia + wayland)
• There exists no creative package in the FOSS ecosystem that is a drop-in replacement for the proprietary software it is supposed to replace.
• Relearning entirely new software is not easy, it takes time, and people are not shitty for not having the room in their lives to dedicate to a transition.
• About the only creative package I would remotely consider to be "professional grade" and has at least some market penetration in its industry is Blender. Its interface and workflow is still weird as fuck even post-2.7. The world still uses Maya.
• Most digital artists have invested years and a lot of money in the form of software, brush packs, etc., and dumping all that will cause a lot of workflows to collapse.
• Big Tech has invested decades and billions into locking people into SaaS ecosystems like Google Docs and Microsoft 365 that have provided value and ease of use for end users. People are not weak for benefiting from that ease of use.
• Big Tech is light-years ahead of most FOSS in terms of accessible computing, translations, etc. Your favourite go-to tool that needs to be compiled from a git repo might be absolutely useless to someone who only knows Farsi.
• Regardless of how you feel about it, some of the biggest games on the planet are Windows-only, and won't even run under Proton/WINE. People have built up social relationships and microcultures in those games that are just as valid as your local LUG full of weirdo IBM XT clone enthusiasts, and they are not fools or shitty for being human and forming social relationships and microcultures.
• "Tech support" on Linux is fucking abysmal, and always has been.
• "Just switch to Linux" is, and will always be, a temporary and personal-sphere mitigation against the inexorable march of cryptofascist surveillance capitalist tech. You will never make a meaningful enough dent in numbers to affect any kind of change simply by telling your friends to switch, and it will not stop the nightmare world being built up around you. Everyone would be better served by comprehensive privacy legislation, which means you have to get politically active, and message or call your reps.
• There are other things you can do beyond "just vote" but I ain't gonna write about 'em. Suffice it to say that the fate of our planet's ecosystems are at stake from people who think it's great that we can't tell what search results are real anymore.

I would hope that people recommending switching to Linux are keeping in mind that it is by no means an easy solution, seeing as a lot of people have spent a lot of money to MAKE it not an easy solution. However, I don't think recommending it is as unreasonable as some make it out to be, and I can't think of another time in history where switching to Linux has been nearly as easy and seamless as right now. Proton is leaps and bounds better now than it was when the project was first started, and provided you are not using an app that requires external hardware to function (such as a firmware updater) there is increasingly little it can't do, especially with the sales success of the Steam Deck. It isn't EASY of course, but it clearly has been done even by people who aren't that techy.

Still, I broadly agree with your points, especialy irt the idea that simply recommending that your friends switch to Linux is not conducive to large scale political change, but I also don't think it's all that helpful to make it out as this monumental task that just isn't worth it. Recommending people at least give it a try via a live USB is at worst a wasted weekend, and now more than ever encouraging technological literacy is extremely important. Affecting political change through interpersonal relationships is mostly ineffective on its own, but it can also be the first building block to larger collectives and organizations with materially actionable goals. Capital relies on a politically apathetic population base to continue its exploitation, and poking cracks in that foundation can only ever be a good thing.

Where I feel the issue is most amplified is that a good chunk of the "just use Linux" crowd is not all that opposed to the larger mechanisms of capitalism, and tend to only extend their political activism to opposing Big Tech broadly and MS + Apple specifically. They aren't recommending Linux as a way to decouple yourself from technocapitalist abuses, but simply as a team sport with the dressings of the political. They will never attempt to invoke larger political change because that's not their end goal, they're only concerned for what directly affects them. I've been a full-time Linux user for over a decade now and I don't really waste time trying to convert people to Linux often because for the most part people barely use desktop computers anymore. A lot of my friends don't even own laptops anymore! And for creative professionals outside of musicians I don't even bother for the reasons you've laid out, and I only make the exception for musicians because I am one. I still vocally endorse Linux and help people get started when they express curiosity, but there are significantly more effective things to do with my time and organizing.

I will say, however, that I think people need to get used to the idea that they will need to do things that are increasingly more frustrating and uncomfortable as we navigate late stage capitalism. Many people have this conception of socialist anything, from the most peaceful propositions of demsocs to fire-breathing anarchists, ultimately resulting in a life where they are afforded the exact same luxuries and lifestyle that they have now, and that is simply untrue. That isn't me saying "and this is why you should learn how to resolve all the WINE dependancy issues and get Photoshop running!", but rather that we need to have realistic expectations of what the average person's life is going to look like / what they will need to do for effective political change, and we need to know how to have those conversations with people.

this sounds more evocative than i mean, but the apple i knew has died.

look, the apple i knew has died several times over. i'm still not over the years of "the most advanced keyboard" which broke after two weeks, i'm still bitter about headphone jacks, and i'm sure you've all have your moments of disappointment with apple, and will continue to do so.

it's just apple used to be a company that postured itself "for creatives", and i only realised just now how untrue that is, how untrue that's been for years. i just never thought i'd see apple do the full heel turn on their 1984 advert and proudly announce "we crushed everything that brings joy"

from at least the late 80s through the 2000s, apple's advertising focus was on individuality, personality, creativity. i need not cite the late-90s-early-2000s ads that were literally just videos of people dancing that told you nothing about the product; apple sold us on living life full for decades. now they are a company about Productivity. it is obvious why this happened.

a few years after the iphone came out, apple quietly became aware that 99% of emails sent by executives said "Sent from my iPhone" at the bottom. a couple years after the ipad came out, apple quietly became aware that virtually every retail establishment in the US that was not part of a chain was using them as POS terminals. so apple is now a company that makes productivity tools. often for business, but not always - sometimes it's just about personal productivity, tracking your X, finding your Y, always being in touch with Z. apple makes products for workers to help them work better. this is depressing.

but let's not be disingenuous here: it is because a couple massive advances in technology - primarily: multi-gig NAND flash, but also wireless broadband - eradicated the consumer electronics industry overnight, years ago. during the obama admin, and not even towards the tail end of it. there will never be another Walkman or Discman or iPod or iPod video because all of those things were the product of escalating storage capabilities, and storage is now a solved problem, forever. there will not be a new hill to crest; 128GB will still be a lot of storage 20 years from now. the same is true for all the other technologies relevant to consumer desires.

all the music you've ever heard is in your pocket, brand new hollywood movies and TV shows can be called into existence in the middle of the forest, and you have a camera that (speaking to the average user) exceeds your skills or desires as a photographer or videographer and has functionally unlimited storage. there is nothing left to sell to the pure consumer. consuming is a solved problem, it is effortless and works incredibly well. the instrument is as good as it needs to be for 95% of people, they figured out the form factor over ten years ago, and there is nothing you can add with an accessory or peripheral that nearly anyone would want. they can't even show you the headphone wires jangling in space because they got rid of those, years ago, way easier than anyone ever could have imagined. in fact, most of their 2010s+ developments come down to what they removed rather than anything they added. we're mad about them removing the headphone jack and making the device thinner, but it's because there is nothing left to add, so they are forced to subtract.

consumer technology happened, and is now over. a macbook from 2012 is all the macbook most people will ever need in terms of normal, everyday tasks. apple has not come up with anything in over a decade that they can add that anyone really gives a shit about. M1? what, like your intel mac didn't run for like 8+ hours anyway? like it felt slow doing the things you typically do? the M chips are amazing, but as far as most people are concerned, they're marginal improvements where they aren't simply invisible. if you disagree, it's because you're part of an incredibly small group, to which Apple is now advertising exclusively, because what else can they do. there is nothing left to advertise other than features hypertargeted at professionals. there's nothing left to invent that will make a billion dollars off the everyman.

we are all lucky enough to be alive to witness the end of consumerism, at least as the last six generations have known it. the problem is that it is not going gently into that good night.

it just drives me crazy bc there are a dozen different low-effort ways to build this place from a mess into a Functional mess but they keep pressing forward on things like patreon 2 which By Their Own Admission will almost certainly operate at a loss

artist's alley is a very small step in the right direction but it also feels so begrudging. like ok fine here's your ad space are you happy now. we're putting it here in this little corner where nobody will see it. the perfect opportunity to more or less revive the idea of project wonderful And immediately populate it with ad buys and its just shunted over into a classifieds page. i guess at least it's got filters

like there's literally a user-created script to hack the cohost corner (an intrusive and mostly useless feature that isn't updated often enough and should be in the footer) into an artist alley display . people who use this website are literally breaking it open because they Want to be served ads by their peers and the website has no interest in accommodating that. its unreal

full report: https://www.openwall.com/lists/oss-security/2024/03/29/4

tl;dr: liblzma/xz has been compromised upstream. the github releases 5.6.0/5.6.1 (since feb 24) contain malicious code, significantly slows down sshd and runs code on pubkey login. checker script is available, please check your distro's repository to see if you have those versions of xz, and if yes upgrade if a rollback is packaged or roll it back yourself.

here is how you can tell if you're running the affected version:

it started on January 26, 2021

JiaT75 was hunting around multiple compression libraries including l4z and libarchive to fork and contribute code to, with many attempts being rejected, but eventually some making it in

on October 18 2022 they finally were given direct access to the "Tukaani" project which hosts xz's repositories

2 months later on December 12, 2022 the account Larhzu was created and added to the project the same day, becoming a co-admin of the project

Larhzu is also the username used by a previous maintainer of the xz project, who had been active with it since 2009* on its previous home on SourceForge, saying on a mailing list in 2022:

Recently I've worked off-list a bit with Jia Tan on XZ Utils and perhaps he will have a bigger role in the future, we'll see.

JiaT75 would also make many contributions to other projects, primarily focused on reducing security and hiding the exploit months in advance of its deployment, including changes to Google's Open Source fuzzing project that detects security issues and bugs

hansjans162 appeared on Github in May 2023 and began working on a new implementation based on something called IFUNC - which allows the same binary to run differently optimized code on different CPU microarchitectures - this would later provide part of the hook that the malicious code would use to load itself

all three were extremely polite to each other and other developers, JiaT75 in particular verbose in an odd way that i do not often see, with most comments structured almost like a formal letter

hansjans162 disappeared off of Github after their code went in, but their name was used last week to push Debian to merge in the malicious package

Larhzu and JiaT75 were both active with the project until 4 days ago

some believe that Larhzu is innocent and is just taking an inopportune break from the internet

i do not expect we will see more from the JiaT75 moniker who is the clear malicious actor in all of this that certainly abused the trust of multiple people

i have seen people from multiple projects express feelings of betrayal as they worked with JiaT75 to help solve issues - issues which it turned out were due to the malicious payload

while the known malicious payload was only deployed a few weeks ago, a lot of changes to the code over the last year, and more research will need to be done in order to understand what all was truly affected

the hansjans162 account is the only one not suspended by Github, and they marked their profile private at one point while i was doing some follow up research, so they are active today, despite having only contributed the code for the IFUNC implementation several months ago

update 2024-03-30 00:00 UTC

hansjans162's account has also been suspended by Github within the last hour or so

update 2024-03-30 13:00 UTC

the official Tukaani website has been updated with a warning about the malicious packages in a post signed "Lasse Collins", where he also takes ownership of the Larhzu username on Github

Larhzu on Libera IRC (chat service used by many open source communities) is now active and responding to people about the incident as well

unfortunately due to the events of 2021 where Freenode was taken over by a hostile far-right corporation (the same one that owns the "Private Internet Access" VPN) there is no meaningful long-term tenure to tie to the Libera account - Larhzu was created 2 days after my own on 2021-05-21 UTC and during the same tumultuous week that Libera was founded

the jiatan Libera account however was also created on December 12th 2022, possibly to connect with Larhzu

all of the Tukaani repositories on Github have also been suspended for terms of service violations, but the org still exists and the repository links are visible

update 2023-04-02 04:00 UTC

Lasse Collin's GitHub account Larhzu has been reinstated but the Tukaani org remains locked, hansjans162 and JiaT75 remain suspended