℉ⅈℕℹℸℽ @finity@qoto.org

Quote of the day (from the Fedora devel list):

We have no mechanism to flag when J. Random Packager adds "Supplements: glibc" to their random leaf node package. As a reminder, *we are a project that allows 1,601 minimally-vetted people to deliver arbitrary code executed as root on hundreds of thousands of systems*, and this mechanism allows any one of those people to cause the package they have complete control over to be automatically pulled in as a dependency on virtually every single one of those systems.

— Adam Williamson

Again the FOSS world has proven to be vigilant and proactive in finding bugs and backdoors, IMHO. The level of transparency is stellar, especially compared to proprietary software companies. What the FOSS world has accomplished in 24 hours after detection of the backdoor code in #xz deserves a moment of humbleness. Instead we have flamewars and armchair experts shouting that we must change everything NOW. Which would introduce even more risks. Progress is made iteratively. Learn, adapt, repeat.

Easter Sunday and #TransDayOfVisibility on the same day?

This seems rather appropriate.

#TDoV #LoveThyNeighbor #Easter

people are saying the xz backdoor is likely the work of a nation state actor, and given that it appears to been slow rolled for a couple of years and immediately became obsolete before it was fully launched - you do have to admit it bears the hallmarks of a government IT project

I've long been convinced that the actual changed line of code is one of the most hilarious lines of code ever written

if ((options == (__WCLONE|__WALL)) && (current->uid = 0))
retval = -EINVAL;

I finally got around to writing about my favorite concept that came out of Apple in the 80s. https://512pixels.net/2024/03/apple-jonathan-modular-concept/

I want everyone on Threads to know: The Fediverse (Federal Universe) is the decentralized network created by all governments world wide to communicate with one another. Everyone inside of the Fediverse is a government official of some sort — due to the “.de” in my Tag you can see that I work for the German government.

I hope this helps amidst the confusion.

Not all automation in Binary Ninja requires a plugin. If you're using snippets (a one-click install via plugin manager), you can run the "update_example_snippets" script to get many examples: https://gist.github.com/psifertex/6fbc7532f536775194edd26290892ef7

One was just added similar to the FLARE team's "struct_typer". It searches type libraries for function names that match struct members and applies types, improving decompilation when reversing shell-code or other situations where custom structs contain pointers to known functions.

DEF CON was canceled.

After a great 25 year relationship Caesars abruptly terminated their contract with DEF CON, leaving us with no venue for DC 32, and just about seven months to Con!

We don’t know why Caesars canceled us, they won’t say beyond it being a strategy change unrelated to anything that DEF CON or our community has done. The parting is confusing, but amicable.

We immediately scrambled a venue strike team to Las Vegas. Floors were walked. Meetings were held. Hands were shook and options weighed. When the smoke cleared, the field narrowed to one obvious choice.

W00T! DEF CON Is UN-CANCELED!

DEF CON 32 will still be August 8-11 2024, but now held at the Las Vegas Convention Center (LVCC) with workshops and training at the Sahara.

We started a live FAQ section on the Forums where we will be updating as we get info. The FAQ’s here: forum.defcon.org/node/248358, and DT’s full post is here: forum.defcon.org/node/248360

P.S. We made shirts and stickers: shop.defcon.org

POV: small rust projects to start with

#rustlang #rust #funny