Yes, you was right. He said that the backdoor was inside (partially?) such tar files .. what is confusing me now is that he said also that it get triggered at configure and so at compiling time ... And probably I don't fully know the process from where other distros (fedora and Debian) use xz source to build distro packages .. So probably I would need to look at such stuff .. Were such tar files sources or binary ready compiled files ? .. Need to give a look into ...
The xz package was backdoored, and the payload appears to be targeting SSH on x86_64 Fedora and Debian.
What you need to know:
- The backdoored version did not make it into any stable distros
- It was caught about a month after it was introduced
- It did make it into some bleeding edge distros (e.g. Debian's unstable branch: sid)
- It only affected the binary releases, so if you build from source, you were safe from this one
- It was only caught because the backdoor caused some tests to take a half second longer, someone noticed this and decided to investigate why
Get the technical details directly from the person who discovered it: https://www.openwall.com/lists/oss-security/2024/03/29/4
I'm not fully agree with that. You said:
~~~
What you need to know:
- It only affected the binary releases, so if you build from source, you were safe from this one
~~~
The backdoored xz was from upstream github, and was ported to Debian and fedora by building from source ... Also the backdoor get added to binarys by compiling it from source, since the malware is offuscaded not at the source by it is at side files included during compiling
Then I understood that it will only trigger at x86_64 , also if vulnerable xz packages were included on macosx brew .. That run almost arm architecture
This is how xz backdoor was discovered
It doesn't change. Eveyhing will change only if people will use bitcoin instead of Fiat money, allowing true freedom and cutting hands from who now controll money with his printers for corruption. This is not strictly bound to its intrinsic value.
Well what I found cool by inviziblepro is that i t has VPN mode. You can choose which app you want to work on it , so for example you can fine grain of what you are running under tor . and the always on feature grant you that you only exit by that. I use it under shelter .. So I can freeze anytime I want and I can't substitute invisible pro with another VPN with easy .
Better to get seen pissing than to get seen pissed
Wind blows where it wants for itself
i'm so poor
i can't even pay attention
Who cares? Why governments are doing the complete opposite to tha what people want? While people are not clashing yet ?
Not sure what you mean in general? I have heard devs talk about not liking hodl invoices and I guess this is why.
Not sure how much of a problem it is in practice, like how often do forced channel closes actually happen.
nostr:npub1mutnyacc9uc4t5mmxvpprwsauj5p2qxq95v4a9j0jxl8wnkfvuyque23vg nostr:npub1xnf02f60r9v0e5kty33a404dm79zr7z2eepyrk5gsq3m7pwvsz2sazlpr5 can you tell us more?
Do you have your own node ? Are your channels private or public ? Who are your peers ?
Microsoft Is Spying on Users of Its AI Tools
Comments ( https://news.ycombinator.com/item?id=39442429 )
https://www.schneier.com/blog/archives/2024/02/microsoft-is-spying-on-users-of-its-ai-tools.html
The same old fucking story .. i don't understand microsoft users
I was wondering if exist openwrt for stuff like that but i haven't found https://www.tp-link.com/au/home-networking/dsl-modem-router/archer-vr2100v/
I use my own router, however i wasn't able to use openwrt due to the fact that i need to handle also phone calls by sip that are integrated in the router by rj11 ports. Do you know if does exist a openwrt firmware also for such kind of routers that include voip by rj11 ports ?
Thanks for your intetest.. i'll write to support. Happened after that sats arrived at account like 1hour after
nostr:npub1getal6ykt05fsz5nqu4uld09nfj3y3qxmv8crys4aeut53unfvlqr80nfm i sent sats to getalby .. while they results sent correctly at getalby they seem not reached .. any hints for asking help and have support? Thanks in advance