I don't know the details of that part directly, but I do remember reading things like this which seemed to indicate delisting of some maintainers (positions of responsibility, as opposed to blocking all developer contributions) who were associated with certain sanctioned Russian companies. This seems to be in line with standard sanctions being imposed by many companies & organisations in various countries (not just USA). Regardless of personal opinions about whether that was "right, wrong, or otherwise" at the time it at least seems a far cry from "an NSA compromise".

I will try to answer these, and hope someone corrects any potential innaccuracy:

what's red?

There is a comment there saying "see deep-dive for details" so the red-highlight caveat is likely explained there.

what's the globe icon?

My assumption is that icon just indicates Free/Open-Source projects which have no "owning company" (not "based" anywhere), just globally scattered contributors.

how come some products marked not majority EU owned have the EU flag?

My guess (merely a guess) is that those are run by EU-based companies, but which don't have a solid policy guaranteeing "majority of shareholders are in the EU" (...?)

Having not heard of this one, I was curious so checked some sites about it, like:

https://www.reddit.com/r/linux4noobs/comments/kd0yml/does_the_nsa_have_a_backdoor_to_linux_this/

https://www.theregister.com/2022/02/23/chinese_nsa_linux/

https://www.bleepingcomputer.com/news/security/nsa-linked-bvp47-linux-backdoor-widely-undetected-for-10-years/

My quick impression from those seems to match what was said by some commenters on the FreeBSD forum - https://forums.freebsd.org/threads/nsa-linked-bvp47-linux-backdoor-widely-undetected-for-10-years.84258/

msplsh: This looks like an implant that opens a backdoor, not an intrinsic backdoor built into the OS.

and:

sko: From el reg: To us it seems whoever created the code would compromise or infect a selected Linux system and then install the backdoor on it. So if someone already gained privileges to install anything on one of your machines, it doesn't matter what it is - this host is compromised and has to be nuked from orbit.

So, unless I'm missing something this is not really about "the Linux kernel devs being compromised by NSA" as much as the endless list of Windows-targetting malware is not about "the NT kernel devs being compromised by NSA".

For those who might skip this video thinking it will be in French which they don't speak, it is actually in English.

I hadn't even heard of the underlying protocol NNCP yet, and it seems to solve out of the box several things I was trying to do in some of my own hobby-projects. I'd been battling with automating and integrating Tor/I2P, Openssl, Tox, GPG, Wireguard, etc. If NNCP lives up to the hype it will be a big shortcut, when I next get time to work on stuff :-)

In-band periodic key-exchange. Pre-arrange that keys expire every X messages, and that the last (Xth) message is dedicated to sending the new key encrypted by the previous one.

That makes sense too. I guess it's a very difficult balance to hit, for all concerned. I think a lot of the famous outbursts that happen on LKML are probably an inevitable side-effect of that balancing-act, and of maintainers being stretched in multiple directions.

Yeah, maybe just a good steward quality-testing the Bus Factors?

Thanks, that's good to know, but for raw-writing a bootable image to a device do you (or anyone reading) know if there are also straightforward powershell commands for mapping devices at the block level? (as opposed to mounting at filesystem level)

The article at the end mentions they suggest dd as alternative for MacOS (due to Unix user space). It seems the balena -> rufus decision is about the easiest-onramp Mac+Win-portable option, for those uncomfortable dropping to low-level device-writing CLI tools in their current system.

Side-note: Last time I was on a friend's Windows I installed dd simply enough both as mingw-w64 (native compiled) and under Cygwin. So for Windows users who are comfortable using dd it only requires a minor step. When I once used WSL devices were accessible too, but that was WSL1 (containerized), whereas WSL2 (virtualized) probably makes device-mapping complex(?) enough to not be worth it there.

If you haven't already seen the talk recently given at the Chaos Computer Club's "Hacker Hotel" named "How Thermonuclear fusion works, free energy without waste", I highly recommend it. https://libranet.de/display/0b6b25a8-ff152736-e38872dd7aed088e

So you confirm that we agree our most recent comments don't constitute a constructive discourse (we agree for our own differing reasons, but that's beside the point). So rather than itemising the hows and whys of disagreeing with your latest comment I will instead just wish you well and say goodbye. If you reply and don't hear back from me, please know that is not out of concession or rudeness on my part, just that at some a discussion needs to stop (especially when all agree it is not constructive).

Thanks. Had heard the name but didn't really know "what they do" in that sense. Will check them out.

...cruelty is state policy in China.

That is a very causatively specific thing you are claiming I said, which I didn't. Again.

Your comments are frustrating to me because they're born out of ignorance. You have not spent the time to actually understand how Chinese system works

...if you bothered to learn a bit of history you'd see that...

I urge you to actually spend the time to learn about China instead of regurgitating demagogy.

That's making quite a few assumptions and accusations about someone you've never met and know nothing about. Have you genuinely considered that many of those assumptions and accusations might be wrong? And no, I won't (and shouldn't) fall into the same "courtier's reply" trap by itemising first-hand experiences, interactions, etc here because A) that would be inappropriate and should be irrelevant to a healthy discussion-focused dialogue - free of such "appeal to authority" logical fallacies, B) as stated before it is clear you keep arguing past what I'm actually saying - to how you reinterpret what I am saying, and C) after working through your false assumptions, false accusations, ad hominems, and misreading it seems you didn't actually say anything else for me to reply to.

I made statements about various global systems of government, in general, and when you redirected and contextualised every statement to being consistently only about China, at first I did you the debater's courtesy of addressing that, but unfortunately that courtesy has a limit, especially when you don't reciprocate. As much as people displaying Said's concept of Orientalism irreparably bias and taint global-context discussions, Occidentalism is also harmful for the same reason. Both of them often veer discussions into two-sided, one-dimensional (and often zero-sum) arguments to be "won", rather than multivariable, multidimensional, fallibilistic and constructive debates. I have only been here for the latter but you are either only able or only willing to participate in the prior, so I say again it makes sense to just agree to disagree and move on. Anything else is just browbeating.

Lastly, I would have thought those ad hominems alone should be delete-worthy due to rule 1, no?

For others who, like me, haven't yet heard what the 50501 Movement is, here you go

I'm glad that wording got clarified, otherwise people's mental images could have taken a disturbing turn. :-D

At least on that day he was.

I think a good tool against this could be to have an international nonprofit organization of investigative journalists, OSINT experts, and detectives (and experts in seeing through AI abuse and other fraudulent media behaviour, and as soon as they build reputation they would need damn good lawyers too). They would act as a fast-response crack-team to look under the covers every time any powers-that-be launch a news cycle chaos-offensive (which sadly these days is "all the time"). Not just as a side-hustle or section of a general publication, but as its own non-profit-beholden organisation dedicated to that task.

They would follow the timings and run contextual pattern recognition on all the big/fishy "look over here" announcements (or character hit-pieces attacking the credibility of people sharing uncomfortable or explosive information). Their explicit goal though would be surfacing the most promising other stories that are being buried, combine and tug on those threads to discover what kind of meta-stories and deeper narratives are being lost in the "manufactured mainstream" noise, and provide announcements/advice/guidance to other journalists and reporters on what to do next with those. They would need to all be highly experienced and disciplined expert investigators of impeccable integrity to provide adequate mental-vaccination against risks of sliding into conspiracy-hypothesising tin-hat territory due to the nature of the work.

In addition to the obligatory website for people to discover and learn about them, they could provide a non-paywalled RSS stream of their findings, tongue-in-cheek naming it "While you were out", maybe with a sister podcast discussing their findings called "Excuse me, I think you dropped this".

This little exchange felt so wholesome in a deliberately counterintuitive way. :-D

It would probably be configured using YAML and require health checks and quorum monitoring. I'm not sure I would want that job, especially on-call shifts. The consequences of downtime would be on a whole other level.