Then you can still look elsewhere in the nonprofit sector. It doesn’t have to be a law firm.

If you can’t feasibly vet the code yourself (I think it is feasible for things like scripts and other small projects) and the star count is low/it’s not already well known and trusted, probably try running in a VM first and look out for signs of it doing things it shouldn’t, e.g. if it’s sending HTTP requests to the internet despite it being a program that should be completely offline. Using things like AppArmor and SELinux to prevent programs from doing things they shouldn’t need to do is also good practice.

Also, the tool itself may be low star count, but is the developer known at all? Someone with any kind of a reputation wouldn’t risk putting malware on their profile.

I suppose you could also look at the list of dependencies of the program. Is it using any libraries that don’t make sense? e.g. with the above, is there some kind of HTTP request library being used for a program that shouldn’t need to access the internet at all?

I think generally the risk is quite low as the author would be hiding their malware in plain sight if the source code is available. They’d have to bet on literally nobody checking. Which is fine for very obscure projects, but if you want your malware to spread, you want a good number of people to use it, at which point someone would presumably look at the code and notice it’s malware.

You could look for another job in the nonprofit sector. Your past experience will help you. You’ve not said what your specialisation is or what exactly you do—if you’re a lawyer and want to keep lawyer-ing, I suppose you could look for another nonprofit law firm, or something like a human rights law firm.

I use SpamAssassin. It’s fine, but definitely needs training. I might look into migrating to rspamd as it seems better, but I don’t have time atm.

For sure. I’m not financially responsible for anyone else, and it’s hard to understand how capitalists expect people to feed their kids with the kind of money they hand out with minimum wage or benefits.

I probably spend under 50 USD a month on food—not by choice, because I can’t afford to buy more. I’m not hungry but I do yearn for being able to eat with more variety and to eat more expensive foods as a treat from time to time. So yeah, I think this is just out of touch, although I’ve never been in the US and I understand the food is both more expensive there plus people have more money there, so maybe it’s less unreasonable in the US.

Commands are normally not considered “code” on their own. Someone who just runs commands on their computer to get a few operations done will normally not learn any programming constructs or concepts. If you’re doing shell scripting that usually crosses the line into code as you’d be using if statements, for loops, etc, which you normally don’t use if you’re just moving files around or whatever in the shell.

For the outside, I just use an antibac wipe. For the ports and grills, I bought a set of anti-static tweezers for this purpose.

GNU does NOT look like the others…

The key was published in the files. It’s not suspicious to use the key given that it’s public info; it’s not illegal to read the released files.

I think the point of the reddit screenshot is to show what Windows users are putting up with, not to share the meme itself.

This is just an archive. No different from using the wayback machine or any other archive of web content.

You shouldn’t be working for the US government in the first place.

10 years old is 2016. That’s not that old. I still have multiple devices from 2017 going strong, and they don’t feel old.

That’s why you don’t keep clothes if you wore them while committing a crime. Burn them.

So it mirrors repos before they go down? I think I get it if that’s the case; I thought it was just a host for “lost” software/source code in which case if you have a copy you can upload it to any software forge (if permitted by the licence). But if it’s meant to contain all software that currently exists, even if it shows no sign of disappearing, that makes more sense.

My point is that you don’t need a separate website for this; you can use existing software forge software and websites.

Putting an org’s logo on a protest callout is not “working together”. Normally it’s just “hey is [org] ok to have their name on this” “yeah go ahead”, and I imagine that’s the case here.

In any case, the US left is pathetic. It’s not the left that needs to unite, but the working class. Remember that the majority of people who fought for the Red Army during the revolution were not communists; the revolutionary subject is the entire proletariat, not communists.

I don’t think it does address the question. In order to archive source code, you need to have the source code in the first place, ie you can’t archive truly lost source code. If you have the source code, you can upload it to any software forge.

That’s cool but is it necessary? If the licence permits redistribution then anyone can just upload to an existing software forge like Codeberg etc