Lasse Collin (the developer of xz-utils) has found out how to accept donations without breaking the Finnish money collection law:
https://github.com/tukaani-project/xz/issues/105#issuecomment-2599004098

He has created an account on #LiberaPay with a restriction to not accept donations from Finns or people living in Finland:
https://liberapay.com/Larhzu/

Poor tukaani #xzbackdoor https://tukaani.org/xz-backdoor/

I thought the case of the #xzbackdoor would be a really good way to make students aware of the many different dimensions of computing, and the “The Philosophy of the Open Source Pledge” https://vladh.net/the-philosophy-of-the-open-source-pledge/, which I assigned as reading, highlights many of the issues in a concise fashion.

Most students:

Neues Simplicissimus Video über den XZ-Hack (feat. @linuzifer ) - und das erstaunlich gut für nicht-ITler*innen erklärt

Wie dieser Deutsche das Internet gerettet hat

https://super8.absturztau.be/watch?v=8p8PHeGg--U

https://youtu.be/8p8PHeGg--U

I wish this NPR podcast wasn't slanted against 'open source software' (not even mentioning FOSS). It is a very well composed and informative story about the XZ Attack, but it expressly states that open source methods were the vulnerability, implying this production method 'that built the internet' is now ending its beneficial phase. https://www.npr.org/2024/05/17/1197959102/open-source-xz-hack

Reminds me of the news splatter claiming the economic model is all bad. #XZBackdoor #FOSS

NPR Podcast about the recent XZ backdoor hack that came close to breaking the internet: https://www.npr.org/2024/05/17/1197959102/open-source-xz-hack

Wer ist "Jia Tan"? Eine interessant zu lesende Spurensuche von
@marcel anhand von technischen Indizien zu Zeitzonen, Verhalten, Motive, Aufwand.

#XZBackdoor #ssh #opensource #dnip

https://dnip.ch/2024/05/14/spurensuche-jia-tan-xz/

Thanks to an extra set of eyes we narrowly avoid the XZ backdoor spreading across the globe.

Open source publishing is the most secure way to distribute code - That's why our client-side code is released transparently!

Read more here: https://tuta.com/blog/xz-linux-backdoor

Nach XZ-Backdoor: Open-Source-Software als Risiko oder strategischer Vorteil? | heise online
https://heise.de/-9692061 #xzUtils #xzBackdoor #OpenSource

I was thinking specifically of the #xz Utils incident when I wrote this weeks column calling for an #opensource tax credit for developers.

“A 2024 Harvard study valued [open source software] at $8.8 trillion.

A software project may be initially undertaken by a single developer as a hobbyist project, but … maintenance and security updates require long-term commitments, often by an entire community of developers.”

#xzbackdoor #floss #foss @floss @law #lawfedi

https://news.bloomberglaw.com/tax-insights-and-commentary/open-source-tax-credit-would-better-compensate-tech-developers

@deflockcom @Ent

But that's also why it was discovered. If Andres Freund had not used Debian Sid testing/unstable, he would not have discovered the #xzbackdoor.

Anyone who uses rolling releases usually knows that something like this can happen. #xz

Back door xz vulnerability has been officially reverted for @fedora 40 https://www.linux-magazine.com/Online/News/XZ-Gets-the-All-Clear #malare #XZBackdoor #Fedora #Ubuntu #ArchLinux #Linux #OpenSource #security #patch #Rawhide #FOSS

Welp, here we are.
https://openssf.org/blog/2024/04/15/open-source-security-openssf-and-openjs-foundations-issue-alert-for-social-engineering-takeovers-of-open-source-projects/

Also I cant believe the Tankies who are still defending China and Russia after this. As many issues anarchists have.

It makes me extremely curious about certain left wing talk shows like #seculartalk and #caitlynjohnstone not covering the #xzbackdoor story.

Lessons Learned From the xz Backdoor

https://spectra.video/videos/watch/ce5aeaf3-e74d-4bd1-8b70-07064c94ad94