The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

    Mastodon

  • Twitter Updates

  • My Flickr Stream

    20140508-Delphi-2007--Project-Options--Cannot-Edit-Application-Title-HelpFile-Icon-Theming20140430-Fiddler-Filter-Actions-Button-Run-Filterset-now20140424-VMware-Fusion-6.0.3.-no-reclaimable
    More Photos

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 1,860 other subscribers

Archive for March 30th, 2024

FemFM – 〝50% vrouw in je oor, of we zappen door!〞

Posted by jpluimers on 2024/03/30

[Wayback/Archive] FemFM – 〝50% vrouw in je oor, of we zappen door!〞 werd in 2024 gelanceerd vlak voor de Women’s History Month en Internationale Vrouwendag door Felienne Hermans.

Felienne is bekend van bijvoorbeeld haar promotieonderzoek naar de impact van Excel op de samenleving, maar vooral van haar drive te onderzoeken hoe zo veel mogelijk mensen – ongeacht hun achtergrond – kunnen leren programmeren), Joy of Coding, de Hedy programmeertaal (met veel support voor andere alfabetten dan wat we in de westerse wereld gebruiken) en haar boek The Programmer’s Brain: What every programmer needs to know about cognition.

Ze is enorm goed in haar werk, en komt daarmee regelmatig in aanraking met vooringenomenheid over vrouwen. Daar verbaast ze zich terecht over, en ook dat het lastig om content (op allerlei soorten gebieden) te consumeren gemaakt door vrouwen. Dat overkwam haar bijvoorbeeld bij het luisteren naar muziek op de Nederlandse radio: daar kwamen veel meer mannelijke artiesten aan bod dan vrouwelijke.

Vandaar FemFM, en Felienne zou Felienne niet zijn als de source code niet openbaar was, dus hier wat linkjes:

Read the rest of this entry »

Posted in Audio, Awareness, Development, IceCast, Inclusion / inclusive society, Java, Java Platform, Media, Power User, Python, Scripting, Software Development, Web Development | Leave a Comment »

XZ 5.6.x are backdoored and present in many systems: downgrade to 5.4.x or earlier now; consider libarchive compromised until proven otherwise

Posted by jpluimers on 2024/03/30

Edit 20240331: because of

https://mastodon.social/@kobold/112183756981119562

Debian is working on reverting back to even earlier than 5.4.x

[Wayback/Archive] #1068024 – revert to version that does not contain changes by bad actor – Debian Bug report logs

> I'd suggest reverting to 5.3.1. Bearing in mind that there were security
> fixes after that point for ZDI-CAN-16587 that would need to be reapplied.

Note that reverted to such an old version will break packages that use
new symbols introduced since then. From a quick look, this is at least:
- dpkg
- erofs-utils
- kmod

Having dpkg in that list means that such downgrade has to be planned
carefully.

Original post:

Everything I know about the XZ backdoor

Note that because of the Wayback Machine limit of 5 archivals per URL per day, the archived versions are rapidly getting out-of-date.

It is way worse:

[Wayback/Archive] Thread by @_ruby on Thread Reader App – Thread Reader App

@_ruby: The setup behind the CVE-2024-3094 supply-chain attack is fascinating. I originally wanted to finish and share a tool to audit other OSS projects for anomalous contributor behavior, but I feel what I found tr……

How it was found:

Analogy on how it was found:

Via:

Related:

If you are running homebrew on a Mac, then update too:

Of course this “XKCD dependency” adoption applies:

[Wayback/Archive] GJ4KvbeWIAAS_mu (535×680)

Posted in C, Compression, Development, Infosec (Information Security), Power User, Security, Software Development, xz | Leave a Comment »