Blurblogs
Global
Popular
Log in
sjon's blurblog
3273 stories
·
6 followers

A MySQL compatible database engine written in pure Go by mliezun
Thursday April 11th, 2024 at 1:52 PM

Hacker News: Newest
1 Share

Article URL: https://github.com/dolthub/go-mysql-server

Comments URL: https://news.ycombinator.com/item?id=39983490

Points: 277

# Comments: 54

Read the whole story
Sjon
4 days ago
reply
Share this story
Delete

1.18k drawings of plant root systems by bookofjoe
Tuesday April 9th, 2024 at 12:23 PM

Hacker News: Newest
1 Share

Article URL: https://images.wur.nl/digital/collection/coll13/search

Comments URL: https://news.ycombinator.com/item?id=39974646

Points: 233

# Comments: 58

Read the whole story
Sjon
6 days ago
reply
Share this story
Delete

Backdoor in upstream xz/liblzma leading to SSH server compromise by Thom Holwerda
Saturday March 30th, 2024 at 9:35 AM

OSnews
1 Share

After observing a few odd symptoms around liblzma (part of the xz package) on Debian sid installations over the last weeks (logins with ssh taking a lot of CPU, valgrind errors) I figured out the answer:

The upstream xz repository and the xz tarballs have been backdoored.

At first I thought this was a compromise of debian’s package, but it turns out to be upstream.

↫ Andres Freund

I don’t normally report on security issues, but this is a big one not just because of the severity of the issue itself, but also because of its origins: it was created by and added to upstream xz/liblzma by a regular contributor of said project, and makes it possibly to bypass SSH encryption. It was discovered more or less by accident by Andres Freund.

I have not yet analyzed precisely what is being checked for in the injected code, to allow unauthorized access. Since this is running in a pre-authentication context, it seems likely to allow some form of access or other form of remote code execution.

↫ Andres Freund

The exploit was only added to the release tarballs, and not present when taking the code off GitHub manually. Luckily for all of us, the exploit has only made it way to the most bloodiest of bleeding edge distributions, such as Fedora Rawhide 41 and Debian testing, unstable and experimental, and as such has not been widely spread just yet. Nobody seems to know quite yet what the ultimate intent of the exploit seems to be.

Of note: the person who added the compromising code was recently added as a Linux kernel maintainer.

Read the whole story
Sjon
16 days ago
reply
Share this story
Delete

Radios, how do they work? by todsacerdoti
Friday March 29th, 2024 at 4:36 PM

Hacker News: Newest
1 Share

Article URL: https://lcamtuf.substack.com/p/radios-how-do-they-work

Comments URL: https://news.ycombinator.com/item?id=39813679

Points: 197

# Comments: 16

Read the whole story
Sjon
17 days ago
reply
Share this story
Delete

The One Billion Row Challenge in Go: from 1m45s to 4s in nine solutions by nalgeon
Wednesday March 6th, 2024 at 1:30 PM

Hacker News: Newest
1 Share

Article URL: https://benhoyt.com/writings/go-1brc/

Comments URL: https://news.ycombinator.com/item?id=39578501

Points: 386

# Comments: 162

Read the whole story
Sjon
40 days ago
reply
Share this story
Delete

Financial systems take a holiday by nfriedly
Friday March 1st, 2024 at 5:18 AM

Hacker News: Newest
1 Share

Article URL: https://www.bitsaboutmoney.com/archive/financial-systems-take-a-holiday/

Comments URL: https://news.ycombinator.com/item?id=39553801

Points: 161

# Comments: 139

Read the whole story
Sjon
45 days ago
reply
Share this story
Delete
Next Page of Stories