thesamesam

FAQ on the xz-utils backdoor (CVE-2024-3094)

This is a living document. Everything in this document is made in good faith of being accurate, but like I just said; we don't yet know everything about what's going on.

Background

On March 29th, 2024, a backdoor was discovered in xz-utils, a suite of software that

djmitche

[UPDATE July 2024]

New year, new links:

• CLG
• Engineering CLG

I don't work at Mozilla any longer, but I'm happy to keep this up-to-date. Please reach out (same username on gmail) with any updates!

[UPDATE June 2020]

soulmachine

First of all, please note that token expiration and revoking are two different things.

1. Expiration only happens for web apps, not for native mobile apps, because native apps never expire.
2. Revoking only happens when (1) uses click the logout button on the website or native Apps;(2) users reset their passwords; (3) users revoke their tokens explicitly in the administration panel.

1. How to hadle JWT expiration

A JWT token that never expires is dangerous if the token is stolen then someone can always access the user's data.

Quoted from JWT RFC:

PaulSec

0x00sec.org
10.32.59.31:32204
10.45.35.173:7990
1122qq.weebly.com
123movies.co
123moviesfull.co
123movies.re
1337x.io
141jav.com
1592878.com

eashish93

vs Questions

---

1. http://stackoverflow.com/questions/804115 (rebase vs merge).
2. https://www.atlassian.com/git/tutorials/merging-vs-rebasing (rebase vs merge)
3. https://www.atlassian.com/git/tutorials/undoing-changes/ (reset vs checkout vs revert)
4. http://stackoverflow.com/questions/2221658 (HEAD^ vs HEAD~) (See git rev-parse)
5. http://stackoverflow.com/questions/292357 (pull vs fetch)
6. http://stackoverflow.com/questions/39651 (stash vs branch)
7. http://stackoverflow.com/questions/8358035 (reset vs checkout vs revert)

SammyK

Proposed retry keyword in PHP

This is a pivot of the original syntax proposal thanks to feedback from twitter.

The retry keyword adds to the try\catch\finally block to optionally execute an arbitrary statement before jumping to the top of the try block n times.

TL;DR The retry keyword offers a cleaner, more readable & more efficient solution to a common problem.

A simple example

cstroe

A distilled list of open-source CRM software

Source: https://opensource.com/business/16/2/top-6-open-source-crm-tools-2016 + community contributions

EspoCRM `github.com/espocrm/espocrm`_ PHP https://www.espocrm.com

atoponce

Cryptographic Best Practices

Putting cryptographic primitives together is a lot like putting a jigsaw puzzle together, where all the pieces are cut exactly the same way, but there is only one correct solution. Thankfully, there are some projects out there that are working hard to make sure developers are getting it right.

The following advice comes from years of research from leading security researchers, developers, and cryptographers. This Gist was [forked from Thomas Ptacek's Gist][1] to be more readable. Additions have been added from

fevangelou

# === Optimized my.cnf configuration for MySQL/MariaDB (on Ubuntu, CentOS, Almalinux etc. servers) ===
#
# by Fotis Evangelou, developer of Engintron (engintron.com)
#
# ~ Updated December 2021 ~
#
#
# The settings provided below are a starting point for a 8-16 GB RAM server with 4-8 CPU cores.
# If you have different resources available you should adjust accordingly to save CPU, RAM & disk I/O usage.
#

SoftCreatR

// ==UserScript==
// @name         Shopstopper
// @namespace    https://www.softcreatr.de
// @version      0.2
// @description  Reminds you, that you already bought this product (if you did...)
// @author       Sascha "SoftCreatR" Greuel
// @match        https://pluginstore.woltlab.com/file/*
// @grant        none
// ==/UserScript==