The award-winning WIRED UK Podcast with James Temperton and the rest of the team. Listen every week for the an informed and entertaining rundown of latest technology, science, business and culture news. New episodes every Friday.
…
continue reading
תוכן מסופק על ידי Jupiter Broadcasting. כל תוכן הפודקאסטים כולל פרקים, גרפיקה ותיאורי פודקאסטים מועלים ומסופקים ישירות על ידי Jupiter Broadcasting או שותף פלטפורמת הפודקאסט שלהם. אם אתה מאמין שמישהו משתמש ביצירה שלך המוגנת בזכויות יוצרים ללא רשותך, אתה יכול לעקוב אחר התהליך המתואר כאן https://he.player.fm/legal.
דומה לAll Jupiter Broadcasting Shows
An open show powered by community LINUX Unplugged takes the best attributes of open collaboration and turns it into a weekly show about Linux.
…
continue reading
A weekly talk show taking a pragmatic look at the art and business of Software Development and the world of technology.
…
continue reading
Thanks for visiting The Cell Phone Junkie! I will be taking the time each week to discuss my favorite topic, cell phones. Any feedback is appreciated and welcome. You can email me at: questions (AT) thecellphonejunkie (DOT) com or call: 206-203-3734 Thanks and welcome!
…
continue reading
1
The Ticket: Discover the Future of Customer Service, Support, and Experience, with Intercom
Intercom
1k
480
On The Ticket, you'll hear Intercom's Customer Support team in conversation with the customer service leaders, renowned customer experience thinkers, and influential authors who are shaping the field of customer support. Follow The Ticket to get the weekly episodes and sign up for our twice-monthly newsletter bursting with all the insights, trends, tips, and assets your team needs to embrace the future of customer service. https://www.intercom.com/blog/newsletter 🏠 www.intercom.com
…
continue reading
BBC Radio 5 live’s award winning gaming podcast, discussing the world of video games and games culture.
…
continue reading
The director’s commentary track for Daring Fireball. Long digressions on Apple, technology, design, movies, and more.
…
continue reading
Download This Show is your weekly guide to the world of media, culture, and technology. From social media to gadgets, streaming services to privacy issues. Each week Rae Johnston and guests take a fun, deep dive into how technology is reshaping our lives.
…
continue reading
Hanselminutes is Fresh Air for Developers. A weekly commute-time podcast that promotes fresh technology and fresh voices. Talk and Tech for Developers, Life-long Learners, and Technologists.
…
continue reading
WSJ’s Bold Names brings you conversations with the leaders of the bold-named companies featured in the pages of The Wall Street Journal. Hosts Tim Higgins and Christopher Mims speak to CEOs and business leaders in interviews that challenge conventional wisdom and take you inside the decisions being made in the C-suite and beyond.
…
continue reading
Player FM - אפליקציית פודקאסט
התחל במצב לא מקוון עם האפליקציה Player FM !
התחל במצב לא מקוון עם האפליקציה Player FM !
))
The xz Backdoor Exposed 🚨 | LINUX Unplugged 556
Manage episode 449491459 series 2841921
תוכן מסופק על ידי Jupiter Broadcasting. כל תוכן הפודקאסטים כולל פרקים, גרפיקה ותיאורי פודקאסטים מועלים ומסופקים ישירות על ידי Jupiter Broadcasting או שותף פלטפורמת הפודקאסט שלהם. אם אתה מאמין שמישהו משתמש ביצירה שלך המוגנת בזכויות יוצרים ללא רשותך, אתה יכול לעקוב אחר התהליך המתואר כאן https://he.player.fm/legal.
We're breaking down the attack: how it works, how it was hidden, and why time was running out for the attacker.
Sponsored By:
- Tailscale: Tailscale is a programmable networking software that is private and secure by default - get it free on up to 100 devices!
- Kolide: Kolide is a device trust solution for companies with Okta, and they ensure that if a device isn't trusted and secure, it can't log into your cloud apps.
Links:
- 💥 Gets Sats Quick and Easy with Strike
- 📻 LINUX Unplugged on Fountain.FM
- oss-security mailing list — Backdoor in upstream xz/liblzma leading to ssh server compromise.
- Fedora Announcement
- Debian Announcement
- Ubuntu Announcement
- Kali Linux Announcement
- Arch Linux Announcement
- Gentoo Announcement
- openSUSE Tumbleweeed Announcement
- NixOS Unstable Discussion
- Why does it take two weeks for NixOS to replace xz?
- Andres Freund on Mastodon — I was doing some micro-benchmarking at the time, needed to quiesce the system to reduce noise. Saw sshd processes were using a surprising amount of CPU, despite immediately failing because of wrong usernames etc....
- rwmj on Hacker News — Very annoying - the apparent author of the backdoor was in communication with me over several weeks trying to get xz 5.6.x added to Fedora 40 & 41 because of its "great new features"
- A Microcosm of the interactions in Open Source projects — Make no mistake. This is the way it works. It needs to change.
- Devuan GNU/Linux on X — Devuan is not affected by the latest vulnerability caused by systemd.
- systemd PR: Dynamically load compression libraries
- Matteo Croce on X — I'm the author of such PR. While I absolutely didn't know that libxz had a backdoor, I really think that libraries should be loaded on-demand when rarely used, hence my change :)
- Ryan C. Gordon on X — This is probably how the xz thing happened, right?
- Jan Wildeboer on the Fediverse — Again the FOSS world has proven to be vigilant and proactive in finding bugs and backdoors, IMHO.
- Unplugged Core Membership
- TXLF is coming up! — April 12 - 13 in Austin, Texas.
- LFNW coming up! — April 26 - 28
- Mobile Game Ads Are Boosting Podcast Follower Counts — Wondery, iHeart and Lemonada Media are all using a non-public product from MowPod - which gives extra lives and game credits to gamers if they follow shows on Apple Podcasts from game apps.
- MowPod's podcast promotion tools: tales from the bar
- fortydeux's NixOS Configs
- Prism Launcher — An Open Source Minecraft launcher with the ability to manage multiple instances, accounts and mods.
- World Backup Day — March 31st — One small accident or failure could destroy all the important stuff you care about.
- Updating Our Fiddly Bits | LINUX Unplugged 494
1634 פרקים
שתפו
Manage episode 449491459 series 2841921
תוכן מסופק על ידי Jupiter Broadcasting. כל תוכן הפודקאסטים כולל פרקים, גרפיקה ותיאורי פודקאסטים מועלים ומסופקים ישירות על ידי Jupiter Broadcasting או שותף פלטפורמת הפודקאסט שלהם. אם אתה מאמין שמישהו משתמש ביצירה שלך המוגנת בזכויות יוצרים ללא רשותך, אתה יכול לעקוב אחר התהליך המתואר כאן https://he.player.fm/legal.
We're breaking down the attack: how it works, how it was hidden, and why time was running out for the attacker.
Sponsored By:
- Tailscale: Tailscale is a programmable networking software that is private and secure by default - get it free on up to 100 devices!
- Kolide: Kolide is a device trust solution for companies with Okta, and they ensure that if a device isn't trusted and secure, it can't log into your cloud apps.
Links:
- 💥 Gets Sats Quick and Easy with Strike
- 📻 LINUX Unplugged on Fountain.FM
- oss-security mailing list — Backdoor in upstream xz/liblzma leading to ssh server compromise.
- Fedora Announcement
- Debian Announcement
- Ubuntu Announcement
- Kali Linux Announcement
- Arch Linux Announcement
- Gentoo Announcement
- openSUSE Tumbleweeed Announcement
- NixOS Unstable Discussion
- Why does it take two weeks for NixOS to replace xz?
- Andres Freund on Mastodon — I was doing some micro-benchmarking at the time, needed to quiesce the system to reduce noise. Saw sshd processes were using a surprising amount of CPU, despite immediately failing because of wrong usernames etc....
- rwmj on Hacker News — Very annoying - the apparent author of the backdoor was in communication with me over several weeks trying to get xz 5.6.x added to Fedora 40 & 41 because of its "great new features"
- A Microcosm of the interactions in Open Source projects — Make no mistake. This is the way it works. It needs to change.
- Devuan GNU/Linux on X — Devuan is not affected by the latest vulnerability caused by systemd.
- systemd PR: Dynamically load compression libraries
- Matteo Croce on X — I'm the author of such PR. While I absolutely didn't know that libxz had a backdoor, I really think that libraries should be loaded on-demand when rarely used, hence my change :)
- Ryan C. Gordon on X — This is probably how the xz thing happened, right?
- Jan Wildeboer on the Fediverse — Again the FOSS world has proven to be vigilant and proactive in finding bugs and backdoors, IMHO.
- Unplugged Core Membership
- TXLF is coming up! — April 12 - 13 in Austin, Texas.
- LFNW coming up! — April 26 - 28
- Mobile Game Ads Are Boosting Podcast Follower Counts — Wondery, iHeart and Lemonada Media are all using a non-public product from MowPod - which gives extra lives and game credits to gamers if they follow shows on Apple Podcasts from game apps.
- MowPod's podcast promotion tools: tales from the bar
- fortydeux's NixOS Configs
- Prism Launcher — An Open Source Minecraft launcher with the ability to manage multiple instances, accounts and mods.
- World Backup Day — March 31st — One small accident or failure could destroy all the important stuff you care about.
- Updating Our Fiddly Bits | LINUX Unplugged 494
1634 פרקים
כל הפרקים
×
ברוכים הבאים אל Player FM!
Player FM סורק את האינטרנט עבור פודקאסטים באיכות גבוהה בשבילכם כדי שתהנו מהם כרגע. זה יישום הפודקאסט הטוב ביותר והוא עובד על אנדרואיד, iPhone ואינטרנט. הירשמו לסנכרון מנויים במכשירים שונים.
דומה לAll Jupiter Broadcasting Shows
The award-winning WIRED UK Podcast with James Temperton and the rest of the team. Listen every week for the an informed and entertaining rundown of latest technology, science, business and culture news. New episodes every Friday.
…
continue reading
An open show powered by community LINUX Unplugged takes the best attributes of open collaboration and turns it into a weekly show about Linux.
…
continue reading
A weekly talk show taking a pragmatic look at the art and business of Software Development and the world of technology.
…
continue reading
Thanks for visiting The Cell Phone Junkie! I will be taking the time each week to discuss my favorite topic, cell phones. Any feedback is appreciated and welcome. You can email me at: questions (AT) thecellphonejunkie (DOT) com or call: 206-203-3734 Thanks and welcome!
…
continue reading
1
The Ticket: Discover the Future of Customer Service, Support, and Experience, with Intercom
Intercom
1k480
On The Ticket, you'll hear Intercom's Customer Support team in conversation with the customer service leaders, renowned customer experience thinkers, and influential authors who are shaping the field of customer support. Follow The Ticket to get the weekly episodes and sign up for our twice-monthly newsletter bursting with all the insights, trends, tips, and assets your team needs to embrace the future of customer service. https://www.intercom.com/blog/newsletter 🏠 www.intercom.com
…
continue reading
BBC Radio 5 live’s award winning gaming podcast, discussing the world of video games and games culture.
…
continue reading
The director’s commentary track for Daring Fireball. Long digressions on Apple, technology, design, movies, and more.
…
continue reading
Download This Show is your weekly guide to the world of media, culture, and technology. From social media to gadgets, streaming services to privacy issues. Each week Rae Johnston and guests take a fun, deep dive into how technology is reshaping our lives.
…
continue reading
Hanselminutes is Fresh Air for Developers. A weekly commute-time podcast that promotes fresh technology and fresh voices. Talk and Tech for Developers, Life-long Learners, and Technologists.
…
continue reading
WSJ’s Bold Names brings you conversations with the leaders of the bold-named companies featured in the pages of The Wall Street Journal. Hosts Tim Higgins and Christopher Mims speak to CEOs and business leaders in interviews that challenge conventional wisdom and take you inside the decisions being made in the C-suite and beyond.
…
continue reading
Player FM - אפליקציית פודקאסט
התחל במצב לא מקוון עם האפליקציה Player FM !
התחל במצב לא מקוון עם האפליקציה Player FM !
