Ethan Black @golemwire@librem.one

PSA: HEADS UP EVERYONE! Another project noticed they were being targeted with similar social engineering tactics as the xz-utils backdoor attack. Be on the lookout for random people demanding that you add someone new as a maintainer for vague but urgent "reasons". Google their emails, check their GitHub/GitLab histories, see if they are on Mastodon/Reddit/"X"/LinkedIn. If they do not have an internet footprint, they are probably a plant.
https://openssf.org/blog/2024/04/15/open-source-security-openssf-and-openjs-foundations-issue-alert-for-social-engineering-takeovers-of-open-source-projects/
#opensource #opensourcesecurity

Reading Leviticus is a reminder that God has always taken sin seriously. Its effects are costly and so is the punishment.

But God wants a relationship with His people so in the Old Testament we can see He provided a way for them to atone for their sins.

Even better, He provided Jesus as a permanent sacrifice for sins, bringing forgiveness and reconciliation that is received by grace through faith in Him.

#jesus #god #bible #christian #christianity #sunday #church #faith

These direct solicitations to T-Mobile employees to participate in SIM-swaps are definitely not just limited to T-Mobile's employees. But T-Mob is probably the easiest still.

https://www.reddit.com/r/tmobile/comments/1c4dgpl/sim_card_swap_scam/

BTW in case you need help with Chirp Systems products, here is their user guide:

"User
Guide

What do we want this to say? Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua."

https://www.chirpsystems.com/user-guide-copy

Hmm who’s going to be more annoyed about this? Rhondson or Addison?

#Zelda #TearsoftheKingdom

The fact that you can follow the president of the United States (@potus) from your Mastodon account instead of being forced to have an X or Threads account for it is a huge W in my book. Of course our team is fully available to help if they'd want to set up Mastodon on whitehouse.gov. I believe governments should not rely on 3rd party platforms to connect with their constituents.

damn this lzma/xz backdoor is wild

https://www.openwall.com/lists/oss-security/2024/03/29/4

I was doing some micro-benchmarking at the time, needed to quiesce the system to reduce noise. Saw sshd processes were using a surprising amount of CPU, despite immediately failing because of wrong usernames etc. Profiled sshd, showing lots of cpu time in liblzma, with perf unable to attribute it to a symbol. Got suspicious. Recalled that I had seen an odd valgrind complaint in automated testing of postgres, a few weeks earlier, after package updates.

Really required a lot of coincidences.

This is the best timeline I've seen so far on what we know about the Xz backdoor. Some good info here for researchers: https://boehs.org/node/everything-i-know-about-the-xz-backdoor

Besides making a sandwich, what's one thing you wish the 'sudo' command could do in real life? #linux #unix