Show threadChewieApr 4, 2024
@eff @theintercept #xzbackdoor #xzutils #xzgate
Joachim WibergMar 31, 2024

My takeaways from the sad #xzgate affair are:
- I’m old
- ppl don’t know C or autotools
- lotsa ambulance chasers
- lots unfamiliar w/ maintenance
- ppl with opinions + many followers

I’m realising more and more that most ppl with opinions out there are huge asses who just talk the talk. Very few actually working with shovels or even having seen the mud we speak of.

I’ll be out here, shipping my working software, making customers happy, and getting paid to do so. I’ll turn off the light …

Marco "Ocramius" PivettaMar 30, 2024

Saved the world from Linux Armageddon:

> You are the 182288th visitor to this page! I'm receiving $5.06 per week from 10 patrons, and my goal is $10.00. Feel free to contact me with any questions or comments :)

https://boehs.org/node/everything-i-know-about-the-xz-backdoor #xz #xzBackdoor #xzgate

Everything I know about the XZ backdoor

Please note: This is being updated in real-time. The intent is to make sense of lots of simultaneous discoveries

GallorumMar 30, 2024

J'avoue, j'ai toujours pas compris comment xz, utilitaire en espace utilisateur, pouvait introduire une porte dérobée dans ssh, autre exécutable en espace utilisateur, via le noyau (pas en espace utilisateur donc).
Mais peut-être que j'ai encore moins compris que ça en fait.

#xzGate