Skip Navigation

InitialsDiceBearhttps://github.com/dicebear/dicebearhttps://creativecommons.org/publicdomain/zero/1.0/„Initials” (https://github.com/dicebear/dicebear) by „DiceBear”, licensed under „CC0 1.0” (https://creativecommons.org/publicdomain/zero/1.0/)SU
Posts
0
Comments
460
Joined
2 yr. ago

  • The malicious code was written and debugged at their convenience and saved as an object module linker file that had been stripped of debugger symbols (this is one of its features that made Fruend suspicious enough to keep digging when he profiled his backdoored ssh looking for that 500ms delay: there were no symbols to attribute the cpu cycles to).

    It was then further obfuscated by being chopped up and placed into a pure binary file that was ostensibly included in the tarballs for the xz library build process to use as a test case file during its build process. The file was supposedly an example of a bad compressed file.

    This "test" file was placed in the .gitignore seen in the repo so the file's abscense on github was explained. Being included as a binary test file only in the tarballs means that the malicious code isn't on github in any form. Its nowhere to be seen until you get the tarball.

    The build process then creates some highly obfuscated bash scripts on the fly during compilation that check for the existence of the files (since they won't be there if you're building from github). If they're there, the scripts reassemble the object module, basically replacing the code that you would see in the repo.

    Thats a simplified version of why there's no code to see, and that's just one aspect of this thing. It's sneaky.

  • After all you've seen Trump get away with I can't believe that you still somehow think this little detail will matter. SCOTUS will create an exemption of some kind for him.

    "White male Presidents over the age of 75 that wear predominantly red ties can pardon themselves at both the federal and state level."

  • I liked rock sort of "meh" when I was a kid, being born in 1964 a lot of it was old hippie stuff that never clicked with me like Zeppelin.

    Then one day I was playing D&D at a friend's house and he played Mongoloid by DEVO. Holy shit I lost my mind. There was music out there that actually spoke to me!

  • Project 1999 and Project Quarm. Emulators of EverQuest, which was released in 1999. Official EverQuest is still going strong 25 years later, but the emulator developers (the are several projects) have an agreement to run their versions of the game.

    I'm playing Project Quarm version now and spend way too much time on it.

  • Embedded systems developer here. If you're programming on ARM or one of the other big microcontrollers there aren't many well supported options. ARM's official Keil compiler and libraries are C and C++ and I see no official movement to change that.

    They have literally decades in building those tools.

    Microsoft's multithreaded OS ThreadX is C code. They just bought it for a large undisclosed amount in 2018. It ain't going anywhere soon.

    AWS's FreeRTOS is C. Not going anywhere.

    Embedded development toolchains are very slow to change.