Eastern Orthodox Christmas is not on Dec 25 so the argument for EE is not as air tight as the author thinks it is

Depends on the country. Greece, Bulgaria, Romania and now Ukraine celebrate on Dec 25.

I agree, but the social engineering parts do feel particularly cruel

I felt really bad for the original maintainer getting dog-piled by people who berated him for not doing his (unpaid) job and basically just bring shame and discredit to himself and the community. Definitely cruel.

Though… do we know that the maintainer at that point was the same individual as the one who started the project? Goes deep, man.

Its possible the adversary was behind or at least encouraged the dog piling who berated him. Probably a normal basic tactic from a funded evil team playbook.

Might be worth reviewing those who berated him to see if they resolve to real people, to see how deep this operation goes.

This has been investigated and the conclusion is IMO clear: the dogpilling accounts were part of the operation. See the parts about Jigar Kumar in this link: https://boehs.org/node/everything-i-know-about-the-xz-backdo...

One of them who left only one comment does, the rest are sock puppets.

No. From what I've read on the openwall and lkml mailing lists (so generally people who know a lot more about these things than I do), nobody accused Lasse Collins, the original maintainer, of being involved in this, at all, and there wasn't any notion of him becoming untrustworthy.

This could've happened to anybody, frankly. The attacker was advanced and persistent. I cannot help but feel sympathetic for the original maintainer here.

From TFA's profile:

https://bsky.app/profile/filippo.abyssdomain.expert/post/3ko...

This is a profound realization, isn't it? How much more paranoid should/will maintainers be going forward?

Mild spoiler, but I could not find corroboration for the black axe human sacrifice claims anywhere on the internet

It seems like other VPN vendors are slapping obfuscation on top of OpenVPN and advertising their service as unobservable. This paper contests that claim

What do lines 7-21 do?

The library is an "stb-style" header-only library, so the header has two modes: when you define CR_TASK_IMPL, it includes the implementation (starting from line 20), otherwise it just includes declarations (the first 19 lines). The implementation should only be included in one translation unit, but the declarations can be included in multiple units.

Ah, sorry I meant in test.c. I was nodding off when I wrote that comment

Historically, C compilers attempted to build the list of all symbols in one pass of the files.

Sometimes, functions may call other functions in the same code file.

This required that functions be declared before they are referenced so C knew it existed.

You can also see this on lines 84-92.

This is agitprop

Does anyone know what geometric means in this context?

It refers to the geometric progression of bucket sizes used in the data structure.

How do you deal with "Please open in app to see all comments" and other similar bs? If you don't want to install app and/or login only old.reddit works on mobile web.

Admittedly those are bullshit. They do go away if you create an account and login though

At the individual level, the cost of using cash is that you are subsidizing the other consumers who are paying with a credit cards that offers cash-back or other rewards

They do get innovation points for inventing SQL (over 50 years ago)