oleg_log
Shelter for antisocial programmers "Oleg" halp: @olegkovalov web: https://olegk.dev fov: @oleg_fov chat: @oleg_log_blabla podcast: @generictalks about: https://t.me/oleg_log/3200
Show more- Subscribers
- Post coverage
- ER - engagement ratio
Data loading in progress...
Data loading in progress...
xz
backdoor.
> 2024-02-23: Jia Tan merges hidden backdoor binary code well hidden inside some binary test input files. The README already said (from long before Jia Tan showed up) “This directory contains bunch of files to test handling of .xz, .lzma (LZMA_Alone), and .lz (lzip) files in decoder implementations. Many of the files have been created by hand with a hex editor, thus there is no better "source code" than the files themselves.” Having these kinds of test files is very common for this kind of library. Jia Tan took advantage of this to add a few files that wouldn't be carefully reviewed.
(from https://research.swtch.com/xz-timeline)
Horseshit:
> Many of the files have been created by hand with a hex editor, thus there is no better "source code" than the files themselves.”
Bullshit:
> Having these kinds of test files is very common for this kind of library.
Well, you decided to test something. You wrote a binary file and a test. Great. Fast-forward 3mo and give this test to someone else (future you, by example). Guess what? You have no freaking idea what you did 3mo ago!
If you are the smartest peasant on this planet and can recall all the steps in hex-editor in 30 minutes, that's cool, but you are lying to yourself.
Of course, xz-attack isn't just a 1 commit and sneaky code. It's also social engineering (kinda). Anyway, such dirty commits should not be accepted with "easier to write manually" argument.
(TBH AFAIR, I might have commits where I have a hex-string to test un/marshal, but I'm not from CIA or another gov-team😢)Після останніх атак росіян на об’єкти енергетики все більше розмов про можливий блекаут. Окремі міста, як-от Харків, Дніпро чи Запоріжжя, вже зіштовхнулися з нестачею електроенергії і відключеннями світла. Українцям в інших регіонах радять запастись генераторами та екофлоу і не перевантажувати систему в пікові години. ТЕС виробляли всього 30% електроенергії від усіх потужностей. Проте відігравали ключову роль вранці та ввечері - бо могли швидко збільшувати і зменшувати потужність подачі енергії. Чого, наприклад, не можуть робити АЕС. Про ситуацію з енергетикою, масштаби руйнувань ТЕС і можливості децентралізації в енергосистемі - у блозі Світлани Стеценко. Підтримати нашу команду можна тут:
https://www.buymeacoffee.com/bihus.infohttps://bihus.info/donate/
https://www.patreon.com/bihusinfo
Замовити мерч "Ми і є СБУ":
https://bihus.info.fatline.biz/Ми в соцмережах: Facebook:
https://www.facebook.com/bihus.infoTwitter:
https://twitter.com/bihusinfoInstagram:
https://www.instagram.com/bihus.infoTelegram:
https://t.me/bihusinfoTik-Tok:
https://www.tiktok.com/@bihus.info