133arc585

It’s not just Java. It supports a few other languages as well. I am pretty sure it supports Rust, HTML, JavaScript and maybe a couple others. It doesn’t support Python, Go, PHP, C/C++, or Ruby (as they have separate products for those).

The plural of Linux is Linus.

Have you been keeping up with the story? Few people are saying there is absolutely zero value in telemetry as a concept. Most people have an issue with it being on by default. For a FOSS community, especially one who tries to act as if privacy matters, the very nature of the concept “telemetry that’s on by default” is the problem. I wouldn’t personally use the phrase corporate shilling because I think it’s not the most precise descriptor of the situation, but it’s not entirely innacurate either. I think all of their talk about “it’s anonymized” or “it’s not excessive” or what have you is just distraction: the real issue is that it’s on by default.

I consider their past behavior to be counter to their stated goal of privacy, and counter to the notion that they deserve to be trusted.

They have sent out direct mailers that basically equated to a customer list leak; also I’d take a peek at the wikipedia entry about their business model, which mentions some stuff that isn’t the most savory:

… Brave earns revenue from ads by taking a 15% cut of publisher ads and a 30% cut of user ads. User ads are notification-style pop-ups, while publisher ads are viewed on or in association with publisher content.

On 6 June 2020, a Twitter user pointed out that Brave inserts affiliate referral codes when users navigate to Binance

In regards to the mailers, they messed up and passed blame,

In this process, our EDDM vendor made a significant mistake by not excluding names, but instead including names before addresses, resulting in the distribution of personalized mailers.

With regards to the CEO, he made a donation to an anti-LGBT cause when he was CEO of Mozilla in 2008. He lost his job at Mozilla due to his anti-LGBT stance. He also spreads COVID misinformation.

As others have pointed out, it’s also Chromium based, and so it is just helping Google destroy the web more than they already have.

Did the telemetry vote already happen and succeed? Last I saw there was only an informal “feeling out” vote, but I haven’t been following closely since then.

It’s probably an issue of English not being the first language, or of translation. It’s obviously a link to Documentation, which is a pretty safe assumption when you see a nav item named Document. You could have confirmed this yourself by simply following the link.

Why do you say that? The website is a little ugly in parts (the colored text bulleted list near the bottom) but it doesn’t look “sketch” at all.

And if you can get past some poorly designed home page for a project, they publish the source with supposedly 101 contributors.

For the “schedule expression” (the * * * * * part), try https://crontab.guru/. Some distributions have shortcut expressions like @hourly or @daily so you don’t have to type * */1 * * * etc.

The crontab generally has a header that shows the columns, but if not, they’re: m h dom mon dow command.

From * * * * * /usr/bin/sct 2750 I’m guessing you want to run every minute. If that’s the case, as another commented pointed out, try */1 * * * * /usr/bin/sct 2750, meaning every 1 minute.

the config files show 99% were extracted from Debian Linux

Can you provide a source for that?

My statement above was not meant to come across as xenophobic, but wary considering, historically, how involved China’s government is with local tech companies and entities that would contribute to a project like this.

This right here is where the problem is though. Simply being associated with the Chinese governement is not sufficient to assume malfeasance. Just as any of the large USA tech giants that take various forms of government funding aren’t automatically assumed to be malicious simply by being associated with a “malicious” government. Hell, the Linux Foundation (Linus’ employer) is almost entirely funded by really creepy USA-based tech companies that themselves receive government money for various projects or products. I don’t assume baselessly that Linus would make the distribution insecure simply because he’s funded by people who might want that.

Obviously, more data needs to be evaluated, but I think it’s fair to be cautious.

It is only fair to be exactly as cautious as you would be to run any other random Linux distribution: say, some random person’s fork of Debian. Again, unless you have actual reason to treat it differently, doing so baselessly is rather lame and doesn’t serve anyone. Of course it’s fair to be catious of something as critical as an operating system; but viewing it through a biased lens doesn’t make you more secure.

SIGs (special interest groups)

I’m not sure the precise definition for what counts as an SIG here, but it could mean something analagous to the Linux Foundation. It isn’t necessarily suspicious. I think, from context, it’s used in contrast to “enterprises”; that is, I take it to include any volunteer or not-for-profit contributions.

Of course there’s not. It’s a reflex: China → malicious. It doesn’t require evidence and, since it’s not normally questioned in daily discourse, the person saying it seemingly never questions whether it makes any sense to make such a baseless claim.

Xenophobic fearmongering serves nobody.

Should we also avoid the Linux kernel, since it’s Finnish, and Finland participates in the largest global surveillance apparatus with the USA? There’s absolutely no reason to assume the distribution is any less secure or any more likely to be malicious simply due to it being developed in China or by Chinese.

Moreover, it’s open-source. Use the same logic you should apply to open-source software before you accuse it of being malicious: look at the code and prove it.

Nobody in their right mind is hating on the USA for not being world police. It’s just White Man’s Burden in disguise. Oh dear me you’re so burdened by having to civilize the rest of the world, boohoo. Nobody asked them to, people even push back against it, and yet they do it anyway and then have the gall to complain about how much doing so is inconvenient. Then, two minutes later, the USA will complain about “sovereignty” and pretend they aren’t encroaching on sovereignty every time they pretend to be world police.

Fedora with KDE Plasma