Sunday, April 05
Daily News Stuff 5 April 2026
Bug Buggy Bugger Edition
Disclaimer: The red light just means your computer is on fire.
Bug Buggy Bugger Edition
Top Story
- North Korea used a supply-chain attack to gain access to widely-used open-source web client package Axios. (Axios)
- And here's a version you can actually read. (CNN)
The name is just a coincidence.
- And here's a version you can read which actually explains what happened. (Bleeping Computer)
The state of the technical media today is a microcosm of the state of the mainstream media, which is to say, it would be a good name for a rock band.
But this story highlights a huge problem: Common "wisdom" involves constantly downloading fresh copies of all the dependencies of your software, building it unattended, and deploying it to production likewise.
Sticking with known-good versions? Old hat. Manual review? Out the window.
So as soon as one key component is compromised this way, the infection spreads like wildfire.
Everyone with any experience knew this was a bad idea, but we were ignored.
Tech News
- Microsoft has pulled a faulty Windows 11 update that was breaking installs. (Tech Republic)
I think this is the same one I reported on the other day. Might be a new one. Who knows?
- Microsoft is moving Windows 11 24H2 into hospice care and forcing all users to update to 25H2. (Tom's Hardware)
Did you ask for that? No.
Does Microsoft care what you want? Also no.
- Can you install Windows 3.1 from 1992 natively on a Ryzen 9900X system from 2024 and forget about all the complexity of modern systems? (Tom's Hardware)
Shockingly, yes. It does depend on a couple of open-source drivers to run smoothly on modern motherboards and video and sound cards, but it loads and runs even without that in 286 compatibility mode.
Bring your own floppy drive.
- There is no cloud, there's just someone else's computer, which just got hit by an Iranian missile. (Tom's Hardware)
If you were running in Amazon's datacenters in Bahrain or Dubai, you no longer are.
Likely the power systems were affected rather than the servers themselves - and storage in Amazon's cloud is duplicated and physically distributed so not subject to easy destruction - but Amazon did not provide much detail or a timeframe for restoration of services.
- There is no cloud, there's just someone else's computer, which just got sold to an AI company. (PC World)
Oh, were you using that? Too bad.
- Linux 7.0, due to arrive in distributions like Ubuntu 26.04 this month, can cut your database performance in half. (Phoronix)
Specifically if you're running PostgreSQL on Amazon's Arm CPUs, but if it happens there it could happen anywhere.
- How many products does Microsoft have named Copilot? (Tey Bannerman)
75.
But they all have one thing in common: They're all named Copilot.
- AI can make anyone a 10x programmer. (The Register)
It just requires 10x the effort.
- Intel's upcoming 42-core Nova Lake S processors will have 44 cores. (WCCFTech)
Basically, there are four models we know of. They all have 4 low-power cores that live on the I/O die, plus one or two CPU dies each with 8 performance cores and 12 or 16 efficiency cores, for a total between 24 and 52 cores, and up to 320MB of cache.
That's the good news.
The bad news? From information that has leaked so far, these will have a peak power consumption of 350W... For the models with one CPU die. For the high end models, 700W.
Musical Interlude
Disclaimer: The red light just means your computer is on fire.
Posted by: Pixy Misa at
05:25 PM
| Comments (3)
| Add Comment
| Trackbacks (Suck)
Post contains 585 words, total size 6 kb.
1
related general background on Linux.
One of the options that differentiates distributions of Linux is the package manager. Which is an answer to dependency hell, and to manually changing the files around.
This is a maybe a good enough solution for the retail desktop user, but is definitely not quite thorough enough for the production and enterprise case Pixy has just referenced.
Debian has one way of managing packages from repositories managed by the distribution. Their software is call apt, apt-get (command line front end for apt), or synaptic (one of many GUI front ends for apt)..
Most distributions have repositories. Which are a file server with compiled binaries, configuration tools, and supporting files for software packages. These are compiled and maybe tested by the people running the repository.
Debian basically tends to have older software. Robin Munn was here telling me about something called LazyVim, which runs on neovim 11.2 or later. Devuan excalibur/6 is based on Debian trixie/13, and Devuan 6 ships neovim 10. Devuan Ceres, which comes from the Debian unstable/sid repository, has neovim 11.6.
Anyway, the normal production safety of linux distributions may leave some room for questions. More conservative/slower distributions might be better, but they still could have problems with stuff like python packages being hacked through maintainer accounts, and the malware not being detected by the automatic testing that the package may have provided.
But if you are doing anything with python on Windows, same potential vulnerability.
The stupid technical management and 'consensus' is coming from inside the building.
One of the options that differentiates distributions of Linux is the package manager. Which is an answer to dependency hell, and to manually changing the files around.
This is a maybe a good enough solution for the retail desktop user, but is definitely not quite thorough enough for the production and enterprise case Pixy has just referenced.
Debian has one way of managing packages from repositories managed by the distribution. Their software is call apt, apt-get (command line front end for apt), or synaptic (one of many GUI front ends for apt)..
Most distributions have repositories. Which are a file server with compiled binaries, configuration tools, and supporting files for software packages. These are compiled and maybe tested by the people running the repository.
Debian basically tends to have older software. Robin Munn was here telling me about something called LazyVim, which runs on neovim 11.2 or later. Devuan excalibur/6 is based on Debian trixie/13, and Devuan 6 ships neovim 10. Devuan Ceres, which comes from the Debian unstable/sid repository, has neovim 11.6.
Anyway, the normal production safety of linux distributions may leave some room for questions. More conservative/slower distributions might be better, but they still could have problems with stuff like python packages being hacked through maintainer accounts, and the malware not being detected by the automatic testing that the package may have provided.
But if you are doing anything with python on Windows, same potential vulnerability.
The stupid technical management and 'consensus' is coming from inside the building.
Posted by: PatBuckman at Monday, April 06 2026 12:23 AM (s6adZ)
2
Devuan's testing/Freia also has neovim 11.6, and I am probably an idiot who simply did not think of the obvious unless I have an excuse to write for someone, or for anyone. (Testing on Debian is likely to have less extreme bugs than unstable. 'just use freia instead' answers a problem that I have.)
Posted by: PatBuckman at Monday, April 06 2026 12:31 AM (s6adZ)
3
Once upon a time, we had a tightly-controlled toolchain, with all developers building from it, and new software added only after review by Build Team. Then a dev team got the Agile religion, and started "moving fast and breaking things", pulling in tip-of-tree for every Shiny New Thing, to the point that they couldn't even deploy on our Production servers, because CentOS was "just too far behind".
Their proposed solution was Docker, allowing them to automatically pull in untested crap from around the world, hide it in a container, and go straight from Bob's Desktop to Production with no delay.
This was also when they demanded we abandon centralized source control and release management...
-j
Their proposed solution was Docker, allowing them to automatically pull in untested crap from around the world, hide it in a container, and go straight from Bob's Desktop to Production with no delay.
This was also when they demanded we abandon centralized source control and release management...
-j
Posted by: J Greely at Monday, April 06 2026 01:56 AM (oJgNG)
57kb generated in CPU 0.0219, elapsed 0.1346 seconds.
58 queries taking 0.1224 seconds, 366 records returned.
Powered by Minx 1.1.6c-pink.
58 queries taking 0.1224 seconds, 366 records returned.
Powered by Minx 1.1.6c-pink.
