While I agree in theory, this particular case is different.

Do you validate every single package inside of yum/dnf/apt/pkg or similar OS package repositories?

Because what happened in this case, the maintainer for a major package had their system compromised.

This could have easily been an attack against any package in any OS repo, open or closed source, using this method.

"So, you think critical infrastructure shouldn't be repaired!?"

And watch the bullshit lame ass excuses the fuckwit companies come up with.

(yes, I know its so they can sell you service contracts and parts and labor n what not, but i want to see them attempt to justify it)

"more than 340 million people live within 10 kilometers of data centers"

NOT ALL DATA CENTERS ARE FUCKING AI DATA CENTERS.

I'm getting sick n tired of all the bullshit metrics.

By the definition of "data center" that these people use in one stance (AI) to talk about heat, then they shift to a different definition to cover "people live X distance away) is for an entirely different class. Things like carrier hotels and co-locations. Ya'know, the shit that just delivers your fucking internet to your house and cross-connects to other ISPs / Carriers. THESE ARE DATA CENTERS! But they're not "gigawatt" data centers. Often they're not even "megawatt" data centers.

Maybe this partly stems from a recent Microsoft Store outage... that I shit you not... prevented NOTEPAD from functioning.

Yes, seriously.

https://windowsforum.com/threa...

Yeah, dude. Its the fucking internet. "Gamers Hate" literally every type of change in the past decade. That's just how the vocal minority goes. Same shit happened with hardware ray tracing, because early demos were not the best. No diff today w/ this tech. It was an early tech preview, not a final product. It will be tweeked and refined, and then we'll forget all about all of this bullshit nonsense, and the tech will be common place... ya'know, just like DLSS (original). Yeah, that had massive hate too. Now DLSS just gets a shrug for the most part from the general community because its decent now. And this tech too shall improve to that point eventually.

The Linux distro with the most gamers? Android. By several orders of magnitude.

But ya'know what? I'ma be called out because its "not a real distro" while everyone bickers and fights about right/wrong, there are literally billions of installs and a huge chunk of those people gaming while not giving two fucks about what kernel runs under the hood.

Aarch64 has taken off in the data center too. ARM is king of mobile, competing hard at the top, and thanks to Apple is a solid competition at everything in between.

Now, why does it not take off elsewhere? Microsoft's ARM implementation kinda still royally sucks ass. Also, the hardware still kinda royally sucks ass.

Are these being improved upon? At least the latter, yes. ARM themselves are pushing for what they're calling "SystemReady", where ARM based systems use UEFI+ACPI for initialization. A huge part of the problem leading up to this point is requiring board-specific initialization code being provided by the OS, usually in the form of U-Boot. So this meant there was just as many copies of an OS as there was boards. "Oh, you're on a Pi? That's Ubuntu #1. You want a SolidRun Honeycomb? Ya, that's Ubuntu #2 now"

SystemReady solves this by making it just as easy as PCs, where there is a "BIOS" so to speak that does that early board initialization and then does a hand-off to the OS to handle the rest, much like how X86/AMD64 works. This has been the hold up, and is what is being heavily worked on and improved now.

I've been using FreeBSD on ARM64/Aarch64 for years now. Firefox has been there all along, working exactly as one would expect, no different than X86/AMD64 counterparts.

Why the hell did it take Chrome so long to catch up?

Buy cheap shit, get cheap shit.

If you need encryption keys and to have them portable and secure?

Two options: 1) yubikey. Use its built in features. or 2) Industrial storage. The latter uses SLC or MLC NAND Flash with nicer wear leveling provisions instead of shit-tier USB drives which may not have any wear leveling algorithm at all (let alone extra "hidden" space to help that algorithm out). QLC in the cheap USB shit is rated around 100 write cycles per cell. This can degrade exceedingly fast. I've been able to kill USB drives from major brands like Samsung and Sandisk in less than 1 full drive write cycle because it cycled a few of the early cells to quickly and killed them. Do you know how great storage works when you dont have a partition table or file system header anymore !?

I knew everyone would come in here to bash this example just because it is an old platform not in general availability anymore.

But take a step back and realize what that means. Less documentation. Less availability. Less general knowledge on how the platform works overall.

These tools can handle it. And yes, these tools are already being used on modern hardware too.

Also most seem to be overlooking the "microcontroller" aspect of this: small microcontroller firmware files runs our world. It is now becoming trivially easy to fully reverse engineer proprietary firmware on these things. But more so, beyond that, these tools also are working considerably well now on X86 and ARM code for modern systems.

There is a certain level of "security via obscurity" in the close-sourced world, and that's now being blown wide open. This is it, this is the REAL story. But ya'lls are getting hung up on "OMG its an old Apple system"

The issue isn't technical, its business. Let's just say, in my career, other than when I was the lead architect, I've been stuck dealing with shit-tier quality ass old aged software, because of the amount of paperwork involved for "risk mitigation" due to the fears of poking an otherwise "working" system (security exploits be damned)

Based on their definitions in that legal document, I have might have a "small scale" data center, because I have a dedicated space where I have a couple servers sitting in them.

If you shove a couple of servers in a garage? You're now a data center by their definition!

Sucks to suck homelabbers (myself included, but I live elsewhere)

There is no real clue as to what that "use" is.

The military "uses" Windows and "uses" Linux as operating systems. Yeah, they have computers. They run software. Is this expected? Kinda. I'll bet they use Adobe Acrobat too for all of their PDF documents.

What were the "uses" of the AI tool? Did it summarize a document that someone typed? Was it filling out fluffy bullshit in a work email about what someone had for lunch? Or did the AI generate a war plan? These are vastly different realms.

Maybe, just maybe, it isn't the device, but the testing methodology?

Standardize testing in the USA has always been total bullshit "everyone must fit this exact mold or else you're an absolute failure" mentality. Now we have a generation of people who learned different skills other than the default assumed ones, and they're viewed as failures for it.

Yes, there is a "master list" - as I mentioned, its primarily the hyperscalers and OS vendors. That's how I got pulled in personally, it was one of the F/OSS OSes that wanted some insights into a particular CPU architecture where I had expertise plus a full testing lab to do all the validation testing quickly.