I'm pretty sure the lesson is that at the end of the day, it’s worth being aware of the risks of using git, as security issues intrinsic to git can extend to other tools which use git as a component.
I think we can agree that Git is at least partly responsible for this issue, if not more.
That said, even being aware of that doesn’t necessarily help much in practice. When you’re using Emacs or Vim, you’re not really thinking about Git at all. You’re just opening and editing files. So it’s not obvious to most users why Git would be relevant in that context.
This is why I think editor maintainers should do more to protect their users. Even if the root cause sits elsewhere, users experience the risk at the point where they open files. From their perspective, the editor is the last line of defense, so it makes sense to add safeguards there.
Please read the LLM output critically instead of doubling down on it.
Your defense-in-depth framing makes no sense. If .git/config or similar mechanisms are the attack vector, then adding more editor safeguards would be treating a symptom, as the real problem is git's trust model. The "users don't think about git when using editors" argument also proves too much. Many users also do not think about PATH, shell configs, dynamic linker, or their font renderer either, but you cannot make editors bulletproof against all transitive dependencies...
Seriously, it is actually backwards. Git is where the defense belongs, not every downstream tool that happens to invoke git. Asking editors to sandbox git's behavior is exactly as absurd as it sounds.
And BTW, "technically AV:L but feels like RCE" is your usual blog-post hype. It either is, or is not.
Sure, but you said that was the end of the day analysis, and I didn't think you went far enough in your analysis.
FWIW, I'm not thinking about git at all since I use Mercurial, and never enabled vc hooks in my emacs, which is based on 25.3.50.1, so wasn't affected by this exploit - I tested. I use git and hg only from the command-line.
My end-of-day analysis is to avoid git entirely if you can't trust its security model. ;)
Should the emacs developers also do more to secure emacs against ImageMagick exploits?
I have no doubt that systemd will implement a place to store political party membership, religion, LGBT status, veteran or draft status, or ethnic group membership if a handful of governments start to require that information.
"Spectrum quickly learned that far more had gone wrong than just a units conversion error. A critical flaw was a program management grown too confident and too careless, even to the point of missing opportunities to avoid the disaster.
"As reconstructed by Spectrum, ground controllers ignored a string of indications that something was seriously wrong with the craft's trajectory, over a period of weeks if not months. But managers demanded that worriers and doubters "prove something was wrong," even though classic and fundamental principles of mission safety should have demanded that they themselves, in the presence of significant doubts, properly "prove all is right" with the flight.
Plus, navigators, had concerns about the trajectory,which were dismissed because they "did not follow the rules about filling out [the incident surprise and analysis procedure] form to document their concerns" - from a trajectory team which was understaffed and overworked.
> The solution the world's leading experts have landed on is one your grandparents could have come up with: codewords. You, your family, business partners and anyone else you communicate with about important subjects need to come up with a secret phrase that no-one else knows you can use in an emergency to verify each other's identities. Think of it like a convoluted form of the multi-factor authentication we all use to login online.
> "My wife and I have a codeword that we use if we ever get an unusual call," Farid says. "We haven't needed to use it yet, but sometimes I ask just to test her to make sure we don't forget it."
"""Actually they rejected the PR and just didn’t want to be distracted with endless flame wars over something they’ve already resolved.
To attack open source:
1. Request a controversial and stupid change knowing it will be rejected.
2. Keep talking about it and call people names.
3. When they close your thread cry censorship.
4. When they explain why they closed it cry louder that they just don’t want an open debate.
5. When they explain they already resolved the issue by closing the PR so there is no need for a debate go back to step 1.
Of course you need a couple different accounts to do this, but that’s easy enough."""
Am I going to wade through X/Twitter drama to figure things out? No.
Does that comment imply you are spreading the drama flames? Yes.
Deeper down, "This reddit case is obscure. I searched the forum of Arch for "Age Verification". It does NOT give a feeling of approval from the Arch community. So no conclusions on their stance. bbs.archlinux.org/viewtopic.…" -- linking to a page I can't read.
People seem to be dumping on Arch based on pure hearsay.
I feel dirty after reading comments about "all the hidden cucks getting exposed" and "some linux "hackers" at a local ISP and they were all woke AF ... lectured me on using the word "retard" ... they eat chemicals that turn them into soy jacks"
OP? Get off Twitter/X. It's bad for your mental well-being.
I do not think "fascist" is there right term here. The American Heritage dictionary says "Broadly, a tendency toward or support of a strongly authoritarian or dictatorial control of government or other organizations; -- often used pejoratively in this sense". If anything, wouldn't this be anti-fascist elements?
"the facts are simply that the systemd users database has gained an optional "date of birth" field,"
The choice of what data fields to add is a political decision.
Is there an optional field for gender? For religion? For political party affiliation? For veteran status, along with the service? Clearly these are all fields where desktop environments may use or not as they deem appropriate.
"the alternative is giving families the means to manage it themselves: this is what this field enables."
That justification wrongly assumes parents primarily decide based on the age of their children, and not on other factors. Twin A can easily have different restrictions than twin B even if both are born during the same hour. Film age ratings are a recommendation which parents will override because they know their kids better than the review board.
For that matter, which parents are asking for this information, and why didn't it come up earlier? Are parents asking for systemd to store other information which would help with parental controls? Like, "nudity is okay" but "no intense violence"? What about supporting all the ESRB Content Descriptors so parents can decide which filters to have on games?
Software is politics. The decision of what to support and what not to support is politics.
"Whether desktop environments use it for parental controls, for birthday reminders"
How does "birthday reminder" even make sense? Do I need a reminder for my own birthday? Or are reminders sent to everyone on the system? And, how? I mean, a lot of people already use calendar apps, shared across multiple computers.
If the database included religion then desktop environments could have given an Eid Mubarak message to Muslims last Friday.
Some people celebrate on their saint day, so systemd should add a "patron saint" field, so the desktop environment can use it as a saint's day reminder.
> By the way, the original UNIX users database has allowed storing PII in the GECOS field since it was invented in the '70s.
The original UNIX users database was on work computers storing work-related details. Your employer already knows your PII. In addition, the fields were not required, didn't store birthday, and weren't there due to interpretation of legislative need. Plus, we stopped using it a long time ago because it wasn't useful.
(To be clear, information like "Joe Blow is in office 123B of building 4" is useful. But maintaining it in the GECOS field meant following conventions about how the data was organized, and required either someone with Unix admin rights to change it, or some mechanism where anyone could change it. Companies switched to other mechanisms to store that information, which was more appropriate to the task and separated system admin from people admin.)
Nothing about the essay seemed "woke", I haven't heard that age-gating is a woke thing, and it's not uncommon for anti-woke people to say wokeism is a form of fascism.
"How anyone could believe that “left woke fascism” is actually a thing is staggering. But I have encountered this line of thinking many more times than I am comfortable with lately, primarily among Americans. Sadly, it has become very fashionable in some corners on the internet to bemoan and decry the supposed scourge of leftist “wokeness” and to equate it with the real menace of far-right authoritarianism, violence and brutality. It is a myth that has gained alarming traction."
Without context about the author's political views, I stayed with the surface examination comparing the term "fascism" with a birthday data field added as a response to recent changes to the law.
Do you have more insight to the author's political views?
Pay the developer enough to take over distribution, add a backdoor, deploy as part of the next update.
Alternatively, use threats of physical violence, including from the government, or appeal to the developer's patriotism, greed, nobility, etc., to install that backdoor.
You've listed a whole bunch of commodity bulk goods and consumer goods.
The embargo doesn't affect those, which is why they can happen. The embargo isn't a blockade.
It's a series of laws which make it harder even for non-US companies to trade with Cuba. Consider the Helms–Burton Act.
"any non-U.S. company that deals economically with Cuba can be subjected to legal action and that company's leadership can be barred from entry into the United States. Sanctions may be applied to non-U.S. companies trading with Cuba. This means that internationally operating companies have to choose between Cuba and the U.S., which is a much larger market." - https://en.wikipedia.org/wiki/Helms%E2%80%93Burton_Act
Suppose you are the Dutch company Philips. You make MRI machines. Cuba wants to buy a few from you. You could do that, but then you would not be able to sell thousands of MRI machines to the US. What do you do?
"The embargo has crippled Cuba’s medical sector since the U.S. set up the economic barrier in the early 1960s. Although the export of medical supplies to Cuba is legal, extensive restrictions limit such sales. “As a matter of [U.S.] policy, the sale of state-of-the-art technology in this sector is not authorized,” according to a 2011 United Nations report. ... The embargo has crippled Cuba’s medical sector since the U.S. set up the economic barrier in the early 1960s. Although the export of medical supplies to Cuba is legal, extensive restrictions limit such sales. “As a matter of [U.S.] policy, the sale of state-of-the-art technology in this sector is not authorized,” according to a 2011 United Nations report."
You write 'the profits never go to the poor'. That is, of course, nonsense. Some of the international purchases go to health care or electricity generation, a portion of which does go to the poor. Education funding gets high priority, and the country has effectively 100% literacy. You don't get that by having the poor fund their own education.
The Cuba emergency response system is famous for its hurricane preparations. From https://en.wikipedia.org/wiki/Cuba_emergency_response_system , "Cuba is the largest and most populated island in the Caribbean yet consistently experiences the lowest death tolls during hurricane season.[6][1] According to United Nations, it's not because Cubans are lucky but because they're prepared." Yet somehow you believe poor people weren't part of the 1.5 million people evacuated by the civil defense program during Hurricane Ivan? Compare that to the US civil defense plan to help the poor evacuate from New Orleans should another Katrina threaten, and you'll see how 'the profits never go to the poor' is hyperbole to the point of nonsense.
What you should take from this is you don't understand the topic and your Spidey sense is imaginary.
">> What you should take from this is you don't understand the topic and your Spidey sense is imaginary."
Is it imaginary though?
First, let me congratulate you on having enough electrical power, cool fresh air while posting from your high-end/air-conditioned Cuban compound/hotel while the rest of the population bakes and dies.
While the embargo isn't a total blockade, Cuba trades freely with China, Canada, Spain, EU, even buys US "food/meds" worth "$500M+" yearly in cash.
But that's the point: Helms-Burton deters some deals, yet the regime's communist central planning, GAESA military cartel controlling tourism (55% hotels, $4B+ hoarded while grids collapse), and dual MLC system are why poverty persists.
">> Foreign investment?'"
Profits go straight to regime elites/military, not people, hotels are prioritized over food and power, doctors are exported for hard currency (regime takes 80-90%), leaving hospitals short.
Locals died from blackouts, shortages, malnutrition in 2024-26 crisis (1M+ fled or died, protests crushed).
">> Literacy and hurricane evacuations?"
Real, but irrelevant when daily life starves under totalitarianism that values tourist dollars over citizens.
Sigh, poor Dutch! The bottom line is that the regime's policies outweigh any embargo. Lost USSR billions + mismanagement did this, not Philips MRI sales.
Don't worry annexation, updated extradition laws and fair public trials will resolve all of Cuba's issues by providing a fair legal system that holds its leaders, businesses and citizens equally, retroactively, accountable and punishes abuses in a court of law.
It is clear that the island's hardliners have made the conscious choice to sacrifice the population's wellbeing for foreign tourists and dollars. There needs to be some accountability, some sort of sense of justice in a post-Castro Cuba or the only law that will exist is "The Law of The Jungle," aka "An Eye for An Eye," and nothing will be resolved.
I don't follow - I've never been to Cuba. I assume this is an ad hominem or other irrelevant commentary?
> "Foreign investment"
You must be quoting someone else, as I didn't bring it up.
> Real, but irrelevant
It was relevant evidence of your hyperbolic exaggeration.
> totalitarianism that values tourist dollars over citizens
Now tell me again that why the US doesn't have a similar economic embargo on communist Vietnam? The US bought the biggest share of Vietnam's exports - and Cuba is a lot closer.
Vietnam does not have an extradition treaty with the US. "Vietnamese authorities severely restrict the rights to freedom of expression, association, peaceful assembly, movement, and religion, and prohibit human rights organizations and independent labor unions, media, and political parties. Under the Communist Party-controlled judiciary, the courts routinely deny defendants their due process rights. Public Security agents patrol the internet and arrest critics they deem threatening to the Party’s monopoly on power." - https://www.hrw.org/world-report/2026/country-chapters/vietn...
> Sigh, poor Dutch!
Sigh. You think that my illustrative example of how your listing of commodity and consumer goods missed the point of the embargo was instead meant as the totality of the issue.
Okay, yes, it's horrible on Cuba. Now, how do you demonstrate that the primary issue for Cuba's situation is communism, and not a 60 year US embargo?
Yes, life is horrible in Cuba and will continue to be so unless market reforms are initiated by the current regime, which will never happen. There's been too much repression by the hardliners, including killings, imprisonment, torture, separation of family, expropriation (without compensation) of homes, land and personal property.
No, the US embargo isn't the main cause—it's a contributing factor, but Cuba's ongoing economic mess, 2024–2025 protests (blackouts, food shortages), and repression come mostly from inside: decades of rigid central planning, slow/limited reforms, mismanagement (e.g., failed 2021 monetary overhaul causing hyperinflation), lost Venezuelan oil subsidies, COVID tourism collapse, and state inertia. Academic views (e.g., Ricardo Torres Pérez, Columbia/others) and reports agree internal structural flaws are primary, with sanctions aggravating but secondary.
Vietnam got normalized relations and embargo lifted in 1995 because it embraced deep market reforms (Doi Moi 1986, private sector now dominant), integrated globally, and became a strategic US partner against China. Cuba kept tight state control, resisted big liberalization, stayed aligned with US foes (Russia, Iran), and poses ongoing hemisphere issues—keeping the policy in place.
Unless deep market reforms are embraced and open and fair elections with a fair judicial system are implemented annexation remains the only viable option.
You have access to a PC and the Internet in your air-conditioned compound, don't you?
Try doing your own research.
Maybe you'll learn something.
The Wall Crawler
FYI:
Possible reason for the lack of meaningful change on the island.
> You have access to a PC and the Internet in your air-conditioned compound, don't you?
Your personal insinuations are noted. Shall we also discuss near-slavery working conditions of the Filipino staff for your Dubai lifestyle? Or should we discuss the actual topic?
> Vietnam .. embraced deep market reforms
I see you agree that with me that the claim "communism entered and destroyed that island" is an overly reductive statement.
> annexation remains the only viable option.
I reject imperialism. You are a bad person. Go back to the 1800s and play the Great Game.
I remind you that the US had none of these qualms when the dictator Batista was in charge of Cuba. I remind you that the terrorist activities against Cuba carried out by agents armed, organized and funded by the CIA were not the result of a fair judicial system. I remind you that the US has already occupied Cuba ... twice.
No, it's fake tears to justify the actions of a bully government which has no problems with the ongoing genocide in Gaza, a pointless war in Iran -- all the continuation of a centuries long national habit of using its military power primarily for its own economic interests, and not the spread of its vaunted "human rights".
reply