Nostr Web Client

Replying to

cuban

and if it wasn't for a performance obsessed fella out there they would have gotten away with it

but also, yeah that's bad

Hazey 1y ago

Can you please elaborate what this is about?

Reply to this note

Please Login to reply.

Discussion

cuban 1y ago

there was someone who noticed that software he used to loging was taking like a half a second longer then normal. He reported it and it turned out someone had snuck malware into the test version of a commonly used debian package...

Hazey 1y ago

Ah right the xz utils

atyh 1y ago

Code fragments were snuck into multiple testing branches. The commit to production brought them all together. But the xz library was chosen specifically because of its potential to spread the exploit to ssh, and 80% of the servers in the world.

But one dude who spends all his time in front of a screen noticed a subtle delay…

That’s an Easter gift as far as I’m concerned.

cuban 1y ago

Ooo, didn't realize it hadn't gotten that spread

The Bird 1y ago

What is an xz library?

Hazey 1y ago

Data compression software used by different packages including ssh

The Bird 1y ago

Thank you. I'm learning more about this because I have absolutely no clue.