I like how simple and fast runit is. And the added security is nice.

More specifically, it’s the name used by the attacker. Could well be multiple people, or if it’s one person (still almost certainly state-funded, but the state can fund one person), a fake name nevertheless. We have no info about this person’s real life identity. They used a VPN in Singapore, and some people have looked at the times of the commits to try guess a timezone, though that’s not foolproof as they could’ve just been a nocturnal person, or even tried to schedule commits to happen at a time to suggest they’re in a different timezone, though I think the latter is unlikely and overkill.

I think I’ve found myself wishing manpages were more detailed far more often than I’ve found myself wishing they were shorter. In any case a man page or help text should put the most important info/FAQs at the top.

There are plenty of guides on how to do a PR online

Yeah afaik any AMD card should work out of the box with the Linux kernel, which includes AMD drivers. Never had any problems with my AMD card. Even on Nvidia it worked, admittedly proprietary Nvidia graphics driver updates frequently broke my graphics but downgrading (in a tty or even a chroot if I can’t do it graphically, I think I only ever needed a tty though I don’t think I ever needed to chroot because of an nvidia update) fixed it, and using outdated Nvidia drivers was not too big of a deal, I didn’t notice game performance issues.

And gaming on Linux is completely fine if you don’t have any kind of funky setup (like musl or whatever). The majority of my steam library has native linux versions, those that don’t play fine with Wine/Proton.

Tbh Manjaro has made my system unbootable before with a system update, base Arch has never done that for me. I think Manjaro is just poorly constructed, or maybe it’s bc of all the packages that come pre installed with it causing problems. Minimal installs ftw

By the sounds of it it was an organised social engineering attack. Almost certainly “Jia Tan” is not a real person, or if it is a real person then it’s a case of stolen identity. Even if I were being threatened to put a backdoor in some software I wouldn’t do it under my real name.

It’s a safe bet that there are others (in FOSS) that remain undiscovered.

I agree, but I don’t think that image (about survivors’ bias) applies to the op meme then, as that would imply that it only seems like open source backdoors are convoluted because we’ve not found the simple/obvious ones

What are you saying? That there are people doing the top version (“I want a backdoor / I ask the corpo to grant me access”) for FOSS but they’re less likely to get caught if they don’t do all the gymnastics?