 So, I have been asked a few times to give an opinion on the recent security issue that was found on Linux, the XZ backdoor. And I was resistant at first because honestly, all the technical details you can find better elsewhere. I don't know as much about it as I probably should and I definitely don't know enough about it to make a video on it and talk about the technical details of it. I just don't. I know that it has to do with SSH. I know that it's really bad. I know that we seem to be lucky that it was caught when it was and I know that the response to it has been excellent across the board. Those are the things that I know. But technologically speaking, I don't know much. So I was resistant to making a video but I've been listening to some podcasts as I do. I listen to a lot of Linux podcasts and I've been listening to or watching a few YouTube videos about this. And I wanted to actually chime in on a few things. I'm going to bypass the technical details because again, I don't know anything and when you don't know something, you probably should keep your mouth shut. So that's what I'm going to do. But instead what I want to do is talk about the state of Linux such as it is when it comes to this type of thing. Because in comparison to Windows or other proprietary pieces of software, I think that Linux is remarkably resilient to this type of thing. And that doesn't mean that, oh, Linux is more secure. I've made a whole video about how Linux isn't actually as secure as you think it might be. It's really not. It doesn't mean that Linux is going to protect your privacy or it's harder to create malware for whatever. None of those things are true. The open nature of Linux and other open pieces of software makes it much easier for this type of thing to be found because usually that means that there's more eyes on the code than just the people who are getting paid to develop it. So if you're a Windows engineer or you work for Apple and you're creating MacOS, yeah, you probably have quite a few people that are working with you to create that thing, obviously. And you're talking about a community of people who are looking at something. It is much more likely for this type of thing to be caught. Now, it doesn't mean that stuff can't pass by even when there's millions of eyes looking at it, right? It's still, that's still possible. But because of the open nature of the code, there are smart people out there who are constantly looking through this stuff and can find the stuff when it's there to be found. And that is very comforting for people who use Linux and who aren't able to look at the code. So like me, I can't look at the code and tell you this, this, and this is, you know, the way it's supposed to be. I'm not a developer of any kind. I dabble in Python, I dabble in C, but my knowledge of those things is still very newbish, if you will. And you know, so I can't participate in that way, but it gives me a lot of comfort to know that because Linux is open source, because all these libraries and dependencies and stuff are open source, and there are people out there who are developing these things and looking at them and testing everything. It gives me a sense of comfort to know that because the code is open, stuff like this can be found. Now, I've been, when this first was announced, I saw a lot of FUD, fear, uncertainty, and doubt, right? I saw, well, Linux is screwed. I saw this is a flaw of open source because this guy could just come in and contribute and, you know, sneak in the back door and just walk away, right? There was no accountability. There was, you know, a whole bunch of people talking about how if this was proprietary, it'd be much harder to do because just some random person off the street can't come in and throw in some malicious code. And there is some truth to that. Of course, there is. Open source guys don't want to hear it, but the nature of open source does mean that anybody can come in and contribute to anything. And it's up to the maintainers of the projects, basically the owners of the projects to do all the vetting to keep the bad people out. And most people I've found assume that people who can come contribute to their code are probably pretty, you know, good people. Like they're not there maliciously. They may assume that those people don't know what they're doing or they have some problems with their code. But usually that's a technical deficiency, not a moral one, right? So, yes, this seems to have been easier because of open source, but two things on that. First, we see back doors in proprietary software all the time, like some of them on purpose. Like we hear horror stories of the NSA putting in back doors and routers and windows and all the stuff. No, whether or not any of that stuff is true. I don't know. I don't pay attention to the conspiracy theories, but we hear the stories, right? So we know and we know that windows has had back doors in the past, many, many of them. Like once or twice a year, we hear about this stuff. And a lot of that stuff is in older versions of windows that are no longer being patched and all this stuff. It's all it's a horrendous business. And a lot more people use windows than use Linux, obviously. So just because this happened to open source doesn't mean it doesn't also happen on the proprietary side. It happens in both. It's not necessarily easier on open source because it obviously happens in proprietary land as well. So there's that. Another thing, well, yes, this did happen because it was open source. It was easier, I suppose, if that's what they want to say. It was also much easier for it to be found because the code was open. It allowed this Microsoft engineer, ironically enough, to go back into the code and find out that this back door is causing something to run slow. And that's how they found it, right? And they were able to go in and pinpoint where the code actually was. And they wouldn't actually be able to do that if the code wasn't open source. So it's kind of a double-edged sword, but it's still, I think, that the benefits of open source way outweigh the fear you have of some malicious state-sponsored actor coming in and putting in malicious back doors into every single Glypsy library that we use. You know, I think that that's probably pretty rare. And while I expect it probably does happen more often than I'd like to admit, I think that because the community has grown so large and a lot of people are looking at this stuff, we can kind of still breathe easily knowing that that system of checks and balances is kind of going on in the background. And that just makes me feel more secure in it than less, actually. So overall, my thoughts are this. Because there was a lot of fear that was sprouted online about this. Linux is fine. Linux is just as secure as it was before the back door was found. Absolutely this is true. Because it wasn't secure at all. Linux is as secure as you make it. And that's always been the case, right? There's been bugs in the code for 30 years. You know, no developer that works in the Linux kernel is absolutely 100% perfect. We all know this. There are humans just like the rest of us and humans make mistakes. And you can't have 35 million lines of code or whatever the Linux kernel is up to now and not expect there to be security flaws. And you just, I wouldn't care if all those lines of code were written in rust. You're still going to have security issues in that code. It's just going to happen. So before this was found, Linux was insecure. After this Linux was found, Linux is insecure. And if you care about your security on Linux, you need to do two things. First, you need to pay attention to when things are going fishy. Second of all, you need to have some faith that people are looking into this and actually trying to make it more secure, which is absolutely happening. And third, you have to make sure you protect yourself as much as possible. I've talked about this many times before in my privacy and security related videos about how you should definitely make sure you're not using the same password everywhere, how you always keep your computer up to date as much as possible. Make sure you're paying attention to the news so that when stuff like this comes down, you know what you have to do. Because a lot of distributions had specific things that you had to do in order for this, for the fix to take place once they've found the back door and had the fixes in place. Either they rolled back or you had to roll back on your own whatever happened to be, right? So you should definitely pay attention to the news for when this stuff comes out for your particular distro so you know exactly what you need to do in order to make sure that you are safe and secure as possible. So there are things that you do. And that's really the only place you have power in this equation is to make sure that you control your own security as much as possible. And therefore that's as secure as you're going to be. Because like I said before, Linux is inherently insecure just by nature of it being as large as it is and run by imperfect humans. It's just kind of the way, the nature of the beast, if you will. I mean, Windows is the same way. It's just proprietary. And Linux has an advantage over Windows and that it is open. And there is a much larger community going in and constantly looking at code, churning it over, testing it, making sure that it is as secure as possible, right? I think that the open source nature of it really does lend it to being more secure than proprietary software, but that doesn't make it secure if that makes any sense. So those are my very general rambly thoughts on the XZ backdoor thing. Don't listen to people who spout fear, uncertainty and doubt. Don't listen to them, okay? If all they have to say is that Linux is doomed because of this thing, then they're not worth listening to because this, well, it is definitely bad. It was caught. And the fact that it was caught, I think, is a reason to hope, not a reason to fear. So everybody should take a deep breath on this thing and just kind of remember that the best security processes always come from you, not from developers that you don't have a relationship with. So that's it for this one. If you have thoughts on this, you can leave those in the comment section below. I'd love to hear from you. I know a lot of people have a lot of thoughts on this. So again, leave them in the comment section below. I'd love to hear from you. If you haven't already, leave a thumbs up on this video. It really helped the channel and I'd really appreciate it. If you haven't already, hit the subscribe button. I make several videos a week on Linux content. And if you wanna see those videos, make sure you subscribe, hit the notification bell icon, all that stuff that Linux YouTubers and YouTubers in general tell you to do. I'm right here with them. So if you can do all that stuff, I'd really appreciate it. You can follow me on message on our Odyssey. Those links will be in the video description. You can support me on Patreon at patreon.com slash the Linuxcast. You can also head on over to the store, which is available at shop.thelinuxcast.org. There you'll find desk mats and hoodies and hats and T-shirts and all sorts of stuff. All the proceeds for that go directly towards helping me make more Linux content for you guys at shop.thelinuxcast.org. Thanks for everybody who does support me on Patreon and YouTube because they're all absolutely amazing without you. The channel is just not anywhere near where it is right now, so thank you so very, very, very, very much for your support. I truly do appreciate it. I hope everyone has a wonderful week and I hope you have a wonderful day. I'll see you next time. Thanks for watching.