but also what the xz debacle shows: open source software is really hard to secretly backdoorbecause some rando will be like “huh, this command is taking 0.5 seconds longer than it used to, let me check what’s going on here”like can you believe that tha...

but also what the xz debacle shows: open source software is really hard to secretly backdoor

because some rando will be like “huh, this command is taking 0.5 seconds longer than it used to, let me check what’s going on here”

like can you believe that that’s how it got found out? not someone going “i will check the code of this package for security issues” or “i double check commits as a hobby”. just “huh, let me check what’s going on here”

twitter used to be like: aww, i put all this work into this post and it only received 230 retweets, i don’t know why i bother

fedi is like: oh no, this post received 36 boosts, people in my real life will probably end up talking to me about it, i am scared