The malicious code is only thought to have affected deb/rpm packaging (i.e the backdoor only included itself with those packaging methods). Additionally, arch doesn’t link ssh against liblzma which means this specific vulnerability wasn’t applicable to arch. Arch may have still been vulnerable in other ways, but this specific vulnerability targeted deb/rpm distros

I hope you’re right and this isn’t about them getting ready to DRM brush handles to brush heads. Sonicare brush heads are ridiculously overpriced compared to the knock offs

This is called the “Door in the face method” of bargaining. Start with a request so high and absurd that you “slam the door in their face” because it’s so absurd.

The next time they try, they’ll come back with an offer that sounds far more reasonable than the original request. Since you’re still primed with the previous context, your brain makes it sound less bad than it probably is ("At least it’s not the first offer!). You’re more likely to accept after this.

The opposite technique is called “foot in the door”, start with a small request (get your foot in the door) and then increase the ask after the small request goes over.

You need a budget, but it’s not free.

But with Intuit, you are the product, so it’s only free in the sense that they get your info and you get mint in return.

I don’t really use it for this, but here are some things I do use it for:

• metrics scraping on servers without needing to open ports or worry about ssl encryption. Works great for federating Prometheus instances or scraping exporters
• secure access to machines not directly exposed to the internet. I.e. ssh access to my home box while I’m traveling
• being an exit node for web traffic while traveling. I.e. maybe you are traveling and have a bank who is giving you grief about logging in – masquerade that connection from your home IP

I mostly just use it for metrics scraping though

Some of these “businesses” are in fact chia farming and whatnot, though. I know the marketing language is always what gets people ruffled up in datahoarder, but this isn’t exactly something I would consider as a legitimate business use and a single plot uses 100GB of space which can’t even begin to be deduplicated. If your entire business resolves around making money as a result of storing unreasonably large amounts of data then the cloud ain’t it and realistic data costs need to be factored into your data models. I’m actually a bit surprised that Dropbox responded so quickly to the influx of gdrive abusers.

For the average user, it would be substantially more cost effective and sustainable for you to invest in hard drives rather than paying Dropbox $100/mo to rent storage. Cloud providers will decide at any time to change the term of your agreement. The hard drive is yours until it dies.

Updated amd64-microcode for EPYC processors appears available for several distributions which has mitigations available. I went ahead and proactively grabbed the microcode update from Debian unstable (not the best practice) and applied it without issue to my Bullseye/EPYC.

This isn’t exactly condoned as it’s not officially a backport, but I’ll take my chances as this is pretty critical.

Date of the updated microcode should be July 19th.