Una puntata monografica e più sofferta del solito per raccontare della vicenda che ha tenuto tutto il mondo Linux col fiato sospeso e ha scatenato una serie interessantissima di discussioni intorno alla sostenibilità dell'Open Source e alla fiducia che riponiamo nel codice scritto da altri e che eseguiamo sulle nostre macchine.

Links:

A Microcosm of the interactions in Open Source projects - https://robmensching.com/blog/posts/2024/03/30/a-microcosm-of-the-interactions-in-open-source-projects/

Bullying in Open Source Software Is a Massive Security Vulnerability - https://www.404media.co/xz-backdoor-bullying-in-open-source-software-is-a-massive-security-vulnerability/

xz/liblzma: Bash-stage Obfuscation Explained - https://gynvael.coldwind.pl/?id=782&lang=en

Everything I Know About the XZ Backdoor - https://boehs.org/node/everything-i-know-about-the-xz-backdoor

Timeline of the xz open source attack - https://research.swtch.com/xz-timeline

The xz attack shell script - https://research.swtch.com/xz-script

Reflections on Trusting Trust - https://www.cs.cmu.edu/~rdriley/487/papers/Thompson_1984_ReflectionsonTrustingTrust.pdf

00:00 Intro

02:14 xs supply chain attack

#xz #linux #supplychain #opensource #attack #security #cybersecurity

===

Podcast

Spotify - ⁠https://open.spotify.com/show/4B2I1RTHTS5YkbCYfLCveU

Apple Podcasts - ⁠https://podcasts.apple.com/us/podcast/buongiorno-da-edo/id1641061765

Amazon Music - ⁠https://music.amazon.it/podcasts/5f724c1e-f318-4c40-9c1b-34abfe2c9911/buongiorno-da-edo

=

RSS - ⁠https://anchor.fm/s/b1bf48a0/podcast/rss