Another independent maintainer would have helped too. Many eyes make bugs shallow, but just one extra genuine maintainer would have helped enormously. Clearly the existing maintainer trusted the attacker completely, but a second maintainer would not have. That's another social dimension to this attack: doing enough real work to suppress other maintainers coming along.
Your "product" is what you sell. The owners of redis labs don't sell redis, they sell hosting, as far as I can see, in which case they made themselves a competitor to AWS, Azure, etc. And they don't have a competitive advantage in that. Also, why should AWS not compete back? Is a hosting company supposed to sit back and watch another hosting company just win business?
> And they don't have a competitive advantage in that.
Sure they do. As the original authors of the product, they should have the best understanding of its features, and are in the best position to augment it in ways other pure hosting competitors can't or won't. They have first-mover advantage to build novel features, and integrate them into commercial propositions that benefit their customers first. They should also know best how to deploy and scale the product, even if their competitors excel at this.
If Redis Labs wasn't able to compete with AWS and other pure hosting providers, then they failed at taking advantage of their position. This is not an indication that the open core model can't be successful for both OSS users and the business. E.g. see Grafana.
Of course, this also depends on the nature of the product. A general purpose database or another core infrastructure product is much more attractive for hosting competitors than a purpose-built product.
You don't have to throw it away. You can give it away. Your gift displaces for some time the purchase of a new item. This still proves the point that you should aim to buy products where the consumable components are repairable and where the non-repairable components are durable.
bypass paywall clean is excellent. And you can use it on your phone, at least if you have the relative freedom of Android. You need firefox nightly, which allows any extension to be added; other versions of Firefox limit add-ons to a curated list. There are other builds of Firefox for Android that allow any add-on, but Firefox Nightly is an easy install from the Play Store.
Then you need to make a personal collection of addons at the firefox addon site, link firefox nightly to your Add-On collection, and as long as you added bypass paywall clean (custom) to your collection, you're off the races. The "custom" version of the add-on has a simplified UI with better defaults for a mobile phone. This is not a tutorial, but it's not too hard to get this addon working on Android. Firefox nightly despite the name is stable on my Pixel 6 pro.
This has greatly improved my browsing experience on my phone.
For the record, I subscribe to the Economist, Wired, NY Times, Telegraph (UK), the Guardian, The Age, lwn and the Conversation (via repeating donation) so I don't think I am much of a free-loader.
Use a 2fa app with backups, or one that syncs to different devices (e.g. authy). It's distributed TFA.
The phone number is not very secure, so I don't think it should be a part of TFA. I therefore agree that it is unwise to allow Google to use it for this. I also have a fake dob on my phone account to make Sim porting harder, but you can't trust that you have control over your phone number.
Let's hope lwn doesn't suffer the same fate... if there are any LJ subscribers who don't subscribe to lwn, I hope they may take out a lwn subscription.
Thanks for thinking of us! LWN is not making anybody rich, but we're on reasonably solid ground for now. Despite what some folks are saying, the Linux community is willing to support at least some of the things it values. Our biggest problem at the moment is finding writers who can work at the level our readers expect.
Jonathan, I'm one of your subscribers and it's worth every penny. Thank you for doing the awesome job of compressing the relevant events and changes in the Linux world into clear and concise articles and helping me navigate the complicated world of the kernel.
Or today's article on the CTF debugging format. They're pretty much the only resource aimed at intermediate or advanced developers that's written to be highly technical but not academic.
I think FOSS has not sufficiently explored the donation model. I'd be keen to donate a decent amount of cash to get some fundamental improvements to Emacs, for example. Lots of developers are relatively well paid and use a lot of free tools.
I reluctantly decided that my MacBook days were over with these 2016 machines. But moving to linux was a huge step. So I bought a $360 2011 ThinkPad W520. A quad core laptop (with 32gb ram capacity). To experiment. Well, it was a dream machine, so now I'm using a quadore ThinkPad p50 (xubuntu) (with NVIDIA graphics). This is a great experience. It runs VMware way better than macos, and the keyboard ....
