Chinese Hackers Hijack Web Traffic to Spy on Foreign Diplomats
cross-posted from: programming.dev/post/36349920
In March 2025, Google Threat Intelligence Group (GTIG) identified a complex, multifaceted campaign attributed to the PRC-nexus threat actor UNC6384. The campaign targeted diplomats in Southeast Asia and other entities globally. GTIG assesses this was likely in support of cyber espionage operations aligned with the strategic interests of the People's Republic of China (PRC).The campaign hijacks target web traffic, using a captive portal redirect, to deliver a digitally signed downloader that GTIG tracks as STATICPLUGIN. This ultimately led to the in-memory deployment of the backdoor SOGU.SEC (also known as PlugX). This multi-stage attack chain leverages advanced social engineering including valid code signing certificates, an adversary-in-the-middle (AitM) attack, and indirect execution techniques to evade detection.
This blog post presents our findings and analysis of this espionage campaign, as well as the evolution of the threat actor’s operational capabilities. We examine how the malware is delivered, how the threat actor utilized social engineering and evasion techniques, and technical aspects of the multi-stage malware payloads.
In this campaign, the malware payloads were disguised as either software or plugin updates and delivered through UNC6384 infrastructure using AitM and social engineering tactics. A high level overview of the attack chain:
1. The target’s web browser tests if the internet connection is behind a captive portal;
2. An AitM redirects the browser to a threat actor controlled website;
3. The first stage malware, STATICPLUGIN, is downloaded;
4. STATICPLUGIN then retrieves an MSI package from the same website;
5. Finally, CANONSTAGER is DLL side-loaded and deploys the SOGU.SEC backdoor.
~Figure 1: Attack chain diagram~
Chinese Hackers Hijack Web Traffic to Spy on Foreign Diplomats
In March 2025, Google Threat Intelligence Group (GTIG) identified a complex, multifaceted campaign attributed to the PRC-nexus threat actor UNC6384. The campaign targeted diplomats in Southeast Asia and other entities globally. GTIG assesses this was likely in support of cyber espionage operations aligned with the strategic interests of the People's Republic of China (PRC).The campaign hijacks target web traffic, using a captive portal redirect, to deliver a digitally signed downloader that GTIG tracks as STATICPLUGIN. This ultimately led to the in-memory deployment of the backdoor SOGU.SEC (also known as PlugX). This multi-stage attack chain leverages advanced social engineering including valid code signing certificates, an adversary-in-the-middle (AitM) attack, and indirect execution techniques to evade detection.
This blog post presents our findings and analysis of this espionage campaign, as well as the evolution of the threat actor’s operational capabilities. We examine how the malware is delivered, how the threat actor utilized social engineering and evasion techniques, and technical aspects of the multi-stage malware payloads.
In this campaign, the malware payloads were disguised as either software or plugin updates and delivered through UNC6384 infrastructure using AitM and social engineering tactics. A high level overview of the attack chain:
1. The target’s web browser tests if the internet connection is behind a captive portal;
2. An AitM redirects the browser to a threat actor controlled website;
3. The first stage malware, STATICPLUGIN, is downloaded;
4. STATICPLUGIN then retrieves an MSI package from the same website;
5. Finally, CANONSTAGER is DLL side-loaded and deploys the SOGU.SEC backdoor.
PRC-Nexus Espionage Campaign Hijacks Web Traffic to Target Diplomats
A social engineering campaign leveraging signed malware, evasive tactics, and captive portal hijacking.Google Threat Intelligence Group (Google Cloud)
Chinese Hackers Hijack Web Traffic to Spy on Foreign Diplomats
cross-posted from: programming.dev/post/36349920
In March 2025, Google Threat Intelligence Group (GTIG) identified a complex, multifaceted campaign attributed to the PRC-nexus threat actor UNC6384. The campaign targeted diplomats in Southeast Asia and other entities globally. GTIG assesses this was likely in support of cyber espionage operations aligned with the strategic interests of the People's Republic of China (PRC).The campaign hijacks target web traffic, using a captive portal redirect, to deliver a digitally signed downloader that GTIG tracks as STATICPLUGIN. This ultimately led to the in-memory deployment of the backdoor SOGU.SEC (also known as PlugX). This multi-stage attack chain leverages advanced social engineering including valid code signing certificates, an adversary-in-the-middle (AitM) attack, and indirect execution techniques to evade detection.
This blog post presents our findings and analysis of this espionage campaign, as well as the evolution of the threat actor’s operational capabilities. We examine how the malware is delivered, how the threat actor utilized social engineering and evasion techniques, and technical aspects of the multi-stage malware payloads.
In this campaign, the malware payloads were disguised as either software or plugin updates and delivered through UNC6384 infrastructure using AitM and social engineering tactics. A high level overview of the attack chain:
1. The target’s web browser tests if the internet connection is behind a captive portal;
2. An AitM redirects the browser to a threat actor controlled website;
3. The first stage malware, STATICPLUGIN, is downloaded;
4. STATICPLUGIN then retrieves an MSI package from the same website;
5. Finally, CANONSTAGER is DLL side-loaded and deploys the SOGU.SEC backdoor.
Chinese Hackers Hijack Web Traffic to Spy on Foreign Diplomats
In March 2025, Google Threat Intelligence Group (GTIG) identified a complex, multifaceted campaign attributed to the PRC-nexus threat actor UNC6384. The campaign targeted diplomats in Southeast Asia and other entities globally. GTIG assesses this was likely in support of cyber espionage operations aligned with the strategic interests of the People's Republic of China (PRC).The campaign hijacks target web traffic, using a captive portal redirect, to deliver a digitally signed downloader that GTIG tracks as STATICPLUGIN. This ultimately led to the in-memory deployment of the backdoor SOGU.SEC (also known as PlugX). This multi-stage attack chain leverages advanced social engineering including valid code signing certificates, an adversary-in-the-middle (AitM) attack, and indirect execution techniques to evade detection.
This blog post presents our findings and analysis of this espionage campaign, as well as the evolution of the threat actor’s operational capabilities. We examine how the malware is delivered, how the threat actor utilized social engineering and evasion techniques, and technical aspects of the multi-stage malware payloads.
In this campaign, the malware payloads were disguised as either software or plugin updates and delivered through UNC6384 infrastructure using AitM and social engineering tactics. A high level overview of the attack chain:
1. The target’s web browser tests if the internet connection is behind a captive portal;
2. An AitM redirects the browser to a threat actor controlled website;
3. The first stage malware, STATICPLUGIN, is downloaded;
4. STATICPLUGIN then retrieves an MSI package from the same website;
5. Finally, CANONSTAGER is DLL side-loaded and deploys the SOGU.SEC backdoor.
PRC-Nexus Espionage Campaign Hijacks Web Traffic to Target Diplomats
A social engineering campaign leveraging signed malware, evasive tactics, and captive portal hijacking.Google Threat Intelligence Group (Google Cloud)
Chinese Hackers Hijack Web Traffic to Spy on Foreign Diplomats
In March 2025, Google Threat Intelligence Group (GTIG) identified a complex, multifaceted campaign attributed to the PRC-nexus threat actor UNC6384. The campaign targeted diplomats in Southeast Asia and other entities globally. GTIG assesses this was likely in support of cyber espionage operations aligned with the strategic interests of the People's Republic of China (PRC).The campaign hijacks target web traffic, using a captive portal redirect, to deliver a digitally signed downloader that GTIG tracks as STATICPLUGIN. This ultimately led to the in-memory deployment of the backdoor SOGU.SEC (also known as PlugX). This multi-stage attack chain leverages advanced social engineering including valid code signing certificates, an adversary-in-the-middle (AitM) attack, and indirect execution techniques to evade detection.
This blog post presents our findings and analysis of this espionage campaign, as well as the evolution of the threat actor’s operational capabilities. We examine how the malware is delivered, how the threat actor utilized social engineering and evasion techniques, and technical aspects of the multi-stage malware payloads.
In this campaign, the malware payloads were disguised as either software or plugin updates and delivered through UNC6384 infrastructure using AitM and social engineering tactics. A high level overview of the attack chain:
1. The target’s web browser tests if the internet connection is behind a captive portal;
2. An AitM redirects the browser to a threat actor controlled website;
3. The first stage malware, STATICPLUGIN, is downloaded;
4. STATICPLUGIN then retrieves an MSI package from the same website;
5. Finally, CANONSTAGER is DLL side-loaded and deploys the SOGU.SEC backdoor.
PRC-Nexus Espionage Campaign Hijacks Web Traffic to Target Diplomats
A social engineering campaign leveraging signed malware, evasive tactics, and captive portal hijacking.Google Threat Intelligence Group (Google Cloud)
DM me on Spotify: Spotify launches a messaging feature.
Introducing Messages, A New Way To Share What You Love on Spotify with Friends and Family — Spotify
Recommendations have always been at the heart of the Spotify experience. Friends and family share their favorite music, podcasts, audiobooks, and more from Spotify millions of times each month.Lauren.Peterson@groupsjr.com (Spotify)
Google is ending sideloading on Android
Fuck this shit, Fuck Big Tech and fuck the rich.
The global elite have finally gone fully mask off.
https://www.reddit.com/r/Android/comments/1mzw7sc/google_wants_to_make_sideloading_android_apps/
The PR Machine Powering Big Tech’s AI Energy Story
The PR Machine Powering Big Tech’s AI Energy Story
Google doesn't want you to think AI uses up much energyWilliam Fitzgerald (Hard Reset)
Feddit Un'istanza italiana Lemmy reshared this.
The PR Machine Powering Big Tech’s AI Energy Story
The PR Machine Powering Big Tech’s AI Energy Story
Google doesn't want you to think AI uses up much energyWilliam Fitzgerald (Hard Reset)
like this
Dantpool likes this.
reshared this
Feddit Un'istanza italiana Lemmy e Technology reshared this.
The PR Machine Powering Big Tech’s AI Energy Story
The PR Machine Powering Big Tech’s AI Energy Story
Google doesn't want you to think AI uses up much energyWilliam Fitzgerald (Hard Reset)
Feddit Un'istanza italiana Lemmy reshared this.
The PR Machine Powering Big Tech’s AI Energy Story
The PR Machine Powering Big Tech’s AI Energy Story
Google doesn't want you to think AI uses up much energyWilliam Fitzgerald (Hard Reset)
reshared this
Feddit Un'istanza italiana Lemmy e Technology reshared this.
The PR Machine Powering Big Tech’s AI Energy Story
The PR Machine Powering Big Tech’s AI Energy Story
Google doesn't want you to think AI uses up much energyWilliam Fitzgerald (Hard Reset)
Feddit Un'istanza italiana Lemmy reshared this.
Apple vs. Facebook is Kayfabe
- Hackernews;
- Lobsters.
:::
Apple vs. Facebook is Kayfabe
Apple vs. Facebook is, and always was, kayfabe. In reality, Apple is Facebook's chauffeur; holding Zuck's coat while Facebook wantonly surveils iPhones owners. How can we be sure? Because Apple continues to allow wide-scale abuse of In-App Browsers.Alex Russell
Will Smith's concert crowds are real, but AI is blurring the lines
- Hackernews.
:::
Will Smith's concert crowds are real, but AI is blurring the lines - Waxy.org
Will Smith is being accused of generating fake fans with AI, but it's complicated: the crowds are real, but the videos were manipulated by Smith's team and YouTube itself.Andy Baio (Waxy.org)
New Flagships Redefine Form and Function
Technology reshared this.
Þe user's first, and only, post. Its oþer contribution is a single emoji reply comment.
80% chance AI bot.
Kick faces possible $49 M fine after French streamer Jean Pormanove dies on air
Kick faces possible $49M fine after French streamer Jean Pormanove dies on air
Kick could be hit with a $49M penalty after the death of French streamer Jean Pormanove, who died following “ten days and nights of torture.”Michael Gwilliam (Dexerto)
Technology reshared this.
A fine isnt enough. This platform needs to be permanently shutdown.
This place is breeding grounds for morons, bigots, predators, and other social rejects, and it lets all of them continue thriving. By no comprehensible measure should that be normal, but somehow it is.
But I don't understand why don't they go after the abusers, instead of imposing a fine to the platform. This looks like a criminal case, it's not just a matter that should be left in the hands of the platform to begin with.. so why focus on blaming the platform?
Someone got bullied so hard they died, and the response is to simply ban them and then punish the platform? It sounds like an approach designed by lawyers who just want to make money, instead of actually an attempt to fix/correct the problem.
It's like blaming the email provider for allowing the exchange of messages and video files in a mailing group that was organizing crime.. instead of actually investigating the people who committed the crime and enacting laws / setting precedent that could act as deterrent, independently of which channel was used while committing the crime. Then punish the platform if they are not collaborating or if they are found to be complicit (while investigating the criminals).
Kick faces possible $49 M fine after French streamer Jean Pormanove dies on air
Kick faces possible $49M fine after French streamer Jean Pormanove dies on air
Kick could be hit with a $49M penalty after the death of French streamer Jean Pormanove, who died following “ten days and nights of torture.”Michael Gwilliam (Dexerto)
like this
Fitik, adhocfungus, FerretyFever0, YoSoySnekBoi, Lasslinthar, SuiXi3D, Aatube, aramis87 e Raoul Duke like this.
Technology reshared this.
like this
FerretyFever0 e yessikg like this.
like this
FerretyFever0 likes this.
like this
FerretyFever0, Beacon, DaGeek247 e yessikg like this.
like this
YoSoySnekBoi, DaGeek247 e yessikg like this.
They kinda did. The dudes were taken in as part of an ongoing investigation but were then released. I can see why it’s fared for the cops when even the victims are saying it’s by their own choice. But it’s no excuse for kick.
ctvnews.ca/sci-tech/article/ou…
The investigation, opened in December, is looking into “deliberate violence against vulnerable persons” and “spreading recordings of images related to offences involving deliberate violations of physical integrity,” Martinelli’s statement said. It did not specify why Pormanove could be considered vulnerable.The statement said two co-streamers allegedly involved in the case were briefly taken into custody in January but were released pending further investigation.
In parallel, the Nice prosecutor said, investigators interviewed Pormanove and one of his co-streamers who both appeared to be victims of violence and humiliation. They “strongly denied being victims of violence, stating that the events were staged in order to `generate a buzz’ and make money.”
French streamer’s on-air death provokes outcry as authorities probe allegations of abuse
The death of a French streamer during an extended broadcast prompted soul-searching and controversy, as a government minister said he had been “humiliated and mistreated for months” on air and a judicial investigation delves into alleged abuse.The Associated Press (CTVNews)
execution of the law is always more complicated than we want it to be. They could have been let off as the investigation continued if the victim told the cops "i did everything with full consent and it was all an act for the entertainment of the stream.". Cops/W/e the french version of DA is would possibly need to continue the investigation to show that either he was unable to consent to the actions or it was a lie that there was consent.
I'm just a layperson and maybe it was more cut and dry and the cops really dropped the ball. It just doesn't seem so cut and dry legally to me. Will be interesting to see the outcome of the investigation from this.
- Algorithm shows a preview of a chaotic scene where the content isn't easily identified.
- You open / interact / linger on it to figure out what is happening before identifying it as something you don't want to look at.
- Algorithm detects increased interaction and happily serves up more.
I play a little game with Instagram sometimes. I click on one (1) thirst trap bikini girl post in the search reel. Then I see how many times I have to press the little 3 dot menu and pick "not interested" on allllll the other thirst trap bikini girl posts that immediately appear.
I generally have to press "not interested" about 15 times before my feed reverts to only having bikini girl thirst traps once every 20 or so posts.
Facebook goes wild if you don't really interact with it other than to browse.
Pause for a microsecond over something, welp I guess that's your hobby now. For some reason mine always shows me chess. I have never played chess. Hate it. A family member on my Facebook friends list likes chess. FB just goes "chess? how about chess?" like it's got nothing else to really offer other than flag waving racism.
It’s similar to fear factor—you can authorize quite a lot of things in a contract.
The medical examiner has said that they don’t think his death was caused directly by the treatment during the stream.
like this
Beacon likes this.
“Salut maman, Comment tu vas ? Coincé pour un moment avec son jeu de mort, avait-il déclaré. Ça va trop loin. J’ai l’impression d’être séquestré avec leur concept de merde. J’en ai marre, je veux me barrer, l’autre il veut pas, il me séquestre”. (“Hey Mom, how are you? Stuck for a while with his death game,” he said. “This is going too far. I feel like I’m being held captive with their shitty concept. I’m fed up, I want to get out, the other guy doesn’t want me, he’s holding me captive.”)
"J’en ai marre je veux me barrer, il me séquestre" : les derniers mots glaçants de Jean Pormanove avant sa mort - Closer
Lundi 18 août 2025, le streamer Jean Pormanove est mort à 46 ans alors qu’il était en live sur une plateforme de streaming. Avant sa mort, il avait envoyé un message glaçant à sa mère.GR (Closer)
like this
Beacon likes this.
He actively wanted out as seen by the desperate text sent to his mother saying how he "felt like a hostage" that was read aloud by one of his abusers on stream, but due to coersion both financially and socially. In one of the streams his abusers openly brag about how if he doesnt participate in their "game" they'll take the keys for his car and his apartment until he does.
There's generally a lot of factors that add up to staying in an abusive situation. From his point of view its likely that there didn't seem much of an option for him outside of this.
Can somebody explain to me why, emotions aside, the French guy is not responsible for his own choices? Unless it comes to light that he was coerced into staying on the show, why are other parties being held responsible instead of himself?
I'm not looking to be controversial, I'm honestly curious if there's some rational logic to it that I can understand, or this is all emotional.
like this
Beacon e BlackLaZoR like this.
Because they profited from his torture and subsequent death?
To your point though, they aren't responsible in the moral sense that you're implying. However, they committed a crime when they platformed, promoted and profited from it.
like this
yessikg likes this.
like this
loppy likes this.
some stuff against said terms
Like mastercard and their ban of all purchases of items that could reflect negatively on their brand. Like porn.
I’d argue the main difference is that it involves a crime.
I’m not completely sure that torture itself constitutes a crime (though I’d be surprised if it wasn’t), but manslaughter/murder is. With few exceptions for medically assisted death, killing someone is a major crime. Presumably, we don’t want to promote people profiting from extreme suffering and death.
I also think there is a time and place for censorship (ex CSAM).
“Objectionable” is a subjective term, but “illegal“ is not.
There's 2 different parties under discussion here, the other streamers and the platform.
Regarding the streamers, I agree there might be room for a manslaughter charge. IANAL, much less in French law. Personally though, I don't see how it differs substantially from any other high risk group activity. If you're free-climbing (or maybe some other activity that involves more chance and less skill), and you're doing it voluntarily, knowing the risks, is it really fair to blame the survivors if somebody dies?
Regarding the platform, up until the point where a death actually occurred, what could they have reasonably done that would not have constituted some form of censorship? At that point, aren't we back to the censorship discussion of how much power platforms should have over the content we have access to?
I can kind of see what you are trying to say, but I don’t really agree with your conclusion.
I’d make the distinction that free climbing, while dangerous, is a recreational activity. I can reasonably conceive of people watching that for entertainment. There also isn’t anything morally questionable about it.
On the face of it, I don’t think you could reasonably argue that torture is a pastime.
All of that aside, torture is against international law. It is illegal in all circumstances.
From the United Nation Convention Against Torture:
“No exceptional circumstances whatsoever may be invoked as a justification for torture.”
For that reason, I would say the platform did have an obligation to de-platform it.
Arguably, the police should probably have put a stop to it as well.
They aren't deciding, they're being held to laws that they didn't create nor necessarily agree with.
I'd assume that, given the option, they'd like this kind of thing to be legal so they can continue making money from it legitimately
What? I think you've misread something.
The argument against them, as I understand it, is that they should not have allowed the streaming to happen. As this was pre-death, that would have required them to make a decision about what content they allowed that most people would consider censorship.
Yes, that is the law. You are required not to broadcast death and to create circumstances in which the likelihood of this is minimised.
That's not calling for censorship because it doesn't preclude a level of consensual harm that doesn't lead to high risk of death.
As I said earlier, your point stands: it is not for these platforms to act as moral compasses for viewers of consensual but provocative content.
However, that's irrelevant to the law which wants to avoid incentivising people dying / being killed on broadcast streams for a profit.
I think this is ratified by the fact that there will be less of a burden of blame on the service provider if this proves not to be the case
In those cases broadcasters take one of two roads:
- Don't broadcast it - many extreme sports are simply not broadcast by many, many broadcasters.
- Properly mitigate the risk to an acceptable level - this is done frequently for sports and other media. This is the reason you can watch Jackass and Dirty Sanchez even though the risk of death for many stunts is non-zero.
Once the death occurs though, they can only rely on their demonstration of #2 here to offset legal culpability. They are also then generally bound to remove the material and not re-air (in this case, Kick did make the content available again for whatever reason)
It seems like this is the road the defense will take in this particular case is to prove the death (illegal to air if preventable) was not caused by the preceding consensual torture (legal to air, seemingly).
Okay, you asked why others are held responsible and not the dead guy and what is the logic behind it.
I don't get what's not to get about that.
The platform didn't put a stop to torture on their platform. They are responsible for that.
The others streamers tortured a guy to death. They are responsible for that.
What exactly do you think the the dead guy is responsible for?
I don't get what's not to get about that.
No need to be a condescending jerk.
The platform didn't put a stop to torture on their platform. They are responsible for that.
Why are they responsible for a grown adult making his own choices? What about an audience who directly funded the activity? Are they not even more directly responsible for the event that occurred?
The others streamers tortured a guy to death. They are responsible for that.
Yes, there's probably some question about whether manslaughter laws might apply.
Given it was a voluntary participation, how is this different from any other activity that involves potential self-harm? If a bunch of people freeclimb a deadly mountain with a 20% chance of death and stream it, and one of them dies, is that illegal? Assuming not, what's the difference here?
What exactly do you think the the dead guy is responsible for?
His choice to participate in an activity that killed him.
like this
loppy likes this.
No need to be a condescending jerk.
I was serious. Sorry, didn't meant to come of this way.
Why are they responsible for a grown adult making his own choices? What about an audience who directly funded the activity? Are they not even more directly responsible for the event that occurred?
They aren't but they are responsible in the sense that they shouldn't give that shit a platform.
Yes the audience is responsible too.
Given it was a voluntary participation, how is this different from any other activity that involves potential self-harm? If a bunch of people freeclimb a deadly mountain with a 20% chance of death and stream it, and one of them dies, is that illegal? Assuming not, what's the difference here?
The question falls apart with the word self-harm. Other people did that to him.
And freeclimb metaphor doesn't work as well as harm is not the goal of free climbing. The goal is to reach the top. Dying is a risk you take. Besides if you would stream free climbing and egg the other person on to do stupid shit or make it more difficult to climb for the other person, and that person dies because of that, you would be partly responsible for that death.
His choice to participate in an activity that killed him.
Yes he is responsible for that.
But I think this is not a this-one-person-is-responsible-situation. Everybody in the chain of events that lead to this mans death is responsible in some way. Everybody who knew and did nothing.
There is a gradient of responsibility, of course. The person just watching isn't as responsible as the person who is acting, but everybody is guilty to some degree. And to that degree people should be punished.
They aren't but they are responsible in the sense that they shouldn't give that shit a platform.
This statement could be used about literally any topic that certain groups of people find objectionable. The US is currently providing a very clear example of what happens when you use that argument.
Other people did that to him.
Seeing as he was an active participant in it, this is the core of my questioning. Why is it considered 'something others did to him', and not 'something he did to himself'? He could have left at any time, but he chose to stay and remain in the activity.
freeclimb metaphor doesn't work as well as harm is not the goal of free climbing. The goal is to reach the top. Dying is a risk you take.
Harm was not the direct goal of this stream either. The goal was to see how long they could stay awake. Heck, take boxing. Boxers still die every year, and that's a much more obvious example of harm being the direct goal of the activity. Nobody is seriously suggesting that boxing should be criminalised, or that participants should be prosecuted.
But I think this is not a this-one-person-is-responsible-situation. Everybody in the chain of events that lead to this mans death is responsible in some way. Everybody who knew and did nothing.There is a gradient of responsibility, of course. The person just watching isn't as responsible as the person who is acting, but everybody is guilty to some degree. And to that degree people should be punished.
I agree that everybody involved is in some way indirectly responsible. However I'm unclear that it's actually illegal. Morally reprehensible, but morality is a very subjective opinion and one I'm very hesitant to let platforms start deciding on my behalf.
This statement could be used about literally any topic that certain groups of people find objectionable. The US is currently providing a very clear example of what happens when you use that argument.
Maybe but in what way my statement could be used has nothing todo with the conversation we are having.
I used it specifically in the context of torture.
Seeing as he was an active participant in it, this is the core of my questioning. Why is it considered 'something others did to him', and not 'something he did to himself'? He could have left at any time, but he chose to stay and remain in the activity.
Quoting the article:
On August 18, 46-year-old Raphaël Graven, better known as Jean Pormanove, died in his sleep while live on Kick. In the days and even months prior, he had reportedly endured extreme violence, sleep deprivation, and forced ingestion of toxic products at the hands of two fellow streamers known as Naruto and Safine.
Because letting someone do something to you is still another person doing something to you.
As long as we don't know why he stayed we can't be sure if it was because of trauma or greed.
Harm was not the direct goal of this stream either. The goal was to see how long they could stay awake. Heck, take boxing. Boxers still die every year, and that's a much more obvious example of harm being the direct goal of the activity. Nobody is seriously suggesting that boxing should be criminalised, or that participants should be prosecuted.
That's the stated goal but from context/article it is reasonable to assume that fucking with the guy was a goal too.
Well I don't think saying because one fucked up thing exists that makes it okay that we tolerate other fucked up things is a good point. There is certainly a discussion to be had about the morality of boxing. In my opinion at least.
I agree that everybody involved is in some way indirectly responsible. However I'm unclear that it's actually illegal. Morally reprehensible, but morality is a very subjective opinion and one I'm very hesitant to let platforms start deciding on my behalf.
Well I think there are some things we can all agree on are not okay. Torture for example.
Maybe but in what way my statement could be used has nothing todo with the conversation we are having.I used it specifically in the context of torture.
Yes, but was it illegal? The point being that our opinions of morality don't, and shouldn't, matter. The only thing that should matter is whether it breaks the law, and any ramifications of that.
Because letting someone do something to you is still another person doing something to you.
Consent is a thing. If you agree to something, and physical harm happens as a reasonably unexpected outcome, the other party is usually not held responsible.
That said, depending on circumstance I can see the other streamers having some responsibility for his death.
What I don't see is how the platform is reasonably expected to make judgement calls about this sort of content without descending into censorship. Prior to death, none of what had been done was illegal. Expecting them to cut off the stream would have been no different from other corps removing material they find morally objectionable.
There is certainly a discussion to be had about the morality of boxing. In my opinion at least.Well I think there are some things we can all agree on are not okay. Torture for example.
I agree with you about the morality. That's not the point. Censorship is a major problem in the world today, and encouraging more of it is something we need to be wary of. Self-censorship is especially insidious, and expecting companies to self-censor leads to all sort of undesirable outcomes. That's why we have laws, so that it's (mostly) clear and unambiguous where the line is.
In the EU platforms can be found guilty for what they publish though. It is the platform's responsibility and duty to check whether their content is violating the law or not.
If a German newspaper were to publish an ad advocating for the murder of an ethnic group, both the creator of the ad and the newspaper would face charges.
I can't say much more about the rest but there are certainly legal standards for boxing that need to be abided for a boxing event to be legal. This includes having medical staff on site, a referee which manages the match, gloves being mandated for the boxers etc. If these standards aren't held, you can charge a boxer for participating in an illegal fight and manslaughter should the other boxer die.
there are certainly legal standards for boxing that need to be abided for a boxing event to be legal. This includes having medical staff on site, a referee which manages the match, gloves being mandated for the boxers etc. If these standards aren't held, you can charge a boxer for participating in an illegal fight and manslaughter should the other boxer die.
Fair point. Given how quickly these trends can pop out of nowhere, countries probably need to start creating laws covering general physical stupidity.
Because they by running a business are responsible to ensure that they don't promote or willfully ignore harm brought about wholly or in part by their actions or negligence.
For actually moral folks the minimum the law requires is a starting point not the last word.
Eg moral folks ask is there anything I am doing that causes harm or anything I'm not doing that I reasonably ought to do to prevent it.
Smart people too as many governments take a dim view of dodging responsibly and will invent new laws to regulate you.
For actually moral folks the minimum the law requires is a starting point not the last word.Eg moral folks ask is there anything I am doing that causes harm or anything I'm not doing that I reasonably ought to do to prevent it.
So... Like the payment processors banning all immoral transactions from their network? Is that what we're supporting?
like this
Aatube likes this.
It's a difficult situation to explain, and it will be even harder to judge.
What seems to be true is that they had a hold on him. They seemed to abuse his mental weaknesses, and regularly made themselves look like benefactor for "saving him from himself" and making him earn a lot of money.
Sure he could have technically walked out any day, but when you're under the influence of manipulative "friends", I'm not sure it's that easy.
Bear in mind that I'm not stating 100% proven facts.
Yeah, depending on circumstance I can definitely see a case being made for the streamers having some responsibility.
I don't see how the platform should be responsible without opening up a can of worms involving censorship. Mastercard has proven we do not want fucking corps having that power.
It depends. Do you consider Twitch's moderation to be to extreme? They definitely wouldn't have let this slide. I'm pretty sure they used to stream on twitch and got banned there.
Kick is currently very lax when it comes to moderation (it's their niche, their way of existing even with Twitch's dominance), and I don't think banning channels promoting group punching a dude would be a bad thing to censor.
Idk, I don't watch videos so I'm unfamiliar with it.
don't think banning channels promoting group punching a dude would be a bad thing to censor.
I don't think so either, but experience has taught me not to give companies any more power than necessary. If it needs to be done, pass a law for it.
Whenever you do something that results in the death of another human there needs to be an investigation. From what I can tell no culpability has been found yet, but there is at least some evidence that this person was being held against their will.
However, lots of European countries treat violence like the US treats porn so this could easily be something similar to the pearl clutching that would happen here if somebody was asphyxiated during a BDSM livestream.
From libé article:
Raphaël Graven, 46, known under the pseudonym Jean Pormanove, died near Nice during a live broadcast on August 18 on the Australian video platform Kick after more than 12 days of live streaming showing him and another man being assaulted and humiliated by two people. Followed by nearly 200,000 viewers, the “Jeanpormanove” channel had for months shown Raphaël Graven being insulted, beaten, having his hair pulled, threatened, and even being shot at without protection with paintball projectiles. According to the channel’s promoters, the content was staged.Deputy Minister for Digital Affairs Clara Chappaz on Tuesday announced her intention to sue the Kick platform for “breach.” She made the announcement after a meeting convened at Bercy with officials from several ministries (Justice, Interior, Economy) and two independent authorities, accusing Kick of violating the 2004 Digital Trust law.
I feel completely out of the loop when stuff like this happens.
I went looking around and found an article that expanded a lot on this topic, maxread.substack.com/p/who-kil…
Story of my life. Major story drops, article provides little to no context, and everyone in the comments already seems to know what's going on.
This happens constantly in my life, both online and offline; why does it seem like I'm always being left out? I've missed out on so many parties and events because of this issue.
courage the dog’s owner
Now I feel a little better Eustace he scared me as a kid
like this
yessikg likes this.
What changed between the 'months of torture' and Naruto and Safine being arrested, and the '10 days ' leading up to his death?
It sounds sick that the French government would decide a man is being tortured yet they're not obligated to intervene... while at the same time they fine a company for not stepping in.
If this man was negligently killed, authorities and kick are to blame, but it's the authorities that should've been the failsafe, not the company. I guess it makes sense that French politicians are Very Mad™ and Seriously Considering Bigger Punishments™.
Exactly. Law enforcement investigated and found no wrongdoing. They’re the ones who dropped the ball here. Was there something else Kick was legally obligated to do? I agree that there was a moral fuck up here resulting in somebody dying. But torture between competent consenting adults is legal. Just like we’re saying BDSM is okay
Also someone else mentioned the TV show Jackass and I just wanna know how some are drawing the line here. So are some of the dangerous stunts on Jackass ok or not? Why?
Boxing ,MMA.etc ?
espn.com/boxing/story/_/id/459…
Two Japanese boxers die from brain injuries suffered on same fight card - ESPN
Japanese boxers Shigetoshi Kotari and Hiromasa Urakawa have died following brain injuries sustained while competing on the same card, although in different fights, at Korakuen Hall in Tokyo on Aug. 2.Andreas Hale (ESPN)
Can someone point out the part where this wasn't voluntary or the guy was held captive & not free to leave or end the voluntary abuse at any time?
It looks like idiots kink-playing too hard with extra fines to some platform while the morons try to escape accountability.
Viral compilation threads have shown Pormanove being hit, strangled, and fired at with paintball guns while streaming with Naruto and Safine, whose lawyers claim they hold “no responsibility.”
like this
aramis87 likes this.
Violence is fine. What's not fine is the permanent disfigurement or death of participants and the lack of preventative controls against that.
In a cage match, a participant would never be ignored long enough to stop breathing, like they did here.
This comment might provide some insights:
lemmy.zip/comment/21080783
Also, IMO, voluntary or not, this goes over the edge, especially on the streaming part. If someone genuinely enjoys this, they can do it in private, and exactly as they like.
When money and popularity get involved, this prompts more extreme behavior, turning a willing masochist into a victim, and a game into a trap.
Besides, authorities could have at least checked up on him.
If I understood properly the guy was a kinda homeless person that the two fuckers "hosted" in their house in exchange for participating (being tortured) in their streams. He was disabled or mentally challenged too, and there was another victim of theirs that was handicapped in the flat too.The alarm has been raised for at least 8 months but neither the police nor the national agencies nor the minister contacted either did or decided to do anything. Every time the police came the victims were saying that all was good and they gave their consent to anything, but on stream they were often asking to call the cops, an ambulance or trying to leave and the two fuckers barred them the exit and threatened to beat them or throw them back to the streets. So they were basically held hostage.
The whole thing is a disgrace. It was the most viewed French language stream on Kick for months, two vulnerable people being tortured on stream and nobody did anything.
Kink playing is ultimately the responsibility of the top, if this was that.
It's not, because they disregarded that person's state of well-being in a continued way.
His streams were about self deprecation, humiliation and abuse. He let those two guys abuse him to the limit and apparently they went over the limit.
It was with consent but they still be charged with murder and probably get convicted too.
This went on for weeks, months, and nobody interfered. They just gave a platform for the abuse.
If I understood properly the guy was a kinda homeless person that the two fuckers "hosted" in their house in exchange for participating (being tortured) in their streams. He was disabled or mentally challenged too, and there was another victim of theirs that was handicapped in the flat too.
The alarm has been raised for at least 8 months but neither the police nor the national agencies nor the minister contacted either did or decided to do anything. Every time the police came the victims were saying that all was good and they gave their consent to anything, but on stream they were often asking to call the cops, an ambulance or trying to leave and the two fuckers barred them the exit and threatened to beat them or throw them back to the streets. So they were basically held hostage.
The whole thing is a disgrace. It was the most viewed French language stream on Kick for months, two vulnerable people being tortured on stream and nobody did anything.
like this
aramis87 likes this.
From what I understood the two fuckers will probably get a 25 to 30 years of jail sentence, and some of the people who donated money to them to encourage them in the torture also risk prison time. Which I fucking hope they get.
Someone took upon himself to save all the worst clips and try to raise the alarm, they have more than 300 hours of stream capture with evidence of torture and other wrongdoings.
like this
aramis87 likes this.
There is even a sequence where the two fuckers try to force him to say that "if he dies on stream, it won't be their fault" but the fault of his "shitty health situation". He flat out refused.
They perfectly knew they were in the process of killing him.
like this
aramis87 likes this.
Kinda homeless? The victim is the largest french gaming streamer and definitely not homeless. There's indications of mental health problems but it's only visible on camera. There are no documents verifying it unfortunately (though it seems evident). The two killers are people he's known and hung out with for years.
Edit: The apartment was rented specifically for this stream.
It's sort of an extension of lolcow culture. This is a vid I recommend to watch to understand it.
Revenue != profit
Depending on margins, it can make a company unprofitable pretty quick if they're hit by a fine of nearly 30% of their revenue.
I mean, Kick probably could be suspending people who stream for an unhealthily long time, maybe suspend his abusive friends, but they didn't force him to take any actions resulting in his death imo.
What exactly is the crime?
Yes. I saw a video on getting around Flock's AI cameras and he mentions the numerous million dollar lawsuits that regularly result from misuse of their data and the glitches that cause people to have guns pointed at their heads by police.
It is a cost of doing business. Saying 'I'll sue you!' To them is as threatening as charging someone a little extra for that order of coffee they made.
Sci-Hub Blocked in India, Founder Tells Plaintiffs to Expect Disappointment
Sci-Hub Blocked in India, Founder Tells Plaintiffs to Expect Disappointment * TorrentFreak
The High Court in Delhi has ordered the country's ISPs to block Sci-Hub as part of a copyright case filed in 2020 by major publishers.Andy Maxwell (TF Publishing)
like this
Maeve e FartsWithAnAccent like this.
She was played. Now it's time to say "fuck it" and continue as normal. The system was rigged from the start.
like this
FartsWithAnAccent likes this.
Perplexity's AI-powered Comet browser leaves users vulnerable to phishing scams and malicious code injection — Brave and Guardio's security audits call out paid AI browser
Perplexity's AI-powered Comet browser leaves users vulnerable to phishing scams and malicious code injection — Brave and Guardio's security audits call out paid AI browser
Brave and Guardio have revealed serious vulnerabilities in the AI-powered Comet browser.Nathaniel Mott (Tom's Hardware)
How are you "supposed" to download your treasures? Download managers? Or just let the 100GB file sit in firefox download list and potentially get cut off mid-download?
I can never seem to get a download manger to work. I remember I used to be able to do that on windows, but SteamOS is giving me a headache, I'm a noob in linux.
But then again, idk if pausing would even be possible with these 🏴☠️ sites.
like this
Fitik, Lasslinthar e Rozaŭtuno like this.
This thread seems to heavily recommend wget.
forum.endeavouros.com/t/a-down…
A download manager for linux that actually works?
It’s the Java UI, and maybe you heard that it has ads in it. The AUR package has stripped out the popup style ads. Now it just has ONE unobtrusive ad that I forgot about until I started writing this. Very negligible.EndeavourOS
curl can also resume downloads stackoverflow.com/questions/19…
How to resume interrupted download automatically in curl?
I'm working with curl in Linux. I'm downloading a part of a file in ftp server (using the -r option), but my connection is not good, it always interrupts. I want to write a script which resume down...Stack Overflow
Downlaod managers can work with most downloads. If a site is really badly coded it still wont work. Bittorrent is good for this. I recomend qbittorrent on linux/windows, or flud on android.
With bittorrent you want to configure your settings. Set you max upload to half of what your connections upload speed is, or lower, you might have to experiment with this to see what your router and connection can handle. Activate "exit on finish" limit your max connections to 50-100 if you dont have a router with a strong CPU. Enable "require encryption" or use encryption and dont allow non encrypted connections. (Keeps your isp from throttling and helps keep you safer) Disable automatic start when you device boots up (very important)
Then you are all set. Just remember to make sure you dont run it all the time, bittorrent is hard on your router, not that it will mess it up but it will load up the CPU, honestly not much worse then windows built in spyware these days, and try to place the files where you actually want them when creating a download, so that you can reupload to the world. If you move the files after downloading them, then the client cant reupload to other users. You could even consider setting your max upload slots to something reasonable like 24 with a max upload rate of 200 KB/s, and let it run all the time. Be careful when hosting copyrighted content unless you have a VPN always active. You really should these days, they are cheap. I think i payed $80 for a year of proton VPN, a swiss company that isnt as beholden to the giant global intelligence network. You should also support artists so dont pirate unless you dont have a good option for getting your content. Pirated content also has a risk of containing malware and getting you sued.
As someone who lives in the U.S and is always on the road for work, i constantly have to deal with terrible and 3rd world internet infastructure. I am very familiar. Half of my state has about a 40% packet loss rate or something. Idk. Its bad. It drops out completly multiple times per day, cell towers, ISPs, credit card machines, etc. Sometimes you might just need to download from a better connection in another part of your state or something.
I dont have any recomendations for a download manager for PC, but for android ADM, advanced download manager seems to work well. On PC i usually just use torrents. Using a VPN in exclusivly TCP mode can also help, UDP is a lower latency lossy connection, TCP will resend packets until all of them get through. Using a vpn with TCP can help if you have a crappy connection. It wont help much if you are getting multi second drop outs. For that you really need bittorrent, or a download manager. If the zite doesnt work with download managers, and you cant get a torrent, you can try to find a mirror of the download somewhere else. Tey searching for the file name in quotes, like "filename.zip" and then use -website name to remove results from spammy sites. A search might be like, ( "filename.zip" -website1.com -website2.com )
Enable “require encryption” or use encryption and dont allow non encrypted connections.
In my experience, that would just stop all traffic. I guess the other clients on the swarm don't support encryption.
I use Varia as my graphical download manager. It has download acceleration built in thanks to aria2. I get often double or triple the download speed (depending on the website). For example, when I downloaded the Fedora Workstation ISO from fedoraproject I got download speeds from 18mbs normal to 60mbs with Varia. Free and open source of course, available on Windows and Linux.
Website: giantpinkrobots.github.io/vari…
like this
Lasslinthar likes this.
like this
Azathoth likes this.
like this
Lasslinthar likes this.
There's also a link on the official website without all the crapware but it's very well hidden... I found JDownloader really bad and the UX/UI not very user friendly and looks shady...
Too bad there isn't any IDM alternative for linux, and that's also why I stopped DDL and wen't back to torrenting on private trackers... There isn't any simple download manager that looks sleek, feels good and doesn't put your system at risk !
ASRock's $40 16-pin power cable has overheating protection designed to prevent meltdowns — company claims a 90-degree design ensures worry-free installation
ASRock's $40 16-pin power cable has overheating protection designed to prevent meltdowns — company claims a 90-degree design ensures worry-free installation
Only compatible with ASRock Taichi and Phantom Gaming power supplies, thoughZhiye Liu (Tom's Hardware)
Emilio Estevez, Martin Sheen – „Dein Weg“ (2010)
Der einzige Grund für mich, diesen Film zu sehen, war die Konstellation: Martin Sheen vor der Kamera, Emilio Estevez dahinter. Vater und Sohn, die gemeinsam einen Film schaffen, so direkt und sichtbar, ist eine Seltenheit in Hollywood. Der Jakobsweg dagegen wirkte eher wie eine Zumutung. Überstrapaziert von Selbsterfahrungsberichten, überhöht von Kirchenfolklore, in Deutschland endgültig re-popularisiert durch Hape Kerkelings Bestseller. Ein Trend, der mich eher abschreckt. Zumal mir meine ziemlich katholische Kindheit ohnehin wenig Lust auf Pilgerwege hinterlassen hat. (ARD)
How the gas lobby captured the energy crisis response - Corporate Europe Observatory
[00:13:55]
This episode tells the amazing story of how the EU took the brave step of using the climate and cost of living crisis as an opportunity to move away from destructive fossil fuels all together! Obviously, this didn’t happen, but it could have.This is the forth episode of Corporate Europe Observatory's new podcast series “What's going wrong, and how to put it right?”.
- YouTube
Profitez des vidéos et de la musique que vous aimez, mettez en ligne des contenus originaux, et partagez-les avec vos amis, vos proches et le monde entier.www.youtube.com
Hate Systemd? A New Init System(Nitro) Debuts as a Minimalist Process Supervisor for Linux
cross-posted from: programming.dev/post/36342010
Nitro is a tiny process supervisor that also can be used as pid 1 on Linux.There are four main applications it is designed for:
- As init for a Linux machine for embedded, desktop or server purposes
- As init for a Linux initramfs
- As init for a Linux container (Docker/Podman/LXC/Kubernetes)
- As unprivileged supervision daemon on POSIX systems
Nitro is configured by a directory of scripts, defaulting to /etc/nitro (or the first command line argument).
Hate Systemd? A New Init System(Nitro) Debuts as a Minimalist Process Supervisor for Linux
Nitro is a tiny process supervisor that also can be used as pid 1 on Linux.There are four main applications it is designed for:
- As init for a Linux machine for embedded, desktop or server purposes
- As init for a Linux initramfs
- As init for a Linux container (Docker/Podman/LXC/Kubernetes)
- As unprivileged supervision daemon on POSIX systems
Nitro is configured by a directory of scripts, defaulting to /etc/nitro (or the first command line argument).
GitHub - leahneukirchen/nitro: tiny but flexible init system and process supervisor
tiny but flexible init system and process supervisor - leahneukirchen/nitroGitHub
Raoul Duke likes this.
Despise Systemd? A New Init System Debuts as a Minimalist Process Supervisor for Linux
Nitro is a simple, tiny but flexible init system. It is under heavy development currently.Sourav Rudra (It's FOSS News)
Hate Systemd? A New Init System(Nitro) Debuts as a Minimalist Process Supervisor for Linux
cross-posted from: programming.dev/post/36342010
Nitro is a tiny process supervisor that also can be used as pid 1 on Linux.There are four main applications it is designed for:
- As init for a Linux machine for embedded, desktop or server purposes
- As init for a Linux initramfs
- As init for a Linux container (Docker/Podman/LXC/Kubernetes)
- As unprivileged supervision daemon on POSIX systems
Nitro is configured by a directory of scripts, defaulting to /etc/nitro (or the first command line argument).
Hate Systemd? A New Init System(Nitro) Debuts as a Minimalist Process Supervisor for Linux
Nitro is a tiny process supervisor that also can be used as pid 1 on Linux.There are four main applications it is designed for:
- As init for a Linux machine for embedded, desktop or server purposes
- As init for a Linux initramfs
- As init for a Linux container (Docker/Podman/LXC/Kubernetes)
- As unprivileged supervision daemon on POSIX systems
Nitro is configured by a directory of scripts, defaulting to /etc/nitro (or the first command line argument).
GitHub - leahneukirchen/nitro: tiny but flexible init system and process supervisor
tiny but flexible init system and process supervisor - leahneukirchen/nitroGitHub
like this
Rozaŭtuno e Raoul Duke like this.
No, but the weirdos who insist on spelling it "SystemD" always seem to hate systemd.
systemd is pretty great. I tend to start long-running processes as user services, and I've even taken to starting some apps that give an old laptop trouble with systemd-run and a slice with some memory restrictions. Easy peasy, works great, all declarative, no wibbly-wobbly shell scripts involved.
Linux reshared this.
No, but the weirdos who insist on spelling it "SystemD" always seem to hate systemd.
"SystemD"
Having given a shot to OpenRC on Alpine systems, I would say that I prefer systemd for creating and managing services.
I like its unified logging, which extends even beyond the host, integrating the logs of nspawn containers. I like its tmpfiles, which allows configuring temporary files, without writing scripts that create/cleanup them.
I have to admit, however, that I don't like all of its subsystems. For example, I don't want networkd and resolved anywhere near my configuration.
I wrote and maintained a lot of sysvinit scripts and I fucking hated them. I wrote Upstart scripts and I fucking hated them. I wrote OpenRC scripts and I fucking hated them. Any init system that relies on one of the worst languages in common use nowadays can fuck right off. Systemd units are well documented, consistent, and reliable.
From my 30 seconds of looking, I actually like nitro a bit more than OpenRC or Upstart. It does seem like it'd struggle with daemons the way sysvinit scripts used to. Like, you have to write a process supervisor to track when your daemonized process dies so that it can then die and tell nitro (which is, ofc, a process supervisor), and it looks like the logging might be trickier in that case too. I fucking hate services that background themselves, but they do exist and systemd does a great job at handling those. It also doesn't do any form of dependency management AFAICT, which is a more serious flaw.
Nitro seems like a good option for some use cases (although I cannot conceive why you'd want to run a service manager in a container when docker and k8s have robust service management built into them), but it's never touching the disk on any of the tens of thousands of boxes I help administrate. systemd is just too good.
execing the daemon, so that the daemon becomes the script, not a separate process.
It was highly contentious for a number of years - largely because it had a lot more functionality and touched more parts of the OS than the init systems it was designed to replace. It was seen as overzealous by the naysayers.
I was in the never system-d camp for a long time because I felt like my ability to choose was being removed. Even some distros that provided alternate init systems eventually went systemd-only.
But I’ve come around - it’s fine, good even - though ultimately I had no choice or say in it.
It’s very straightforward and easy to write one’s own units. It’s reasonably easy to debug and often helpful when something isn’t working as expected.
Like all things in the world of software, many folks are going to try (and eventually succeed) to make a better mousetrap.
This particular init system’s design goals seem (at least to me) to indicate a focus on small, embedded and/or more secure systems where the breadth of tools like systemd are a hindrance.
Totally fair and exactly part of my original disdain. I was happy with SysV and Upstart. But here we are and I’ve got things to do. ;)
I hated repackaging all my software for systemd. lol. We waited as long as we could before eating that pie.
It oversteps because the creators found it to be convenient.
Copacking default services for networking and time synchronization and other systems with the init make sense for a specific usecase but god bless you if you need to use a different service as you track down the various configuration options to disable functionality.
It works amazing as a service management tool but the prebaked services it provides generally cause more problems than they solve.
No, it's just something systemd proponents claim to shit on alternatives and their users.
Sure, I dislike systemd or at least some of its components and how they're designed, and I find the vocal systemd proponents (especially those that still find the need to be vocal about it in 2025) to be some of the most annoying people in the entire Linux community. But I use it on some systems and it works fine for the most part. Hate is a strong word for a software choice.
Because systemd replaced too many important components users still wanted to keep using... and politics. Not many people like Lennart (the guy who started the project).
Politics ruin everything.
For me the breaking point was systemd-journald. Corrupted journal when you desperatedly needed to know what went wrong was too much. Last time I gave systemd a try was several years ago... Something like 5 to 7 years, so things might have changed a lot.
Also I'm in the minority here. I like to custom my system components too. systemd just doesn't fit there. Also I administrate one lightweight, low power box, which uses musl libc. Last time I checked systemd needed glibc.
Enough ramblings. Here's some reading for you... note that there's most probably very biased technical writings here and there, so use common sense and verify the claims if you want the real truth. Then judge yourself, don't let anyone else judge for you.
Can't have it with any alternative init and rc in the same repo or do this and fiddle with wrappers and shims. Yees, OpenRC is the exception; because it was built as a drop-in and only does rc really.
In short, Systemd is a kraken that always grows arms. And they shit code like me after Taco Bells; it took years until we got seatd as alternative to way-too-big logind. Xorg is holy compared to their code quality.
On a modern system built around modern philosophies, its convenient. Doing stuff on systemd seems very intuitive to me and feels like a bit less work than the alternatives (atleast from my non-developer POV). If systemd hadn't become the standard maybe my opinion would be different, but most of the time it "just works".
On an older system, the alternatives are definitely lighter! If you're in the group of people who believes every megabyte counts, you care about systemd. There are also oldschool tech nerds who believe systemd is insecure (they might be right idk anything).
Two groups of people went to war over a difference of opinion.
- New! Different! Change! Bad!
- Hey, this works better than the old way. Let's use this instead.
Dude if you want to start a holy war with the Linux community over your first point, just mention Rust.
-dodges rotten fruit-
Everyone should support rust. It’s a good idea. It prevents an entire class of vulnerabilities. But the old guard says “just stop making mistakes and C is fine” which is an incredibly dumb thing to say but here we are.
Rust is encroaching on their territory and they don’t want to learn the new thing, and newbs don’t see many compelling reasons to learn the old thing, so they are fighting eachother.
You could equally mischaracterize it the other way around:
- Hey, this works worse for my workflow than before. I don't want to use it.
- New! Different! Change! Good! Put everywhere!
Fair, and representative of some opinions certainly.
But change, change is constant. Resist it and end up poorer and more bitter.
That can be true.. but it depends on the change... emptying your bank account is a change that would make you poorer, and having all those who love you die would be a change that is likely to make you bitter (or at least, sad).
Also, a lot of ancient software introduces change with relatively frequency.. the Linux kernel itself is in constant change, introducing new features, despite it having very strict rules concerning backwards compatibility.
The reason there was disagreement wasn't about whether the new thing is good/bad just because it's "New! Different!".. but about whether it was actually a good change or not.
In the same way, just because nitro is the new init system in town (a change from the current status Quo) does not mean it necessarily is better/worse, right?
Also, I remember that before systemd there was a lot of innovation when it comes to init systems... most distros had their own spin. And more diversity in components that now are part of systemd. I'd argue that ever since systemd became the de-facto standard, innovation in those areas has become niche. One could argue that there's less change now, distros are becoming more homogeneous and more change-adverse in that sense.
Two groups of people went to war over a difference of opinion.
- New! Different! Change! Bad!
'Change resistance' was the standard gaslighting. No one said 'different bad', in a time when enterprise linux had just switched from sysVinit to upStart. What they said was "this is built bad and wants to do too much, poorly. We don't like this."
And the response was "you're old, you hate change," and similar fallacies.
- Hey, this works better than the old way. Let’s use this instead.
I think you mean "I don't know how to do this in the normal way, so I'll try this other thing."
No one said ‘different bad’,
Plenty of people did. "What's the point of change?" "I'm happy with Sys-V" "I don't like Poettering", "Lennart is too powerfull" and a lot more irrelevant and personal attacks.
Please don't accuse me of gaslighting whilst gaslighting me in return. I was there, I lived through the worst of the Debian wars and saw some great people leave the project, and a side of some friends that I really didn't like. But that war is done and I have zero interest in continuing it so I'll leave this here.
Systemd is a very good chunk of code. It does the thing and it does it well. Nobody is arguing that systemd does a bad job at this point.
The problem is systemd does a LOT of things that used to be individual jobs handled by separate things. This is a potential security problem as it makes systemd a fantastic target. It’s in charge of so many things that if you pwn systemd, you can get that system to do anything you want.
Another concern are the ties to red hat. Red hat is not your friend. They are not to be trusted. Especially not right now. Remember who owns them, IBM, were quite friendly with the Nazis before and are looking like they are totally fine with being friendly with them again.
That last one is more of a tinfoil hat concern than a technical one, but at this point the tinfoil crowd have been proven right more often than wrong so it’s something to consider.
systemd does a LOT of things
... incompletely ...
that used to be individual jobs handled by separate things.
I wonder what new does this bring into the table?
I mean we already have at least these in addition to systemd:
- OpenRC + openrc-init
- s6 + s6-rc
- runit
- Epoch
- dinit
- minit
- GNU Shepherd
- finit
The state being stored in RAM seems like a nifty feature. I like it.
Very quickly glanced... I think it lacks service supervision and user services. Although user services are missing in many others too. Except it looks like users can run Nitro by themselves (autostart via cron @boot maybe?).
Somebody correct me if I'm wrong.
Anyway, more choices leads to more ideas being implemented. 👍
Initial commit on Oct 21, 2023
If I'd implement a new init system, the dependency system would be one of the first on my TODO list. So... That's strange. 🤔
Why do you have to have this xor that? Why can't I like both? I'm sure both have use cases where they work best.
Drop the hate already.
I'm a very mid-level Linux user. I use systemd because I'm just not familiar with how init systems actually work. I love that the choice is there, but I think systemd has it's place with users like me that get confused.
That being said, I did run Dracut on EndeavourOS because it was recommended for that distro. I never dived into it to see what the exact difference was, though I do remember running into some things I needed to do that Dracut did differently. There may come a day when I dive into inits, but for now I'm just happy if my system boots to desktop.
And I rest my case, lol. I don't even know the difference between init and initramfs. It's definitely a hole in my knowledge and I should know it going down the line, but I need the right time.
I'm here and there on what I want to learn at any moment. It's not like I can't learn, but it's all about what interests me at the time. I learn things in a scattered manner, which admittedly is a horrible way to learn but its just how my brain works.
Inits are simple. If you know gnu make, it's about as complicated as you can make an init.
SystemD is not just an init. That's the problem.
I got used typing "sudo service --status-all"
then got used to typing "sudo systemctl list-unit-files --type=service"
now a new one to learn "sudo nitroctl list"
looks simpler
That can only be a good thing for my gnarly arthritis fingers.
PoetteringD commands are too damn long
Also automatic paging can go fuck itself
sudo syc lsu-s. But yeah, on foreign systems (e.g. random VPS's) I can see your point.
Hate Systemd? A New Init System(Nitro) Debuts as a Minimalist Process Supervisor for Linux
Nitro is a tiny process supervisor that also can be used as pid 1 on Linux.There are four main applications it is designed for:
- As init for a Linux machine for embedded, desktop or server purposes
- As init for a Linux initramfs
- As init for a Linux container (Docker/Podman/LXC/Kubernetes)
- As unprivileged supervision daemon on POSIX systems
Nitro is configured by a directory of scripts, defaulting to /etc/nitro (or the first command line argument).
GitHub - leahneukirchen/nitro: tiny but flexible init system and process supervisor
tiny but flexible init system and process supervisor - leahneukirchen/nitroGitHub
like this
Fitik e Raoul Duke like this.
Big tech’s selective disclosure masks AI’s real climate impact
- Hackernews.
:::
Big tech’s selective disclosure masks AI’s real climate impact
Google claims to have disclosed new information proving its own efficiency. But it has hidden the bigger picture. Guess what: I’ve got the bigger picture for you right here in this big old po…Ketan Joshi
AI Is Eliminating Jobs for Younger Workers: New research from Stanford provides the clearest available evidence that AI is reshaping the workforce—but it’s complicated.
This paper examines changes in the labor market for occupations exposed to generative
artificial intelligence using high-frequency administrative data from the largest payroll software
provider in the United States. We present six facts that characterize these shifts. We find that
since the widespread adoption of generative AI, early-career workers (ages 22-25) in the most
AI-exposed occupations have experienced a 13 percent relative decline in employment even after
controlling for firm-level shocks. In contrast, employment for workers in less exposed fields and
more experienced workers in the same occupations has remained stable or continued to grow.
We also find that adjustments occur primarily through employment rather than compensation.
Furthermore, employment declines are concentrated in occupations where AI is more likely to
automate, rather than augment, human labor. Our results are robust to alternative explanations,
such as excluding technology-related firms and excluding occupations amenable to remote work.
These six facts provide early, large-scale evidence consistent with the hypothesis that the AI
revolution is beginning to have a significant and disproportionate impact on entry-level workers
in the American labor market.
Canaries in the Coal Mine? Six Facts about the Recent Employment Effects of Artificial Intelligence — Stanford Digital Economy Lab
This paper examines changes in the labor market for occupations exposed to generative artificial intelligence using high-frequency administrative data from ADP, the largest payroll software provider in the United States.Stanford Digital Economy Lab
77 Malicious Android Apps With 19M Downloads Targeted 831 Banks Worldwide
- Anatsa malware first emerged in 2020 as an Android banking trojan capable of credential theft, keylogging, and enabling fraudulent transactions.
- The latest variant of Anatsa targets over 831 financial institutions worldwide, adding new countries like Germany and South Korea, as well as cryptocurrency platforms.
- Anatsa streamlined payload delivery by replacing dynamic code loading of remote Dalvik Executable (DEX) payloads with direct installation of the Anatsa payload.
- Anatsa implemented Data Encryption Standard (DES) runtime decryption and device-specific payload restrictions.
- Many of the decoy Antasta applications have individually exceeded 50,000 downloads.
- Alongside Anatsa, ThreatLabz identified and reported 77 malicious apps from various malware families to Google, collectively accounting for over 19 million installs.
Anatsa’s Latest Updates | ThreatLabz
This analysis explores the latest updates to the Anatsa Android malware family.Himanshu Sharma (Zscaler)
Fitik likes this.
Google plans to begin verifying the identity of all developers who distribute apps on Android, even if it's outside the Play Store, starting September 2026
cross-posted from: programming.dev/post/36316138
::: spoiler Comments
- Hackernews;
- Lobsters.
:::
Google plans to begin verifying the identity of all developers who distribute apps on Android, even if it's outside the Play Store, starting September 2026
::: spoiler Comments
- Hackernews;
- Lobsters.
:::A new layer of security for certified Android devices
Starting in 2026 and in select countries first, Android apps must be registered to a verified developer in order to be installed.Android Developers Blog
Google plans to begin verifying the identity of all developers who distribute apps on Android, even if it's outside the Play Store, starting September 2026
cross-posted from: programming.dev/post/36316138
::: spoiler Comments
- Hackernews;
- Lobsters.
:::
Google plans to begin verifying the identity of all developers who distribute apps on Android, even if it's outside the Play Store, starting September 2026
::: spoiler Comments
- Hackernews;
- Lobsters.
:::A new layer of security for certified Android devices
Starting in 2026 and in select countries first, Android apps must be registered to a verified developer in order to be installed.Android Developers Blog
Raoul Duke likes this.
Google plans to begin verifying the identity of all developers who distribute apps on Android, even if it's outside the Play Store, starting September 2026
cross-posted from: programming.dev/post/36316138
::: spoiler Comments
- Hackernews;
- Lobsters.
:::
Google plans to begin verifying the identity of all developers who distribute apps on Android, even if it's outside the Play Store, starting September 2026
::: spoiler Comments
- Hackernews;
- Lobsters.
:::A new layer of security for certified Android devices
Starting in 2026 and in select countries first, Android apps must be registered to a verified developer in order to be installed.Android Developers Blog
like this
Raoul Duke e ☆ Yσɠƚԋσʂ ☆ like this.
Android developer verification requirements
Use this form to submit questions or feedback about the new Android developer verification requirements announced in August 2025. You can learn more about the requirements in the Android developer verification guide. Sign up for early access here.Google Docs
Google plans to begin verifying the identity of all developers who distribute apps on Android, even if it's outside the Play Store, starting September 2026
cross-posted from: programming.dev/post/36316138
::: spoiler Comments
- Hackernews;
- Lobsters.
:::
Google plans to begin verifying the identity of all developers who distribute apps on Android, even if it's outside the Play Store, starting September 2026
::: spoiler Comments
- Hackernews;
- Lobsters.
:::A new layer of security for certified Android devices
Starting in 2026 and in select countries first, Android apps must be registered to a verified developer in order to be installed.Android Developers Blog
adhocfungus likes this.
Google plans to begin verifying the identity of all developers who distribute apps on Android, even if it's outside the Play Store, starting September 2026
cross-posted from: programming.dev/post/36316138
::: spoiler Comments
- Hackernews;
- Lobsters.
:::
Google plans to begin verifying the identity of all developers who distribute apps on Android, even if it's outside the Play Store, starting September 2026
::: spoiler Comments
- Hackernews;
- Lobsters.
:::A new layer of security for certified Android devices
Starting in 2026 and in select countries first, Android apps must be registered to a verified developer in order to be installed.Android Developers Blog
This might also be the beginning of android.
So far, people have been OK with modifying the existing phones to fit their needs. We're slowly approaching the critical inconvenience point beyond which it might be easier to buy OEM parts and start assembling un-googled phones.
Android developer verification requirements
Use this form to submit questions or feedback about the new Android developer verification requirements announced in August 2025. You can learn more about the requirements in the Android developer verification guide. Sign up for early access here.Google Docs
Google plans to begin verifying the identity of all developers who distribute apps on Android, even if it's outside the Play Store, starting September 2026
cross-posted from: programming.dev/post/36316138
::: spoiler Comments
- Hackernews;
- Lobsters.
:::
Google plans to begin verifying the identity of all developers who distribute apps on Android, even if it's outside the Play Store, starting September 2026
::: spoiler Comments
- Hackernews;
- Lobsters.
:::A new layer of security for certified Android devices
Starting in 2026 and in select countries first, Android apps must be registered to a verified developer in order to be installed.Android Developers Blog
adhocfungus likes this.
Google plans to begin verifying the identity of all developers who distribute apps on Android, even if it's outside the Play Store, starting September 2026
cross-posted from: programming.dev/post/36316138
::: spoiler Comments
- Hackernews;
- Lobsters.
:::
Google plans to begin verifying the identity of all developers who distribute apps on Android, even if it's outside the Play Store, starting September 2026
::: spoiler Comments
- Hackernews;
- Lobsters.
:::A new layer of security for certified Android devices
Starting in 2026 and in select countries first, Android apps must be registered to a verified developer in order to be installed.Android Developers Blog
Google plans to begin verifying the identity of all developers who distribute apps on Android, even if it's outside the Play Store, starting September 2026
cross-posted from: programming.dev/post/36316138
::: spoiler Comments
- Hackernews;
- Lobsters.
:::
Google plans to begin verifying the identity of all developers who distribute apps on Android, even if it's outside the Play Store, starting September 2026
::: spoiler Comments
- Hackernews;
- Lobsters.
:::A new layer of security for certified Android devices
Starting in 2026 and in select countries first, Android apps must be registered to a verified developer in order to be installed.Android Developers Blog
like this
SuiXi3D likes this.
Whatever the hell I do outside the playstore is none of Googles business and though this too is handwaved away by claiming improved security, we all know this has fuck all to do with security.
This is just again Google being a monopoly and wanting to stay that way by pushing out other developers
I guarantee you that newpipe devs will not be able to get verified, and now Google can block yet another app
Fuck. google. (Also apple and gicrosoft
What? Graphene OS only runs on Google Pixel devices.
Even ROMs with wider hardware support like Lineage OS only run on expensive devices too (Or very old discontinued ones that you can't find anywhere and have no firmware or kernel updates).
Run? Probably. Work flawlessly? Questionable. It needs to be built (as with every OS update) for every specific device. The developers only do builds for pixel devices (faq). You can take the source and build it for your device. I have no idea how you'd even begin to do that or what that would entail, but most probably, you'd to be able to add drivers for things like fingerprint sensors or cameras unless you are ok with losing access to some functionalities.
My understanding is that phones are hard to support with one "do all" operating system. Thats why all manufacturers take AOSP and modify it with their own code - specific to each device and make builds for each. A bit different mentality to what we do on PCs, where one build of an operating system will just work everywhere.
GrapheneOS Frequently Asked Questions
Answers to frequently asked questions about GrapheneOS.GrapheneOS
Then make sure your next device is capable of running linear joes without Google Play services before you purchase it.
These days I do not make a phone purchase without making sure it will run lineage OS first.
When I purchased my device in 2023, I purchased the OnePlus Nord N200 5G, which was released in 2021, brand new in the box, because it supported Lineage OS, and I'm still using it today.
It's because I only charge my phone between 30 and 80%. It still has less than 400 charge cycles on the battery. And so I'm basically using a 4-year-old device as a 2-year-old device and it still works fine with lineage OS.
I also paid $300 for it brand new in the box.
Unfortunately $300 is still the double if what I'm willing to pay for a phone, I paid 150 for my spyware phone, and while I hate the lack of privacy and freedom such device provides, it does everything I need it to do with the apps from f-droid. I just don't use it for anything that requires secrecy.
I guess I will just stop updating when the new "feature" rolls out and see what happens.
Yeah, I'm not sure just how low of a device you can get and get Lineage OS on it. I know that I generally don't pay less than about 300 for devices because otherwise they get too slow for my use case.
I definitely don't need a $700 device or above, but 300 to about 400 is my sweet spot.
This isn't about you.
Also this kind of liberal argument of, 'The gestapo cannot catch me because I bought skates!' is stupid and tiring.
If the gestapo outlaws skates and I can't get them on the black market and the society is fine with concentration camps that's also allright. I'm too old to care.
Should that help people who were unfortunate to install that malware before the dev is banned?
It doesn't say but it would make sense to check the certs periodically and not just on install.
Also how exactly do they hope to identify the dev as already banned if he tries to register again?
Scrivere a mano nell'epoca dell'algoritmo: un ritorno al passato o una proiezione al futuro?
Scrivere a mano nell’epoca dell’algoritmo: un ritorno al passato o una proiezione al futuro?
La scrittura a mano non è un ritorno nostalgico al passato, ma un ripensamento del nostro presenteE la nave va
Scrivere a mano nell’epoca dell’algoritmo: un ritorno al passato o una proiezione al futuro?
Scrivere a mano nell’epoca dell’algoritmo: un ritorno al passato o una proiezione al futuro?
La scrittura a mano non è un ritorno nostalgico al passato, ma un ripensamento del nostro presenteE la nave va
very_well_lost
in reply to chobeat • • •That's pretty staggering when you consider that it's no longer possible to do a Google search without generating an AI summary. Google processes something like 8 billion searches per day, so if each one of those triggers a prompt equivalent to watching 9 seconds of television, every day the total power cost is equivalent to about 2200 years of TV watching. Per day. And that's just search, for just one tech company.
Imgonnatrythis
in reply to chobeat • • •likely the entire
Surface of the
earth will be
Covered with solar
panels and data
enters."