It seems to me that one of the reasonable paths towards utopia that has merit is humanity leaning strongly towards open-source "free" information technology. That also goes for just information, but that's another story.

After seeing how Veritasium layed out the XZ attack, I got to thinking. I remember the week when CVE-2024-3094 got out, this top of the scale 10/10 CRITICAL. I was shocked how there was no shock in the news.

If this happens in open source, we should expect it happens in closed source, and a lot more of it, viruses and dark stuff loves the .. dark, closed, places.

There are so many steps between committing code and actually getting through testing, rcs, alphas, betas, etc, this is the perfect example of why open source works, because everyone who cares, does care, and some tests will pick up unexpected changes.

Imagine if there was even more incentive for these open-source people to make good code, they (we) care. A lot.

On the other hand, in the closed industry, this may (and) happen all the time, continuously, we just don't know, because we can't know. 🤷 Until of course, 5 or 10 years, after something crazy happens.

https://github.com/advisories/GHSA-rxwq-x6h5-x525

https://nvd.nist.gov/vuln/detail/CVE-2024-3094

https://en.wikipedia.org/wiki/XZ_Utils_backdoor

https://github.com/tukaani-project/xz/commit/e93e13c8b3bec925c56e0c0b675d8000a0f7f754