Thought this was a good read exploring some how the “how and why” including several apparent sock puppet accounts that convinced the original dev (Lasse Collin) to hand over the baton.

    • forgotmylastusername@lemmy.ml
      link
      fedilink
      arrow-up
      8
      ·
      edit-2
      8 months ago

      The world needed the open internet to bootstrap the digital revolution. It wasn’t possible without the sum of humanity working altruistically to build the Library of Alexandria of software. No private entity could have possibly done it. It truly is an under appreciated marvel of the late-20th/early-21st century. FOSS contains the knowledge of software that runs the world. Now that such a thing exists I could totally see organizations (loosely speaking) wanting to conquer or ransack it. It’s quite clear by now there’s faction of tech with a tyrannical bent. I’d put them whoever they might be exactly as possible culprits.

      • Murdoc
        link
        fedilink
        arrow-up
        3
        ·
        8 months ago

        Funny coincidence for me, but I just learned this listening to a podcast called Behind the Bastards: The Ballad of Bill Gates. It talked about how one of the reasons MS became so big was because so many people shared MS BASIC back in the day, but then Gates worked so hard against piracy afterwards despite that fact. So basically just one aspect of what you are talking about.

    • Supermariofan67@programming.dev
      link
      fedilink
      arrow-up
      7
      ·
      edit-2
      8 months ago

      The first 3 seem incredibly far-fetched.

      • What exactly does Facebook gain from more people using zstd, other than more contributions and improvement to zstd and the ecosystem (i.e. the reason corporations are willing to open source stuff).
      • Why do you consider zlma to be loved among pirates and hackers and zstd not to be, when zstd is incredibly popular and well-loved in the FOSS community and compresses about as well as lzma?
      • Every person in the world uses both lzma and zstd extensively, even if indirectly without them realizing it.

      I think it’s likey that, of all the mainstream compression formats, lzma was the least audited (after all, it was being maintained by one overworked person). Zstd has lots of eyes on it from Google and Facebook, all of the most talented experts in the world on data compression contributing to it, and lots of contributors. Zlib has lots of forks and overall probably more attention than lzma. Bz2 is rarely used anymore. So that leaves lzma

        • Supermariofan67@programming.dev
          link
          fedilink
          arrow-up
          4
          ·
          8 months ago

          Facebook may be evil but I don’t think they’re anywhere near “inject malware into global supply chains to push adoption of a public engineering side project that they don’t directly profit from and most executives don’t care about” level of evil. Is it possible? Sure anything is possible, but that is wildly beyond many many more plausible explanations and there’s zero evidence leading us down this path. And why would they go through the trouble of backdooring zstd, which has a highly observed codebase, when they just successfully backdoored lzma because it didn’t have a lot of maintainers?

          While it’s true that zstd is commonly favored for having “good” compression at blazingly fast speeds, which is useful on the web and on servers, Zstd 's max compression setting (zstd --long -19) is actually within about 5% of LZMA’s but faster, so it replaces most use cases of LZMA except when that extra 5% (and that’s not even constant; some inputs are even better on zstd) really does matter at all speed cost

    • Murdoc
      link
      fedilink
      arrow-up
      3
      ·
      8 months ago
      • Someone thought it would be a good idea to troll open source community and make it look worse than closed source, so that closed source security can be popularised (“security” trolls in FOSS community I harp about love such ideas, beware of any Graphene/Chrome/Apple and Big Tech lovers just as example)
      • Tying into the idea of making FOSS ecosystem look bad, it might be a concerted effort by closed source company/companies to propel themselves above, as FOSS development is shitting on closed source corporate model
      • A different approach, it could be the first step in a series of steps to dismantle FOSS ecosystem, considering how much trust and transparency it has that attracts everyone enlightened enough

      This is why it surprised me to learn that this was noticed/announced by an MS employee.