deleted by creator
deleted by creator
This is all I’ve run across on reverse engineering, so far but it is quite interesting.
https://bsky.app/profile/filippo.abyssdomain.expert/post/3kowjkx2njy2b
I have a feeling there are a lot of busy people trying to answer that question, now. Yikes.
Yeah it sounds pretty wild already with some kind of, like, door knock mechanism using certificates? So you can’t scan for it. And some reverse engineering countermeasures.
Like everyone else, I have to wonder what libraries have been compromised in a way that nobody has noticed yet.
Some of the trust comes from eyes on the project thanks to it being open source. This thing got discovered, after all. Not right away, sure, but before it spread everywhere. Same question of trust applies to commercial software too.
Ideally, PR reviews help with this but smaller projects esp with few contributors may not do much of that. I doubt anyone has spent time understanding the software supply chain (SSC) attack surface of their product but that seems like a good next step. Someone needs to write a tool that scans the SSC repos and flags certain measures like the # of maintainers.
PS: I have the worst allergies I’ve had in ages today and my brain is in a histamine fog so maybe I shouldn’t be trying to think about this stuff right now lol cough uuugh blows nose
Very annoying - the apparent author of the backdoor was in communication with me over several weeks trying to get xz 5.6.x added to Fedora 40 & 41 because of it’s “great new features”. We even worked with him to fix the valgrind issue (which it turns out now was caused by the backdoor he had added). We had to race last night to fix the problem after an inadvertent break of the embargo.
He has been part of the xz project for 2 years, adding all sorts of binary test files, and to be honest with this level of sophistication I would be suspicious of even older versions of xz until proven otherwise.
Damn. I would love to see a full post mortem on this compromise.
Inflation.
I think you win.
If you haven’t yet, give Lief Ove Andsnes’ rendition a try.
Everyone has their favorite interpretations, I guess. This is one of mine. From a pianist that impressed the hell out of me when I first heard him.
(The album Horizons if the link doesn’t work or you’re boycotting Spotify or whatever)
God I am getting crazy goosebumps just listening to this again. I love the 9th symphony so much.
Oh wow that is amazing. Thank you!
I forgot how much I love this kind of choral music.
And aren’t corporations people?
It seems Rabbit has followed several of these principles…
Oof. Would a mirror help? Either clip onto handle bar or clip onto glasses/sunglasses?
Yum. Not sure if it is the same stuff or comparable but my lazy-ass guac is basically mashed avocados and Lawry’s Fire Roasted Chili and Garlic Powder and it is quite yummy with chips.
This stuff:
Hopefully people with more of a clue than me will chime in… Meanwhile, my best swag is the filesystem had issues and had to do an fsck? If that’s the case it would boot quickly next time assuming a clean shutdown.
Were there any errors during boot?
Fastboot enabled in BIOS or no? (Not sure if this has anything to do with anything I’m just trying to look useful)
PS: the weird active time could maybe somehow be related to the filesystem being borked needing fsck? I’m not sure.
deleted by creator
“what is this ‘switch’ of which thou speakest?”
I’m the guy who makes sure the castle is built to keep out the invaders. Only everything is made of captured lightning.
Gets burned at the stake
Boxerbrief gang.
Nobody is both that bored and that motivated. Unless paid.