It’s been another wild week in the world of computing — and, of course, a number of news stories got ignored (almost completely) by those Brand X Tech Journalists.

Never fear. Lunduke’s got you covered. Below are the top stories which the other Tech News outlets are trying to ignore — impacting Open Source and Tech in general — for last week.

Note: All articles and podcasts are free for all (subscribers and non-subscribers alike).

 

Note 2: Links to the stories below are all to Substack. You can also find links to all other platforms, which The Lunduke Journal publishes to, at Lunduke.com.

 

Note 3: Most videos are subscriber exclusives. Subscribers on Locals, Substack, X, YouTube, or Patreon can watch all of the videos. Ad free. If you don’t have a subscription yet, you can snag one for 50% off through the end of August.

Linux Kernel Chaos

The world of Linux Kernel development had a crazy week.

No. The word “crazy” doesn’t quite do justice to the absolute chaos and insanity taking place around the Kernel.

We kicked off the week by learning that layoffs from Intel had caused a number of significant Linux Kernel Modules to become “orphans” (meaning, nobody was left to maintain them) — only to realize that the number of such “orphan” Kernel Modules has actually doubled in the last two years (article, podcast & video). Doubled!

Then, Linus Torvalds laid into a Google engineer for writing “garbage” code that “makes the world actively a worse place to live” (podcast & video). Which was just… entertaining.

And then, we learned that the BcacheFS file system might be removed from the Linux Kernel entirely. Why? Because Linus Torvalds doesn’t like the developer (podcast & video). Apparently the developer is too blunt and rude. For Linus Torvalds. Seriously.

But, never fear! The Linux Foundation is swooping in to fix everything! By… banning the word “hung” (article, podcast & video). That’s a real thing. It’s so utterly stupid you just have to laugh.

That’s all just this week.

Absolute insanity.

Non-Woke Software List

The quantity (and quality) of Non-Woke software continues to grow — The August edition of “Lunduke’s Non-Woke Software List” (article, podcast, and video) saw a few noteworthy additions.

One big takeaway (at least for me) is that we now have multiple Operating System options… accompanied by display servers, desktop environments, development tools, and web browsers. All decidedly Non-Woke.

In other words: It is now possible to piece together the majority of a computing environment in a way that is both Open Source and Non-Woke. And, importantly, of an exceptionally high quality.

Other Stories This Week

Here’s some other stories worth diving into. Some are pretty doggone wild.

• Podcast & Video: Android 16 Gets GPU Accelerated Linux Software

• Article: Tea App Clone Exposes Driver’s Licenses

• Article: NixOS Now Celebrates Pride Month… Year Round

• Podcast & Video: NixOS Now Celebrates Pride Month… Year Round

• Article: Funny Programming Pictures Part LXVIII

As always, thank you to all of the subscribers to The Lunduke Journal. Thank to you, we can remain 100% ad-free and Big Tech free. Couldn’t do it without you.

-Lunduke

Last month, we saw the massive data breach of the “Tea App” — a smartphone app for women to talk about men they don’t like — resulting in over 60 GB of personally identifiable data leaked out to the public. Stuff like selfies and pictures of drivers licenses.

Well, it didn’t take long for a “TeaOnHer” App to appear — with the same basic functionality, except this time for men to talk about women they don’t like.

 

And, of course, the developer of “TeaOnHer” made the same basic mistake that the “Tea App” made: They permanently stored a ton of personal information. Including, once again, divers licenses.

You can already see where this is going.

Driver’s Licenses Everywhere

Almost as soon as the “TeaOnHer” app went live, writers for TechCrunch went looking to see if they could easily access any of that data. Because wouldn’t that be crazy if a copy-cat app made the exact same kind of security mistakes as the app it was copying?

What TechCrunch found was that it took no more than around 10 minutes for them to begin accessing pictures of drivers licenses of user accounts.

 

10 minutes!

With a bunch of the usual suspects of bad security being involved: unprotected file storage (in this case, Amazon), public API documentation, and a lack of secured API calls.

Now, unlike the “Tea App” breach — which resulted in massive archives of personal data published all over the web — it isn’t known if these vulnerabilities actually resulted in significant data archives getting out there in the wild.

But, as the writers at TechCrunch put it, “The bugs were so easy to find that it would be sheer luck if nobody malicious found them before we did.”

There’s a Lesson Here… But it Won’t Be Learned

Sure, this “hack” of the “TeaOnHer” App was easy — as was the hack of the “TeaApp” before it. Both of those systems were comically insecure.

But, the reality is, no complex online system is truly secure.

Have a website or App which stores (and publishes) user data? It can be hacked.

And, if there is sufficient interest in obtaining whatever data is being stored, not only can it be hacked… but it will be hacked.

The HaveIBeenPwned site, alone, has documented close to 15 Billion (with a B) accounts which have not only been breached… but reported and (often) made available in some way.

 

And that 15 Billion is only the breached accounts which we know about.

Anyone who works in IT can tell you that the vast majority of data breaches are never discovered. And the majority of those which are discovered… are never disclosed publicly.

Considering that the current population of the Earth is roughly 8 Billion, it’s safe to assume that every single adult on Earth, with an Internet connection, probably has several breached accounts already.

With the frequency, and size, of such data breaches increasing.

Should these Tea Apps have had better security? You bet your tuchus. From the looks of things neither developer spent any significant time trying to implement even the most basic security precautions.

For Pete’s sake, at least try to slow the hackers down a little.

But the real problem here is not the total lack of security — even “good” security can (and will) be overcome.

No.

The real problem is the type of data being permanently stored, in an Internet accessible way, by these services. If a service is likely to be breached (and any significant service is), a key goal is to limit the amount of data which a hacker can gain access to.

Here are a few good rules of thumb when dealing with data being stored on an Internet accessible server:

• Do not store any more data, at any given moment, than is 100% necessary.

• If previously stored data is no longer needed, delete it. Completely. Not “flagged” for deletion. Actually deleted.

• Whatever data you are storing should be encrypted whenever possible.

• If sensitive personal data absolutely must be stored, for legal and regulatory reasons, consider physical archives stored in a secure location instead of an Internet connected server.

• And, of course, don’t use unprotected (or barely protected) “cloud” file storage like the numbskull developers of these “Tea” apps did. That never ends well.

Simple guidelines which, if followed, could significantly reduce the negative impact of inevitable data breaches.

But, of course, few online services — big or small — will follow such guidelines. They will continue expanding the quantity of data they store on increasingly complex systems.

Which means we’ll see more and more data breaches — containing an ever increasing amount of personal data.

Welcome to the future.

The stupid, stupid future.

This last weekend we had a “50% off Subscriptions” sale — and the response was nothing short of phenomenal. Amazing to see so many people supporting truly independent Tech Journalism!

The future looks bright.

You know what? Just for kicks, let’s extend that 50% off… for the entire month of August.

Take your time. Pick the subscription type (below) that makes the most sense for you (there are many, most excellent options).

Note: The 50% off discounts are available via Locals, Substack, & Itch (MP4 Downloads). Monthly subscriptions are also available on X, Patreon, & YouTube, but those platforms do not have the ability to provide these types of discounts.

If you’re ever unsure of where to grab the latest articles, podcasts, and videos from The Lunduke Journal, check out Lunduke.com.

50% Off Yearly or Monthly Subscription:

Available via both Locals and Substack. (This includes full access to all new videos & the community Forum.)

That means $3 / Month. Or $27 / Year (which works out to $2.25 / Month).

Via Lunduke.Locals.com:

• $3 Monthly Subscription via Locals (Code: AUTOEXEC)

• $27 Yearly Subscription via Locals (Code: CONFIGSYS)

Via Lunduke.Substack.com:

• Monthly or Yearly via Substack (No Code Needed)

Note: You can also grab a Monthly subscription via X, YouTube, or Patreon. There’s no way to offer a discount on those platforms. But those are still good options!

The Famous Lifetime Subscription:

The "World Famous Lunduke Journal Lifetime Subscription" is exactly what it sounds like. Pay once and get full access to The Lunduke Journal. For life.

Now, through the entire month of August… you can snag one at a crazy discount. Normally these are $200… but you can grab one for $100. (You can also pay more if you’d like to donate a little extra.)

The Lifetime Subscription can be obtained via Locals, Substack, or using Bitcoin. All three options work great and are super easy (& all three include full access to both new videos & the community Forum). Scroll down and choose your option.

Note: The Lifetime Subscription only applies to Substack and Locals. Other platforms (such as X, Patreon, & YouTube) do not provide the functionality necessary to create Lifetime Subscriptions.

How to get a Lifetime Subscription via Locals:

1. Go to Lunduke.Locals.com/support.

2. Select "Give Once".

3. Enter "100" (or more) into the amount field.

4. After checking out, Lunduke will toss you an email once your account is set to full lifetime status. (This usually happens within a few hours.)

How to get a Lifetime Subscription via Substack:

1. Go to Lunduke.Substack.com/subscribe.

2. Select the “Lifetime Subscription” option.

3. After checking out, Lunduke will toss you an email once your account is set to full lifetime status. (This usually happens within a few hours.)

If you would also like full, Lifetime access to Lunduke.Locals.com (which is included):

1. Make a free account on Lunduke.Locals.com.

2. Email “bryan at lunduke.com” with the email address you use on both Substack and Locals (can be different email addresses).

3. Lunduke will toss you an email once your account is set to full lifetime status on Locals.

How to get a Lifetime Subscription with Bitcoin:

You can also obtain a Lifetime Subscription via Bitcoin.

• Make sure you have a Lunduke.Locals.com or Lunduke.Substack.com account (a free account, to either, works just fine).

• Send $100 worth of Bitcoin (or more) to the following address:

bc1qyjakve8fywm8pz2v99v57yhjj0vzr2vjze6fcq

• Email "bryan at lunduke.com" with the following information: What time you made the transaction, how much was sent (in Bitcoin), and the email address you use (or plan to use) on Locals.com or Substack.com (or both).

50% Off DRM-Free, MP4 Downloads:

Want to be able to download every show The Lunduke Journal releases (and watch them on whatever device you like)? Yeah. You can do that. For 50% off.

• All 2024 Lunduke Journal Episodes (226 total videos)

• All 2025 Lunduke Journal Episodes (Already over 200 videos, with more added almost daily.)

Note: This DRM-Free download option does not include access to the Forum. This option is strictly for downloading the episodes.

No matter which type of subscription you choose, thank you for your support! Every subscription goes directly towards keeping The Lunduke Journal running well into the future.

-Lunduke