Mark Lodato MarkLodato

## supply-chain-threats (1).svg

      
              3 files
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                MarkLodato
                / supply-chain-threats (1).svg
            
            
              Last active
              May 17, 2024 12:55
            
          
        Loading

      Sorry, something went wrong. Reload?
      Sorry, we cannot display this file.
      Sorry, this file is invalid so it cannot be displayed.
      
          Viewer requires iframe.
      
    
## xz-backdoor.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                MarkLodato
                / xz-backdoor.md
            
            
              Created
              April 12, 2024 12:43
                — forked from thesamesam/xz-backdoor.md
            
              
                xz-utils backdoor situation (CVE-2024-3094)
              
          
    FAQ on the xz-utils backdoor (CVE-2024-3094)

This is still a new situation. There is a lot we don't know. We don't
know if there are more possible exploit paths. We only know about this
one path. Please update your systems regardless.
This is a living document. Everything in this document is made in good
faith of being accurate, but like I just said; we don't yet know everything
about what's going on.

  
## provenance-snippet.jsonc
"externalParameters": {
    "configSource": {
        "ref": "refs/tags/v1.2.3",
        "repository": "https://github.com/GoogleCloudPlatform/cloud-build-samples",
        "path": "basic-config/cloudbuild.yaml"
    }
},
"resolvedDependencies": {{
    "uri": "git+https://github.com/GoogleCloudPlatform/cloud-build-samples@refs/tags/v1.2.3",
    "digest": { "sha1": "bb0fe8075f92bb82b679afe400a47b106f0cec4b" }

## go-dirhash.sh
#!/bin/bash
# Compute "dirhash" of a go module directory.
#
# Original go code: https://cs.opensource.google/go/x/mod/+/master:sumdb/dirhash/hash.go
#
# Author: Mark Lodato <lodato@google.com>
#
# Copyright 2022 Google LLC.
# SPDX-License-Identifier: Apache-2.0

## slsa-github-actions-go-builder.json
{
  "_type": "https://in-toto.io/Statement/v0.1",
  "predicateType": "https://slsa.dev/provenance/v0.2",
  "subject": [
    {
      "name": "binary-linux-amd64",
      "digest": {
        "sha256": "6292ee2efd5465706969ea671049028e3c275e88a405439a858e9d766b519518"
      }
    }

## provenance.pull_request.json
{
  "_type": "https://in-toto.io/Statement/v0.1",
  "subject": [
    {
      "name": "dist/PyYAML-6.0-cp310-cp310-macosx_10_9_x86_64.whl",
      "digest": {
        "sha256": "3335d8653eff7ad35fbd29f3573810d525a4b641eacc59b43922c413062d63cc"
      }
    },
    {

## skill_graph.py
#!/usr/bin/python
# Parse a crawl morgue file and print a pretty skill progression table.
# USAGE: python skill_graph.py < ./crawl/morgue/<filename>.txt
# Works best with 'note_all_skill_levels = true' in ~/.crawlrc.
#
# Copyright 2016 Google Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at

## gist:437a6deec280a6e8c68b
▶ bzr revno
646
▶ make CC=clang CFLAGS='-fsanitize=address -fno-omit-frame-pointer -g -O1'
▶ for x in ~/p/vt100-to-html/test/*.in; bin/unterm $x >/dev/null || echo $x
=================================================================
==7091==ERROR: AddressSanitizer: negative-size-param: (size=-20)
    #0 0x4a611d in __asan_memmove (/home/mark/tmp/libvterm/bin/.libs/lt-unterm+0x4a611d)
    #1 0x7ff6a1fc9a11 in scroll /home/mark/tmp/libvterm/src/state.c:92:7
    #2 0x7ff6a1fc4624 in on_csi /home/mark/tmp/libvterm/src/state.c:1306:5
    #3 0x7ff6a1fcc88d in do_string_csi /home/mark/tmp/libvterm/src/parser.c:100:10

## gist:8f57eada601bc0dbee34

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                MarkLodato
                / gist:8f57eada601bc0dbee34
            
            
              Last active
              August 29, 2015 14:04
            
              
                Response to Cupcake's question in http://stackoverflow.com/a/15802324/303425
              
          
    Create the repository:
▶ git init

Create the first branch:
▶ echo foo > one
▶ git add one
▶ git commit -m A


## .vimrc
set nocompatible
set bs=2
set ai
set viminfo='20,\"500
set history=50
set ruler
set incsearch
filetype plugin indent on
set shiftwidth=4
set softtabstop=4
	"externalParameters": {
	"configSource": {
	"ref": "refs/tags/v1.2.3",
	"repository": "https://github.com/GoogleCloudPlatform/cloud-build-samples",
	"path": "basic-config/cloudbuild.yaml"
	}
	},
	"resolvedDependencies": {{
	"uri": "git+https://github.com/GoogleCloudPlatform/cloud-build-samples@refs/tags/v1.2.3",
	"digest": { "sha1": "bb0fe8075f92bb82b679afe400a47b106f0cec4b" }
	#!/bin/bash
	# Compute "dirhash" of a go module directory.
	#
	# Original go code: https://cs.opensource.google/go/x/mod/+/master:sumdb/dirhash/hash.go
	#
	# Author: Mark Lodato <lodato@google.com>
	#
	# Copyright 2022 Google LLC.
	# SPDX-License-Identifier: Apache-2.0
	{
	"_type": "https://in-toto.io/Statement/v0.1",
	"predicateType": "https://slsa.dev/provenance/v0.2",
	"subject": [
	{
	"name": "binary-linux-amd64",
	"digest": {
	"sha256": "6292ee2efd5465706969ea671049028e3c275e88a405439a858e9d766b519518"
	}
	}
	{
	"_type": "https://in-toto.io/Statement/v0.1",
	"subject": [
	{
	"name": "dist/PyYAML-6.0-cp310-cp310-macosx_10_9_x86_64.whl",
	"digest": {
	"sha256": "3335d8653eff7ad35fbd29f3573810d525a4b641eacc59b43922c413062d63cc"
	}
	},
	{
	#!/usr/bin/python
	# Parse a crawl morgue file and print a pretty skill progression table.
	# USAGE: python skill_graph.py < ./crawl/morgue/<filename>.txt
	# Works best with 'note_all_skill_levels = true' in ~/.crawlrc.
	#
	# Copyright 2016 Google Inc.
	#
	# Licensed under the Apache License, Version 2.0 (the "License");
	# you may not use this file except in compliance with the License.
	# You may obtain a copy of the License at
	▶ bzr revno
	646
	▶ make CC=clang CFLAGS='-fsanitize=address -fno-omit-frame-pointer -g -O1'
	▶ for x in ~/p/vt100-to-html/test/*.in; bin/unterm $x >/dev/null \|\| echo $x
	=================================================================
	==7091==ERROR: AddressSanitizer: negative-size-param: (size=-20)
	#0 0x4a611d in __asan_memmove (/home/mark/tmp/libvterm/bin/.libs/lt-unterm+0x4a611d)
	#1 0x7ff6a1fc9a11 in scroll /home/mark/tmp/libvterm/src/state.c:92:7
	#2 0x7ff6a1fc4624 in on_csi /home/mark/tmp/libvterm/src/state.c:1306:5
	#3 0x7ff6a1fcc88d in do_string_csi /home/mark/tmp/libvterm/src/parser.c:100:10
	set nocompatible
	set bs=2
	set ai
	set viminfo='20,\"500
	set history=50
	set ruler
	set incsearch
	filetype plugin indent on
	set shiftwidth=4
	set softtabstop=4