This feels very “just found out about politics and damn” tbh.

Ok.

I think this would be of value for sharing with people that aren’t aware (my kid when she was younger).

Or is there a better resource to do this?

This is all I’ve run across on reverse engineering, so far but it is quite interesting.

https://bsky.app/profile/filippo.abyssdomain.expert/post/3kowjkx2njy2b

I have a feeling there are a lot of busy people trying to answer that question, now. Yikes.

Yeah it sounds pretty wild already with some kind of, like, door knock mechanism using certificates? So you can’t scan for it. And some reverse engineering countermeasures.

Like everyone else, I have to wonder what libraries have been compromised in a way that nobody has noticed yet.

Some of the trust comes from eyes on the project thanks to it being open source. This thing got discovered, after all. Not right away, sure, but before it spread everywhere. Same question of trust applies to commercial software too.

Ideally, PR reviews help with this but smaller projects esp with few contributors may not do much of that. I doubt anyone has spent time understanding the software supply chain (SSC) attack surface of their product but that seems like a good next step. Someone needs to write a tool that scans the SSC repos and flags certain measures like the # of maintainers.

PS: I have the worst allergies I’ve had in ages today and my brain is in a histamine fog so maybe I shouldn’t be trying to think about this stuff right now lol cough uuugh blows nose

Very annoying - the apparent author of the backdoor was in communication with me over several weeks trying to get xz 5.6.x added to Fedora 40 & 41 because of it’s “great new features”. We even worked with him to fix the valgrind issue (which it turns out now was caused by the backdoor he had added). We had to race last night to fix the problem after an inadvertent break of the embargo.

He has been part of the xz project for 2 years, adding all sorts of binary test files, and to be honest with this level of sophistication I would be suspicious of even older versions of xz until proven otherwise.

Damn. I would love to see a full post mortem on this compromise.

Well maybe they aren’t experienced info security professionals :)

Idk what you’re into buddy

but I like it.

Inflation.

I get where you’re coming from but is he managing his risk or not?

Does he understand the risk? If yes, good. No? Bad.

Is he ignoring the risk? If yes, bad. No? Good.

Is he weighing the risks against the benefits he receives of using these apps and taking appropriate steps to mitigate those risks? If yes, then good. No? Bad.

Cyber security isn’t “lock everything down at all costs”. Otherwise I would insist you throw your phone in an incinerator along with all your computers, live in a bunker reinforced against nuclear attack with a small army to guard you, never leave it, never talk to anyone… Etc.

It is enabling one to achieve their goals with a tolerable amount of risk. That level of tolerable risk is different for everyone.

It isn’t rude to examine religious texts, myths, and traditions from an academic viewpoint, however.

According to World History Encyclopedia, the story is adapted from non-Israelite, near eastern myths.

… the concept of a “garden” of a god(s) was a very common metaphor in the ancient Near East of where the god(s) resided. For the narrator of Genesis, the “Garden in Eden” was imaginatively constructed for an etiological (origin or cause of things) purpose, not as a divine residence, but of the first man and woman on earth – Adam and Eve. As generally accepted in modern scholarship, Genesis 1-11 is labeled as the “Primeval History,” which includes mythologies and legends that were very common not just in Israel, but throughout the ancient Near East. These myths and legends are not Israelite in origin but were adapted by the biblical writers for either polemical or rhetorical purposes.

Totally agree. Have been there and done that quite a few times too.

POLISH HIM!

I mean motion is all relative anyway, right? So would teleportation be like throwing a ball on a train? That is, the ball’s motion depends on the frame of reference. So maybe teleporting would work that way if it were actually possible.

Very cool. Easily my favorite use for 3d printing.

Related, I think there are several sets of files for various RC cars I have run across. Would be kind of fun to download a whole (RC) car :)

Hopefully people with more of a clue than me will chime in… Meanwhile, my best swag is the filesystem had issues and had to do an fsck? If that’s the case it would boot quickly next time assuming a clean shutdown.

Were there any errors during boot?

Fastboot enabled in BIOS or no? (Not sure if this has anything to do with anything I’m just trying to look useful)

PS: the weird active time could maybe somehow be related to the filesystem being borked needing fsck? I’m not sure.

Definitely do not give up! It won’t always be like this. Woodworking (apparently) takes a long time to get great at. I wouldn’t know since I still suck lol.

I would think you could fix the glue stain by sanding and refinishing (assuming the veneer is thick enough?), but I am a noob and I suck, as mentioned above…

This guy again?

(Kidding…

wait… maybe I’m the twat. …crap)

Despite a sizeable backlog I still bought stuff. American Truck Simulator, The Longing, and Subnautica.