First it was a fiasco, now it's a nightmare. You didn't answer my prior question Michael - If XZ's backdoor is a fiasco/nightmare, what should we call Chrome/chromium's 53 known zero-day exploited vulnerabilities that have been added to cisa.gov's catalog over the past 28 months since November 2021? What word is worse than 'fiasco/nightmare'?

When is Phoronix going to start questioning how many state actors are committing espionage by injecting malicious code into Chrome/chromium in order to open it up to all these exploits? Or do Google devs simply suck at their jobs?

if YOU do not consider this to be hurt, that's your problem, because you cannot understand how the world works.
When you'll grow up, you'll learn.

Instead of play victim, let's try to explain why a company that have to change their plan is not hurted by that, instead of just repeat "they are not hurt just because".

Very Noble of them to do the right thing.

Linux does have an antivirus scanner named clam antivirus:



It doesn't get shipped by default with many distros because users found that when they tried to scan their computers the installed distro itself was flagged and clam would try to remove it.

Antivirus also uses heuristics which looks for behavior patterns, so it can stop zero day threats.

Having said this, antivirus would not have stopped this because most Linux users have been brainwashed to a) believe that exploits do not exist on Linux based OSes and b) to make excuses and deflect when one is found, so they never would install any anti-malware in the first place.

You imply he is spewing utter nonsense then you claim that people waiting for the next release will be hurt.

How exactly will they be hurt of the free OS is delayed by 30 days?

Are they being hurt now by this delay?

Wait, aren't you the guy who always say companies should close source stuff so their 'numbers go up'? Seems like a psychological obsession with numbers to me...

On a more serious note, however: It's good that Ubuntu is acting out of an abundance of caution. Yes, it might have knock on effects of popping the release a little later, which will bum people out. But any serious industrial user would be unlikely to be planning major migrations immediately anyway - at least I wouldn't want to play early adopter with my infrastructure if it's already working fine on existing LTS releases.

Beyond that though, I feel like the XZ backdoor has been something of a triumph for open-source. We know that nation-state actors work back-doors into closed-source projects from leaks such as Snowden's. We also know that our cyber-infrastructure is vulnerable - we have the word "cyberattack" for a reason. What this attempt has shown though is that the work is scrutinized. Some guy, who isn't an XZ maintainer, was able to identify something was wrong, was able to investigate, to discover the specific cause, and to notify the world. The only reason people are able to panic is because we got to see this happen in real time. We saw the open-source world successfully prevent a exploit, successfully communicate it with urgency, and successfully dissect it.

Is open source accessible to malicious actors? Yes. But it is also, far more uniquely, open to the vast, vast concourse of people who want to make software better and safer too. Can't exactly say the same about the closed source side of the road.

24.04 daily build cycle was a nightmare anyway. I forgot how many times I had to fix package database corruptions and even reinstalled the OS twice. I have finally copied the system on a portable drive and started upgrading it first to avoid getting corruptions on the permanent system. I will not be on the daily build next time for sure, it is not worth the headache.

Yeah, go ahead say that, this is called unstable for a reason. I hate you already.

why should a linux had anti-malware? antivirus anti malware are the ones who creats the virus to maintain the industry, i have clam installed always, sometimes i check the system, the only red flags i had was with windows apps. And ofc Linux have problems and exploits the difference is we now that in windows and macos we dont have ideia whats happens there

If you are saying "what if an IT department planned on upgrading hundreds of machines within the first week of release, in this example Ubuntu 24.04".. I would say upgrading that fast in itself without testing is horrible practice for an IT department and in itself is harmful to the Company they planned on updating.