Does it actually tell you the results? I’m curious how they score your driving, and how effective it is. The scariest things I see on the road are things like:

• distracted driving
• tailgating
• lack of awareness

I don’t see how they’d measure how safe a driver you are.

Perhaps it’s just that people are more careful when they know they’re being monitored, and safe drivers are more likely to opt in?

Cool seeing this here. I’m loving this album.

Something which notifies you whenever a new comment or reply is made to a selected post/comment, so that you can keep track of any new conversation.

Something like this would be awesome as a core Lemmy feature IMO. It would essentially turn a post (or maybe any comment tree?) into a matrix style room. Lemmy is actually decent for long term discussion (e.g. helping someone with a problem), but not if there are more than two people involved.

I’d probably:

1. make sure it can be reliably reproduced using something like systemctl suspend
2. try swapping the cables and see if it still happens on the same screen, or the same port
3. look at journald/dmesg output for the period from suspend to resume

When the screen fails to wake, are you able to get it back by powering it off, or by unplugging it? Is it X or wayland?

For Canada I’d say The Tragically Hip.

I’m not sure such a thing is possible now that fewer people listen to music from specifically Canadian sources. It used to be: commercial radio and music television, and both had strict Canadian content regulations.

I think there’s still a chance for artists to be well known locally, but it would probably be based on where they play shows, and maybe social media.

Oh yeah, that was pretty much the point I was trying to make too.

Of course not, but you have to either trust your users to some extent or give them a system that’s locked down to the point of hindering them.

There’s actually not that much autotools jank, really. There’s configure.ac and a few Makefile.am. The CMakeLists.txt in the root is bigger than any of those files.

There’s also some stuff from autotools archive in m4/. IMO that’s a bad practice and we should instead be referencing them as a build dependencies.

I’m not convinced this backdoor would have been significantly more difficult to hide in the cmake code.

What is ‘unallowed software’? A shell script the user wrote? Something they downloaded and compiled?

Limiting that seems fundamentally at odds with FOSS.

Emacs I assume.

cmake compiles to makefiles as well (it just also supports some other backends). I’m not sure why that matters though. In both cases the makefile is generated.

If you stop shipping autotools generated artefacts in your tarballs, things will be a lot simpler.

Weirdly enough the malicious code does look eerily similar to the benign code, because both are unnecessarily obfuscated.

This is not a human written or readable file you’re talking about. It’s a generated script.

As the other user suggested, you probably just need to mount the root subvolume somewhere and run it on that.

Try using btdu. I’m not sure how it works with compression, but it at least understands snapshots, as long as they are named in a sane way.

Yeah, that’s fair. If you want to test that you can still decompress something compressed with some random old version, you either need to keep the old algorithm around, or the data.

Many of the files have been created by hand with a hex editor, thus there is no better “source code” than the files themselves.

I don’t buy that. There would have been some rationale behind the contents that could be automated, like “compressed file with bytes 3-7 in the header zeroed”.

You also probably don’t need these test files to be available in the environment where the library itself is built. There are various ways you could avoid that.

I do agree about the autotools stuff though.

Minor differences in those files are perfectly normal as the contents of them are copied in from the shared autoconf-archive project, but every distro ships a different version of that, so what any given thing looks like will depend on the maintainer’s computer.

This seems avoidable. We shouldn’t be copying code around like that.

They are actually not that much bigger or different from mobile or game console GPUs, they just have a lot of cooling bolted to them. The cooling allows them to sacrifice efficiency, to be more power hungry and more powerful.

I wonder if anyone is doing large scale searches for source releases that differ in meaningful ways from their corresponding public repos.

It’s probably tough due to autotools and that sort of thing.

All of this would be avoided if Debian downloaded from GitHub’s distributions of the source code, albeit unsigned.

In that case they would have just put it in the repo, and I’m not convinced anyone would have caught it. They may have obfuscated it slightly more.

It’s totally reasonable to trust a tarball signed by the maintainer, but there probably needs to be more scrutiny when a package changes hands like this one did.

it had a way to know it was being emissions tested and so it adapted to that.

Not sure why you got downvoted. This is a good analogy. It does a lot of checks to try to disable itself in testing environments. For example, setting TERM will turn it off.