Oddbean new post about | logout
ODELL | 7 months ago (raw) | export | reply | flag +128 
 THE XZ UTILS BACKDOOR IS A STARK REMINDER THAT IF YOU RELY ON BITCOIN IT IS IMPERATIVE TO SUPPORT THE OPEN SOURCE CONTRIBUTORS THAT MAKE THIS MOVEMENT POSSIBLE.

GOOD MORNING.

https://www.wired.com/story/jia-tan-xz-backdoor/
Adam | 7 months ago (raw) | root | parent | reply | flag 
 Slow burn. I was tasked with checking all of our systems to ensure the exploited version wasn’t in our farm.
iru@localhot $_ | 7 months ago (raw) | root | parent | reply | flag 
 As far as I know It’s a very specific attack. You need to run a distribution that is rolling release _and_ uses the binary tarball of XZ while having the SSH system notify thing on. Its almost specifically sorts out Debian testing derivatives and Fedora.

For example, Arch has the infected binary but its SSH is not linked to it. NixOS will have the 5.6.1 version but its clean because they’ve built from source instead of using the published binaries.

But if you have something important running on those servers that got touched by those exploits its better to just wipe clean and redeploy those machines.
Adam | 7 months ago (raw) | root | parent | reply | flag 
 Correct. Kali was another one. Fedora rawhide, a few opensuse as well. No Debian or RHEL release
Alex | 7 months ago (raw) | root | parent | reply | flag 
 GM. Bullish on xz compression, systemd, openssh and other fee software.
MAV21 | 7 months ago (raw) | root | parent | reply | flag 
 GOOD MORNING ☀️
sondreolav | 7 months ago (raw) | root | parent | reply | flag 
 GM ☕ @ODELL 🫂 THIS IS HOW WE WIN 🤙
thebullishbitcoiner | 7 months ago (raw) | root | parent | reply | flag 
 🫡 GOOD MORNING
AVERAGE_GARY | 7 months ago (raw) | root | parent | reply | flag 
 Good morning. #supportTheOpenSourceAutists
AVERAGE_GARY | 7 months ago (raw) | root | parent | reply | flag 
 Paywalled. 😐
llamasrus | 7 months ago (raw) | root | parent | reply | flag 
 does  @OpenSats issue any grants for security researchers ? we can't just rely on open source autism alone.. even if it works 99.999% of the time lol
LL62 | 7 months ago (raw) | root | parent | reply | flag 
 GM 🤠🤙 OPEN SOURCE EVERYTHING
Dominic | 7 months ago (raw) | root | parent | reply | flag 
 Good morning ☕️
12c805a5 | 7 months ago (raw) | root | parent | reply | flag 
 GM!
rsyls | 7 months ago (raw) | root | parent | reply | flag 
 GM CHIEF 🫡
Unit of a Count | 7 months ago (raw) | root | parent | reply | flag 
 GM
02e0d366 | 7 months ago (raw) | root | parent | reply | flag 
 GM
Joshua | 7 months ago (raw) | root | parent | reply | flag 
 GM☕
Cui Bono | 7 months ago (raw) | root | parent | reply | flag 
 GM 🫡
redninja39 | 7 months ago (raw) | root | parent | reply | flag 
 GM great reminder
nopium | 7 months ago (raw) | root | parent | reply | flag +3 
 GOOD MORNING. 💀 🌹 https://m.primal.net/HrsV.mov
Mukesh | 7 months ago (raw) | root | parent | reply | flag 
 good morning 🌞🌞
SovereignOrigin | 7 months ago (raw) | root | parent | reply | flag 
 GM!!!
nvrArrive | 7 months ago (raw) | root | parent | reply | flag 
 GM

apathy re:bitcoin development is an attack on bitcoin
Ivan | 7 months ago (raw) | root | parent | reply | flag 
  @saylor
azorcode | 7 months ago (raw) | root | parent | reply | flag 
 Gm bro ☕ 🫂 
Good vibes 🤙 
#Opensource ✊
SovereignOrigin | 7 months ago (raw) | root | parent | reply | flag 
 GM, wouldn't want to be a compliance officer for any major software company amirite
marcelo | 7 months ago (raw) | root | parent | reply | flag 
 Good morning. Lots of love and respect for open source devs. This should be a no brainer. @saylor what is your opinion on this?
⚡₿it₿y₿it⚡ | 7 months ago (raw) | root | parent | reply | flag 
 GOOD MORNING. THIS IS A FRIENDLY REMINDER THAT @saylor AND #MSTR RELY ON BITCOIN. 🫂💜🤙
Nëïgsëndöïg Unused | 7 months ago (raw) | root | parent | reply | flag 
 Jis Tan isn't the individual's real name.

This individual is possibly an intelligence operative for Mossad, the CIA or MI6.
ODELL | 7 months ago (raw) | root | parent | reply | flag 
 SMELLS LIKE CCP TO ME BUT YEA LIKELY A STATE OP.
N | 7 months ago (raw) | root | parent | reply | flag 
 GOOD MORNING (`・ω・´)ゞ⚡おはよう
blank | 7 months ago (raw) | root | parent | reply | flag 
 Support open source contributors
blank | 7 months ago (raw) | root | parent | reply | flag 
 Support open source contributors

nostr:note16xf4uc9y2y7ywkwwyefdp438dz7vcmp6cqsd8jzz6ud7prah80fqxz65gx
Joakim Book | 7 months ago (raw) | root | parent | reply | flag 
 GOOD FUCKING SNOWSTORM MORNING
btcfringe | 7 months ago (raw) | root | parent | reply | flag 
 @saylor
Bayer | 7 months ago (raw) | root | parent | reply | flag 
 Don't let yourself get backdoored...support open source devs ---> opensats.org

nostr:note16xf4uc9y2y7ywkwwyefdp438dz7vcmp6cqsd8jzz6ud7prah80fqxz65gx
CuznVinny | 7 months ago (raw) | root | parent | reply | flag 
 Damn right keep the pressure on Sayler. His pockets are deeper than mine.
CuznVinny | 7 months ago (raw) | root | parent | reply | flag 
 And whatever he says people do and believe 🤷🏽‍♂️
choss | 7 months ago (raw) | root | parent | reply | flag 
 the Amish have been warning us for years. why didn't we listen?! 👨‍🌾
lonecoiner | 7 months ago (raw) | root | parent | reply | flag 
 SUPPORT THE AUTISTS
Hannah Athena | 7 months ago (raw) | root | parent | reply | flag 
 Bad actors are everywhere, supported, unsupported or commercialized (Ex Sam Bankman-Fried). The best way is to have a moral-ethical code of conduct and monetize your work, people will pay for valuable tech, especially if at its core-business is making money.
caleb | 7 months ago (raw) | root | parent | reply | flag 
 https://imgflip.com/i/8lwv7t
BITKARROT | 7 months ago (raw) | root | parent | reply | flag 
 You know when a chat room is one to avoid when you post the above from @odell and everyone ignores you. #foss