-
nicolas17
-
katia
-
JAA
Same-ish thing, xz.tukaani.org was hosted on GitHub.
-
fireonlive
-
katia
i am deaf now
-
fireonlive
f
-
nicolas17
-
nicolas17
youtube.com/watch?v=btdjLLXtvZA I had never seen this original video the meme came from
-
pabs
-
fireonlive
-
fireonlive
:3
-
pabs
-
JAA
Heh
-
JAA
zstd++
-
eggdrop
[karma] 'zstd' now has 1 karma!
-
fireonlive
:D
-
JAA
xkcd++
-
eggdrop
[karma] 'xkcd' now has 1 karma!
-
nicolas17
-
pabs
-
pabs
-
nicolas17
-
fireonlive
:o
-
pabs
hah
-
pabs
-
pabs
-
immibis
what's the point of worrying about commits when the backdoor was supposedly not present in the git repo at all?
-
steering
the payload was, for one thing
-
Irenes
I imagine the endgame would have been to then hide evidence of the tarball that contained the trigger, making it harder to spot where the attack originated
-
Barto
let's appreciate how dynamic are the distributions during the easter brea
-
Barto
break*
-
Irenes
yes that was some SERIOUS professionalism getting everything patched today
-
pabs
Larhzu just came online on #tukaani (libera)
-
pabs
immibis: the non-git tarball-only part just activates the payload from within "test" files in git
-
fireonlive
Larhzu?
-
JAA
Long-term maintainer of xz before Jia joined.
-
fireonlive
ahh
-
Irenes
I'm not gonna lie, in his place I don't know if I'd be brave enough to show up the same day
-
Irenes
I kind of want to go watch but that feels rude
-
Barto
Larhzu might be the only person we trust on this project now
-
Irenes
yeah
-
Irenes
and only because I spent time today reading the archived emails in which he was clearly psychologically manipulated into adding Jia ><
-
pabs
there are a ton of people there, its fine to join. lots of people speculating though, thats less welcome
-
Irenes
well, thank you. maybe I will.
-
Barto
i joined, but i will not write anything
-
» pabs just hopes the backdoor scope doesn't widen further than it already did
-
fireonlive
hopefully no poppers, indeed
-
pabs
sshd is pretty bad, but at least most Debian folks would only run the sshd from stable. not sure about Fedora
-
Barto
well, i hope here that we fully understand the situation. We'll see how deep thi sis
-
Barto
this is*
-
joepie91|m
<immibis> what's the point of worrying about commits when the backdoor was supposedly not present in the git repo at all?
-
joepie91|m
the thing is that this wasn't a vulnerability, it was a backdoor - and one that suggests a professionally-run, long-term campaign
-
joepie91|m
which means that, especially given the unattributable complexity and history in places, it is highly likely that this person has introduced multiple backdoors, and across multiple projects
-
joepie91|m
so everything they have ever done is suspect now, not just the backdoor we know about, but also anything that might contain a backdoor we don't know about yet
-
ikkoup
Hi, is there anyone here who uses grab-site? is it a good tool for archiving vbulletin forums? I see that it has "--igsets=forums" which seems to filter most non-content pages.
-
ikkoup
Also if possible, how do you recommend that I setup grab-site? normal or docker? pyenv? Linux or Nix?
-
pabs
joepie91|m: seems like the person/team behind this had many sock puppets, so it isn't just their aliases that are suspect
-
nukke
-
nukke
-
ymgve
I was like "did tinder die in the states" but then saw that it explicitly excludes tinder
-
JAA
-
kpcyrd
-
dave
-
dave
feature check for a linux sandboxing facility was subtly broken, so the sandboxing never got enabled
-
dave
so far all the discovered malicious stuff happened in a pretty short timeframe in the last month though
-
dave
and all the malicious commits happened at very unusual times of day given the new maintainer's normal activity patterns. Like, it looked like someone else was pushing changes while the maintainer was asleep.
-
nukke
-
nukke
wait, hold up, cmakelists? I thought it was using autotools
-
dave
it has both cmake and autoconf build configs, for some reason. No idea why
-
JAA
-
fireonlive
-
fireonlive
10kg mug, preorder now
-
fireonlive
!
-
nukke
I actually want it so bad
-
fireonlive
ikr? :o
-
icedice
When refills are free but they don't specify cup sizes
-
icedice
Oh
-
icedice
It's not as giant as I thought
-
icedice
Just bulletproof
-
JAA
When refills are limited to cup weight.
-
icedice
-
nicolas17
-
nukke
Too soon
-
Barto
oh boy :D
-
fireonlive
x3
-
nicolas17
-
JAA
:-)