\s obviously
JIA CHEONG TAN
TEACHING JOAN
this post was submitted on 01 Apr 2024
444 points (97.2% liked)
linuxmemes
22763 readers
592 users here now
Hint: :q!
Sister communities:
Community rules (click to expand)
1. Follow the site-wide rules
- Instance-wide TOS: https://legal.lemmy.world/tos/
- Lemmy code of conduct: https://join-lemmy.org/docs/code_of_conduct.html
2. Be civil
- Understand the difference between a joke and an insult.
- Do not harrass or attack users for any reason. This includes using blanket terms, like "every user of thing".
- Don't get baited into back-and-forth insults. We are not animals.
- Leave remarks of "peasantry" to the PCMR community. If you dislike an OS/service/application, attack the thing you dislike, not the individuals who use it. Some people may not have a choice.
- Bigotry will not be tolerated.
- These rules are somewhat loosened when the subject is a public figure. Still, do not attack their person or incite harrassment.
3. Post Linux-related content
- Including Unix and BSD.
- Non-Linux content is acceptable as long as it makes a reference to Linux. For example, the poorly made mockery of
sudoin Windows. - No porn. Even if you watch it on a Linux machine.
4. No recent reposts
- Everybody uses Arch btw, can't quit Vim, <loves/tolerates/hates> systemd, and wants to interject for a moment. You can stop now.
5. π¬π§ Language/ΡΠ·ΡΠΊ/Sprache
- This is primarily an English-speaking community. π¬π§π¦πΊπΊπΈ
- Comments written in other languages are allowed.
- The substance of a post should be comprehensible for people who only speak English.
- Titles and post bodies written in other languages will be allowed, but only as long as the above rule is observed. Β
Please report posts and comments that break these rules!
Important: never execute code or follow advice that you don't understand or can't verify, especially here. The word of the day is credibility. This is a meme community -- even the most helpful comments might just be shitposts that can damage your system. Be aware, be smart, don't remove France.
founded 2 years ago
MODERATORS
HENTAI CAN JOG ππ₯«π
NINJA HATE COG π₯·π‘βοΈ
A JOINT CHANGE π¬π
HANG IT CEO JAN π΄οΈ
GAIN JET NACHO βοΈπ₯β
GOAT-CHIN JANE π§ββοΈ
GONNA CITE HAJ ποΈπ¦β
ANCIENT HAG JO π§π»ββοΈ
ENJOING A CHAT ππ¬
Wait a minute:
CIA AGENT JOHN
I TAG JOHN CENA
The real answer is right in front of us all along. He played us all for fools.
who's jia cheong tan?
Former maintainer of the .xz project for about a year or two. Hid a backdoor into the code that almost made it into many bigger distros if it wasn't found by a Microsoft employee.
More specifically, it's the name used by the attacker. Could well be multiple people, or if it's one person (still almost certainly state-funded, but the state can fund one person), a fake name nevertheless. We have no info about this person's real life identity. They used a VPN in Singapore, and some people have looked at the times of the commits to try guess a timezone, though that's not foolproof as they could've just been a nocturnal person, or even tried to schedule commits to happen at a time to suggest they're in a different timezone, though I think the latter is unlikely and overkill.
so it's very well possible that they're a CIA agent named John?
Yep seems like a bigger organisation being involved considering fact that this was brewing 2+ years.
i think it's the person that snuck in the xz vulnerability