thesamesam

FAQ on the xz-utils backdoor (CVE-2024-3094)

This is a living document. Everything in this document is made in good faith of being accurate, but like I just said; we don't yet know everything about what's going on.

Background

On March 29th, 2024, a backdoor was discovered in xz-utils, a suite of software that

adtac

#!/usr/bin/env -S bash -c "docker run -p 8080:8080 -it --rm \$(docker build --progress plain -f \$0 . 2>&1 | tee /dev/stderr | grep -oP 'sha256:[0-9a-f]*')"

# syntax = docker/dockerfile:1.4.0

FROM node:20

WORKDIR /root

RUN npm install sqlite3

Frityet

How to install game-porting-toolkit (aka proton for macOS)

You also might wanna just use Whisky which does this automatically

This guide works on macOS 13.4+ using Command Line Tools for XCode 15 Beta!

What is this?

In the recent WWDC, Apple announced and released the "game porting toolkit", which upon further inspection this is just a modified version of CrossOver's fork of wine which is a "compatibility layer" that allows you to run Windows applications on macOS and Linux.

rain-1

Purpose

Bootstrap knowledge of LLMs ASAP. With a bias/focus to GPT.

Avoid being a link dump. Try to provide only valuable well tuned information.

Prelude

Neural network links before starting with transformers.

DavidWells

/* Ultra lightweight Github REST Client */
// original inspiration via https://gist.github.com/v1vendi/75d5e5dad7a2d1ef3fcb48234e4528cb
const token = 'github-token-here'
const githubClient = generateAPI('https://api.github.com', {
  headers: {
    'User-Agent': 'xyz',
    'Authorization': `bearer ${token}`
  }
})

bugbountynights

${ctx:loginId}
${map:type}
${filename}
${date:MM-dd-yyyy}
${docker:containerId}
${docker:containerName}
${docker:imageName}
${env:USER}
${event:Marker}
${mdc:UserId}

SwitHak

Security Advisories / Bulletins / vendors Responses linked to Log4Shell (CVE-2021-44228)

Errors, typos, something to say ?

• If you want to add a link, comment or send it to me
• Feel free to report any mistake directly below in the comment or in DM on Twitter @SwitHak

Other great resources

• Royce Williams list sorted by vendors responses Royce List
• Very detailed list NCSC-NL
• The list maintained by U.S. Cybersecurity and Infrastructure Security Agency: CISA List

gregsadetsky

As noted by @murdats below, there are more URLs than just these 1440 ones, depending on the argument values
that are hashed (as the filenames below are MD5 hashes of a few arguments: red/blue pill color, HHMM time, etc.)

You can read details about the algorithm used to generate these URLs here:

https://news.ycombinator.com/item?id=28448335

---

00:00 https://thechoiceisyours.whatisthematrix.com/generated/v7/high/d43725991d28ffcab04aa716762cf6af.mp4

ityonemo

A half-hour to learn Zig

This is inspired by https://fasterthanli.me/blog/2020/a-half-hour-to-learn-rust/

Basics

the command zig run my_code.zig will compile and immediately run your Zig program. Each of these cells contains a zig program that you can try to run (some of them contain compile-time errors that you can comment out to play with)

bcherny

Notes on Martin Kleppmann's excellent Designing Data-Intensive Applications.

Chapter 1: Reliable, Scalable, and Maintainable Applications

• Data Systems
  • Dimensions to consider when thinking about data systems: access patterns, performance characteristics, implementations.
  • Modern data systems often blur the lines between databases, caches, streams, etc.
• Reliability
  • Systems should perform the expected function at a given level of performance, and be tolerant to faults and user mistakes
• Fault: One component of a system deviating from its spec. Prefer tolerating faults over preventing them (except for things like security issues). Faults stem from hardware failures, software failures, and human error (in a study, config errors caused most outages).