Debian says they intentionally opted not to remove these images from Docker Hub and to leave them as historical artifacts, telling users to only use up-to-date images and not old ones.

The maintainers made this decision as they believe the requirements for exploitation are unlikely, such as requiring sshd installed and running on the container, the attacker having network access to the SSH service on that container, and using a private key that matches the backdoor’s trigger logic.

Idk that seems pretty reasonable to me. I think I’ve eojly ever needed to enable ssh on a container once

Researchers from AquaSec have noted its ability to automatically switch to backup mining pools if a primary one becomes unavailable, ensuring continuous operation. This level of sophistication has led security experts to believe that large language models or other automation frameworks may have played a role in its development.

Is it just me or is this not a very convincing rationale.

It’s just a consequence of independent file formats. There’s bound to be overlap in what counts as technically a valid X and also technically a valid Y. It’s pretty much unavoidable. The tricky part is figuring out what fits in that sliver of the venn diagram but is also useful as malware.

Check the recent discussion on lobste.rs if you’re interested in the exact details.

For those coming from the future: https://lobste.rs/s/aa7ske/anubis_now_supports_non_js_challenges

FWIW, I was hesitant about obsidian for the same reasons. I would’ve preferred an open source editor and a syntax like asciidoc. But the fact that everything is markdown and it being such a common standard does make obsidian being closed source more palatable^[1]. And tbh, for note-taking/“second brain” purposes, a relatively constrained format like markdown is pretty suitable. I wouldn’t want it for technical writing but it serves the purpose for quick and dirty tasks like quickly jotting down notes^[2]. And any other markdown language wouldn’t have the same amount of tooling (e.g. org-mode is underspecified and essentially emacs-only unless you see stick to a specific subset of features)

I understand the definition of “Freedom” as laid out by e.g. the FSF. I was explaining why your argumentation is not convincing unless the audience already agrees that complicity in genocide is an acceptable tradeoff to software freedoms. I’m saying you could make a more convincing argument by just not making that comparison in the first place. Unless your point was “perhaps we should reconsider whether Open Source is Good”.

This assumes the audience will agree that genocide is an acceptable tradeoff for software freedoms.

I don’t know if “freedom to modify source code” and “committing a genocide” are morally comparable. This seems to undermine your point. I would have picked a different analogy