It’s been another wild week in the world of computing — and, of course, a number of news stories got ignored (almost completely) by those Brand X Tech Journalists.

Never fear. Lunduke’s got you covered. Below are the top stories which the other Tech News outlets are trying to ignore — impacting Open Source and Tech in general — for last week.

Note: All articles and podcasts are free for all (subscribers and non-subscribers alike).

 

Note 2: Links to the stories below are all to Substack. You can also find links to all other platforms, which The Lunduke Journal publishes to, at Lunduke.com.

 

Note 3: Most videos are subscriber exclusives. Subscribers on Locals, Substack, X, YouTube, or Patreon can watch all of the videos. Ad free. If you don’t have a subscription yet, you can snag one for 50% off through the end of August.

Linux Kernel Chaos

The world of Linux Kernel development had a crazy week.

No. The word “crazy” doesn’t quite do justice to the absolute chaos and insanity taking place around the Kernel.

We kicked off the week by learning that layoffs from Intel had caused a number of significant Linux Kernel Modules to become “orphans” (meaning, nobody was left to maintain them) — only to realize that the number of such “orphan” Kernel Modules has actually doubled in the last two years (article, podcast & video). Doubled!

Then, Linus Torvalds laid into a Google engineer for writing “garbage” code that “makes the world actively a worse place to live” (podcast & video). Which was just… entertaining.

And then, we learned that the BcacheFS file system might be removed from the Linux Kernel entirely. Why? Because Linus Torvalds doesn’t like the developer (podcast & video). Apparently the developer is too blunt and rude. For Linus Torvalds. Seriously.

But, never fear! The Linux Foundation is swooping in to fix everything! By… banning the word “hung” (article, podcast & video). That’s a real thing. It’s so utterly stupid you just have to laugh.

That’s all just this week.

Absolute insanity.

Non-Woke Software List

The quantity (and quality) of Non-Woke software continues to grow — The August edition of “Lunduke’s Non-Woke Software List” (article, podcast, and video) saw a few noteworthy additions.

One big takeaway (at least for me) is that we now have multiple Operating System options… accompanied by display servers, desktop environments, development tools, and web browsers. All decidedly Non-Woke.

In other words: It is now possible to piece together the majority of a computing environment in a way that is both Open Source and Non-Woke. And, importantly, of an exceptionally high quality.

Other Stories This Week

Here’s some other stories worth diving into. Some are pretty doggone wild.

• Podcast & Video: Android 16 Gets GPU Accelerated Linux Software

• Article: Tea App Clone Exposes Driver’s Licenses

• Article: NixOS Now Celebrates Pride Month… Year Round

• Podcast & Video: NixOS Now Celebrates Pride Month… Year Round

• Article: Funny Programming Pictures Part LXVIII

As always, thank you to all of the subscribers to The Lunduke Journal. Thank to you, we can remain 100% ad-free and Big Tech free. Couldn’t do it without you.

-Lunduke

Last month, we saw the massive data breach of the “Tea App” — a smartphone app for women to talk about men they don’t like — resulting in over 60 GB of personally identifiable data leaked out to the public. Stuff like selfies and pictures of drivers licenses.

Well, it didn’t take long for a “TeaOnHer” App to appear — with the same basic functionality, except this time for men to talk about women they don’t like.

 

And, of course, the developer of “TeaOnHer” made the same basic mistake that the “Tea App” made: They permanently stored a ton of personal information. Including, once again, divers licenses.

You can already see where this is going.

Driver’s Licenses Everywhere

Almost as soon as the “TeaOnHer” app went live, writers for TechCrunch went looking to see if they could easily access any of that data. Because wouldn’t that be crazy if a copy-cat app made the exact same kind of security mistakes as the app it was copying?

What TechCrunch found was that it took no more than around 10 minutes for them to begin accessing pictures of drivers licenses of user accounts.

 

10 minutes!

With a bunch of the usual suspects of bad security being involved: unprotected file storage (in this case, Amazon), public API documentation, and a lack of secured API calls.

Now, unlike the “Tea App” breach — which resulted in massive archives of personal data published all over the web — it isn’t known if these vulnerabilities actually resulted in significant data archives getting out there in the wild.

But, as the writers at TechCrunch put it, “The bugs were so easy to find that it would be sheer luck if nobody malicious found them before we did.”

There’s a Lesson Here… But it Won’t Be Learned

Sure, this “hack” of the “TeaOnHer” App was easy — as was the hack of the “TeaApp” before it. Both of those systems were comically insecure.

But, the reality is, no complex online system is truly secure.

Have a website or App which stores (and publishes) user data? It can be hacked.

And, if there is sufficient interest in obtaining whatever data is being stored, not only can it be hacked… but it will be hacked.

The HaveIBeenPwned site, alone, has documented close to 15 Billion (with a B) accounts which have not only been breached… but reported and (often) made available in some way.

 

And that 15 Billion is only the breached accounts which we know about.

Anyone who works in IT can tell you that the vast majority of data breaches are never discovered. And the majority of those which are discovered… are never disclosed publicly.

Considering that the current population of the Earth is roughly 8 Billion, it’s safe to assume that every single adult on Earth, with an Internet connection, probably has several breached accounts already.

With the frequency, and size, of such data breaches increasing.

Should these Tea Apps have had better security? You bet your tuchus. From the looks of things neither developer spent any significant time trying to implement even the most basic security precautions.

For Pete’s sake, at least try to slow the hackers down a little.

But the real problem here is not the total lack of security — even “good” security can (and will) be overcome.

No.

The real problem is the type of data being permanently stored, in an Internet accessible way, by these services. If a service is likely to be breached (and any significant service is), a key goal is to limit the amount of data which a hacker can gain access to.

Here are a few good rules of thumb when dealing with data being stored on an Internet accessible server:

• Do not store any more data, at any given moment, than is 100% necessary.

• If previously stored data is no longer needed, delete it. Completely. Not “flagged” for deletion. Actually deleted.

• Whatever data you are storing should be encrypted whenever possible.

• If sensitive personal data absolutely must be stored, for legal and regulatory reasons, consider physical archives stored in a secure location instead of an Internet connected server.

• And, of course, don’t use unprotected (or barely protected) “cloud” file storage like the numbskull developers of these “Tea” apps did. That never ends well.

Simple guidelines which, if followed, could significantly reduce the negative impact of inevitable data breaches.

But, of course, few online services — big or small — will follow such guidelines. They will continue expanding the quantity of data they store on increasingly complex systems.

Which means we’ll see more and more data breaches — containing an ever increasing amount of personal data.

Welcome to the future.

The stupid, stupid future.

The Linux Foundation has announced the release of a new “Inclusive Language Guide” — which adds a handful of new words you are not allowed to say.

And it’s even more ridiculous than you might expect.

 

This new “Inclusive Language Guide” is designed to “drive a more diverse, equitable, and inclusive culture” (read: DEI) and to replace “offensive language” with “acceptable language”.

Past iterations of the “Inclusive Language Guide” included “Socially Charged” words such as “Master / Slave”, “Black / White”, and even “Owner”.

This new revision officially adds “Pow-wow” to that list of death-causing words.

 

Of course, any “gendered language” remains firmly off limits. “Manpower”? Can’t say that. And definitely don’t use “gendered” pronouns like “he” or “she”.

Doing so is literally genocide.

 

Which brings us to my favorite new additions (to the “Ableist” and “Violent” language sections of the list).

• Sanity Check

• Dummy

• Hung

That’s right. You can’t use the word “hung” anymore.

 

I deleted 3 different titles for this story containing the word “hung”. They were all very entertaining and very inappropriate. I would like credit for the restraint I am showing right now.

As crazy, insane, and abnormal (see what I did there?) as this list of “bad” words is… what’s even stranger is the group behind it.

This is a joint project between The Linux Foundation and — wait for it — the Academy of Motion Picture Arts & Sciences. Yes. The one that produces the Oscars.

 

The two organizations teamed up to create the Academy Software Foundation.

Which, apparently, ran out of worthwhile things to work on… and, instead, chose to add “hung” to a “don’t use this word in the software industry” list.

That organization also worked with the Alliance for OpenUSD — another Linux Foundation Project — to publish this list.

 

Who, exactly, is responsible for making all of this happen at the Alliance for OpenUSD?

Pixar, Nvidia, Adobe, Autodesk, and Apple.

 

And the leadership over at the Academy Software Foundation includes companies like Netflix, Sony, Adobe, Intel, Microsoft, and Epic Games.

 

Right about now you may be wondering why Epic Games and Amazon is so worried about you using the word “hung”.

I don’t have an answer for you.

It’s weird.

Thanks to all of the subscribers to The Lunduke Journal for making this work possible — without taking a single dime from Big Tech (or running a single ad). Check Lunduke.com for all the ways you can get the articles, podcasts, and videos.