Yay

Now what was I going to make …last Tuesday?

Nobody is both that bored and that motivated. Unless paid.

deleted by creator

This is all I’ve run across on reverse engineering, so far but it is quite interesting.

https://bsky.app/profile/filippo.abyssdomain.expert/post/3kowjkx2njy2b

I have a feeling there are a lot of busy people trying to answer that question, now. Yikes.

Yeah it sounds pretty wild already with some kind of, like, door knock mechanism using certificates? So you can’t scan for it. And some reverse engineering countermeasures.

Like everyone else, I have to wonder what libraries have been compromised in a way that nobody has noticed yet.

Some of the trust comes from eyes on the project thanks to it being open source. This thing got discovered, after all. Not right away, sure, but before it spread everywhere. Same question of trust applies to commercial software too.

Ideally, PR reviews help with this but smaller projects esp with few contributors may not do much of that. I doubt anyone has spent time understanding the software supply chain (SSC) attack surface of their product but that seems like a good next step. Someone needs to write a tool that scans the SSC repos and flags certain measures like the # of maintainers.

PS: I have the worst allergies I’ve had in ages today and my brain is in a histamine fog so maybe I shouldn’t be trying to think about this stuff right now lol cough uuugh blows nose

As a lifetime resident of the arid Western United States, I am also gonna nope on outta that damp hell.

Yes.

I would go nuts or od if not for the pill organizer. Refilling sucks. But I sigh loudly every Sunday and manage to do it lol

Fortunately they can write up 3 Rx and then send to the pharmacy every month until my next appt.

Of course my pharmacy can’t get the stuff due to the shortage so I have been without for 2wks now. It’s a process to have the Rx sent over to a different pharmacy. Easy for someone normal. But ADHD without meds? Yeah.

Very annoying - the apparent author of the backdoor was in communication with me over several weeks trying to get xz 5.6.x added to Fedora 40 & 41 because of it’s “great new features”. We even worked with him to fix the valgrind issue (which it turns out now was caused by the backdoor he had added). We had to race last night to fix the problem after an inadvertent break of the embargo.

He has been part of the xz project for 2 years, adding all sorts of binary test files, and to be honest with this level of sophistication I would be suspicious of even older versions of xz until proven otherwise.

Damn. I would love to see a full post mortem on this compromise.

Well maybe they aren’t experienced info security professionals :)

Fair point. I am actually concerned about just bouncing around aimlessly when I retire. I know that will not go well.

What you’re talking about sounds like what I had in mind. Structure for at least part of the day. Every day.

I also need to have specific goals laid out. I’m starting to make a master list of post retirement goals. I imagine having one big long term project and a few short term ones would work as long as I keep to a rough timeline on each.

Back when I had a better work schedule I usually had one or two small projects or else one big project going at any time and was able to stick to them.

I’m also thinking that taking a class or doing a part time job (or volunteering) would be a good idea. And another option is switch to part time at my current job. I know a few who have.

Idk what you’re into buddy

but I like it.

Inflation.

Work is stupid. We should be working 20 hours weeks and fucking around the rest of the time. Everyone would be so much happier.

Or maybe everyone with ADHD (and, this, 80 gagillion hobbies)

Hm. I have one vacation day left after being sick. Won’t get more until next week. Work 10 hour days 4 days a week and the too exhausted to relax most of the remaining 3.

What if… Hear me out… What if I were to be, idk, run over by a bus and hospitalized for a month? /s

Irritable, you say? 🤔

Uh oh 👀