The award-winning WIRED UK Podcast with James Temperton and the rest of the team. Listen every week for the an informed and entertaining rundown of latest technology, science, business and culture news. New episodes every Friday.
…
continue reading
InnehÄll tillhandahÄllet av Jupiter Broadcasting. Allt poddinnehÄll inklusive avsnitt, grafik och podcastbeskrivningar laddas upp och tillhandahÄlls direkt av Jupiter Broadcasting eller deras podcastplattformspartner. Om du tror att nÄgon anvÀnder ditt upphovsrÀttsskyddade verk utan din tillÄtelse kan du följa processen som beskrivs hÀr https://sv.player.fm/legal.
Liknande All Jupiter Broadcasting Shows
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
An open show powered by community LINUX Unplugged takes the best attributes of open collaboration and turns it into a weekly show about Linux.
…
continue reading
A weekly talk show taking a pragmatic look at the art and business of Software Development and the world of technology.
…
continue reading
This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
We help founders make something people want.
…
continue reading
The directorâs commentary track for Daring Fireball. Long digressions on Apple, technology, design, movies, and more.
…
continue reading
Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube â https://goo.gle/AndroidDevs
…
continue reading
A podcast featuring panelists of engineers from Netflix, Twitch, & Atlassian talking over drinks about all things software engineering.
…
continue reading
Big tech is transforming every aspect of our world. But how? And at what cost? This season of Land of the Giants â The Twitter Fantasy â will tell the story of Twitter (X) at a crucial moment for the platform, exactly one year after Elon Musk took over. Hosted by Vox senior correspondent Peter Kafka, the four-episode season will survey the company's outsize influence on politics and culture. How did Twitter become the Internetâs town square, for better and for worse? And where is it heading, ...
…
continue reading
Player FM - Podcast-app
GĂ„ offline med appen Player FM !
GĂ„ offline med appen Player FM !
))
The xz Backdoor Exposed đš | LINUX Unplugged 556
Manage episode 409893673 series 2135928
InnehÄll tillhandahÄllet av Jupiter Broadcasting. Allt poddinnehÄll inklusive avsnitt, grafik och podcastbeskrivningar laddas upp och tillhandahÄlls direkt av Jupiter Broadcasting eller deras podcastplattformspartner. Om du tror att nÄgon anvÀnder ditt upphovsrÀttsskyddade verk utan din tillÄtelse kan du följa processen som beskrivs hÀr https://sv.player.fm/legal.
We're breaking down the attack: how it works, how it was hidden, and why time was running out for the attacker.
Sponsored By:
- Tailscale: Tailscale is a programmable networking software that is private and secure by default - get it free on up to 100 devices!
- Kolide: Kolide is a device trust solution for companies with Okta, and they ensure that if a device isn't trusted and secure, it can't log into your cloud apps.
Links:
- đ„ Gets Sats Quick and Easy with Strike
- đ» LINUX Unplugged on Fountain.FM
- oss-security mailing list â Backdoor in upstream xz/liblzma leading to ssh server compromise.
- Fedora Announcement
- Debian Announcement
- Ubuntu Announcement
- Kali Linux Announcement
- Arch Linux Announcement
- Gentoo Announcement
- openSUSE Tumbleweeed Announcement
- NixOS Unstable Discussion
- Why does it take two weeks for NixOS to replace xz?
- Andres Freund on Mastodon â I was doing some micro-benchmarking at the time, needed to quiesce the system to reduce noise. Saw sshd processes were using a surprising amount of CPU, despite immediately failing because of wrong usernames etc....
- rwmj on Hacker News â Very annoying - the apparent author of the backdoor was in communication with me over several weeks trying to get xz 5.6.x added to Fedora 40 & 41 because of its "great new features"
- A Microcosm of the interactions in Open Source projects â Make no mistake. This is the way it works. It needs to change.
- Devuan GNU/Linux on X â Devuan is not affected by the latest vulnerability caused by systemd.
- systemd PR: Dynamically load compression libraries
- Matteo Croce on X â I'm the author of such PR. While I absolutely didn't know that libxz had a backdoor, I really think that libraries should be loaded on-demand when rarely used, hence my change :)
- Ryan C. Gordon on X â This is probably how the xz thing happened, right?
- Jan Wildeboer on the Fediverse â Again the FOSS world has proven to be vigilant and proactive in finding bugs and backdoors, IMHO.
- Unplugged Core Membership
- TXLF is coming up! â April 12 - 13 in Austin, Texas.
- LFNW coming up! â April 26 - 28
- Mobile Game Ads Are Boosting Podcast Follower Counts â Wondery, iHeart and Lemonada Media are all using a non-public product from MowPod - which gives extra lives and game credits to gamers if they follow shows on Apple Podcasts from game apps.
- MowPod's podcast promotion tools: tales from the bar
- fortydeux's NixOS Configs
- Prism Launcher â An Open Source Minecraft launcher with the ability to manage multiple instances, accounts and mods.
- World Backup Day â March 31st â One small accident or failure could destroy all the important stuff you care about.
- Updating Our Fiddly Bits | LINUX Unplugged 494
2147 episoder
Dela
Manage episode 409893673 series 2135928
InnehÄll tillhandahÄllet av Jupiter Broadcasting. Allt poddinnehÄll inklusive avsnitt, grafik och podcastbeskrivningar laddas upp och tillhandahÄlls direkt av Jupiter Broadcasting eller deras podcastplattformspartner. Om du tror att nÄgon anvÀnder ditt upphovsrÀttsskyddade verk utan din tillÄtelse kan du följa processen som beskrivs hÀr https://sv.player.fm/legal.
We're breaking down the attack: how it works, how it was hidden, and why time was running out for the attacker.
Sponsored By:
- Tailscale: Tailscale is a programmable networking software that is private and secure by default - get it free on up to 100 devices!
- Kolide: Kolide is a device trust solution for companies with Okta, and they ensure that if a device isn't trusted and secure, it can't log into your cloud apps.
Links:
- đ„ Gets Sats Quick and Easy with Strike
- đ» LINUX Unplugged on Fountain.FM
- oss-security mailing list â Backdoor in upstream xz/liblzma leading to ssh server compromise.
- Fedora Announcement
- Debian Announcement
- Ubuntu Announcement
- Kali Linux Announcement
- Arch Linux Announcement
- Gentoo Announcement
- openSUSE Tumbleweeed Announcement
- NixOS Unstable Discussion
- Why does it take two weeks for NixOS to replace xz?
- Andres Freund on Mastodon â I was doing some micro-benchmarking at the time, needed to quiesce the system to reduce noise. Saw sshd processes were using a surprising amount of CPU, despite immediately failing because of wrong usernames etc....
- rwmj on Hacker News â Very annoying - the apparent author of the backdoor was in communication with me over several weeks trying to get xz 5.6.x added to Fedora 40 & 41 because of its "great new features"
- A Microcosm of the interactions in Open Source projects â Make no mistake. This is the way it works. It needs to change.
- Devuan GNU/Linux on X â Devuan is not affected by the latest vulnerability caused by systemd.
- systemd PR: Dynamically load compression libraries
- Matteo Croce on X â I'm the author of such PR. While I absolutely didn't know that libxz had a backdoor, I really think that libraries should be loaded on-demand when rarely used, hence my change :)
- Ryan C. Gordon on X â This is probably how the xz thing happened, right?
- Jan Wildeboer on the Fediverse â Again the FOSS world has proven to be vigilant and proactive in finding bugs and backdoors, IMHO.
- Unplugged Core Membership
- TXLF is coming up! â April 12 - 13 in Austin, Texas.
- LFNW coming up! â April 26 - 28
- Mobile Game Ads Are Boosting Podcast Follower Counts â Wondery, iHeart and Lemonada Media are all using a non-public product from MowPod - which gives extra lives and game credits to gamers if they follow shows on Apple Podcasts from game apps.
- MowPod's podcast promotion tools: tales from the bar
- fortydeux's NixOS Configs
- Prism Launcher â An Open Source Minecraft launcher with the ability to manage multiple instances, accounts and mods.
- World Backup Day â March 31st â One small accident or failure could destroy all the important stuff you care about.
- Updating Our Fiddly Bits | LINUX Unplugged 494
2147 episoder
Kaikki jaksot
×
VĂ€lkommen till Player FM
Player FM scannar webben för högkvalitativa podcasts för dig att njuta av nu direkt. Den Àr den bÀsta podcast-appen och den fungerar med Android, Iphone och webben. Bli medlem för att synka prenumerationer mellan enheter.
Liknande All Jupiter Broadcasting Shows
The award-winning WIRED UK Podcast with James Temperton and the rest of the team. Listen every week for the an informed and entertaining rundown of latest technology, science, business and culture news. New episodes every Friday.
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
An open show powered by community LINUX Unplugged takes the best attributes of open collaboration and turns it into a weekly show about Linux.
…
continue reading
A weekly talk show taking a pragmatic look at the art and business of Software Development and the world of technology.
…
continue reading
This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
We help founders make something people want.
…
continue reading
The directorâs commentary track for Daring Fireball. Long digressions on Apple, technology, design, movies, and more.
…
continue reading
Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube â https://goo.gle/AndroidDevs
…
continue reading
A podcast featuring panelists of engineers from Netflix, Twitch, & Atlassian talking over drinks about all things software engineering.
…
continue reading
Big tech is transforming every aspect of our world. But how? And at what cost? This season of Land of the Giants â The Twitter Fantasy â will tell the story of Twitter (X) at a crucial moment for the platform, exactly one year after Elon Musk took over. Hosted by Vox senior correspondent Peter Kafka, the four-episode season will survey the company's outsize influence on politics and culture. How did Twitter become the Internetâs town square, for better and for worse? And where is it heading, ...
…
continue reading
Player FM - Podcast-app
GĂ„ offline med appen Player FM !
GĂ„ offline med appen Player FM !
