Daily Archives: 2024-03-29

Article note: This shit is subtle and scary. Supply chain attack on xz's liblzma (compression tool + library) which is linked by libsystemd, which is linked by openssh, putting it in the same namespace so it can intercept some function calls from openssh to open a backdoor. Injected into the release tarball (not in git), activated by the build scripts (such that it will typically only exhibit if a deb or rpm is the target), with various obfuscations to make it evade common instrumentation. By a moderately prolific and established contributor to a number of high-profile projects. Discovered because it caused a noticeable performance regression because of Debian's build time tweaks.

Article note: Because our whole culture had to grapple with discovering that present-ism not just useless but harmful? Because we've discovered that the highly gamified, bureaucratized, one-size-fits-all education model we've converged on doesn't appear to be be working? Not coming to school (or work) sick is a _good_ thing. We should be trying to find avenues for students not served by the sit-quietly-and-be-academic model; we've just demonstrated that a small-but-substantial subset of students are _much_ better served by more individual and self-paced education model than sitting in class (and a larger set cannot handle that environment and _do_ need more structure), and long known (and apparently partially forgotten in the quest for faux equality) that by the time you hit secondary ed many students would be better served by at least partially hands on/vocational programs or the like than acting like we're preparing the lower quartile to drop out of college with a bunch of debt after two semesters.