xz check

[osprey]

In case one wishes to check whether their xz binary is affected by the xz exploit, there's a check at: https://xz.fail/
Upload the xz binary which is usually at /usr/bin/xz in the installed filesystem, and the website checks it out and returns a result like: CLEAN no implantation detected.
There's an anti robot captcha to plod through. It's probably only relevant for those who run more "bleeding edge" installations, but by now most have probably upgraded beyond the infected software.

 

[KGIII]

I am clean with Lubuntu.

I knew that already. I just wanted to fit in and be one of the cool kids!

 

[Condobloke]

hey !....me too !

 

[bob466]

Me too.

 

[CaffeineAddict]

Upload the xz binary

What is xz binary? I only know of xz archives.

 

[KGIII]

What is xz binary? I only know of xz archives.

See the first post:

Upload the xz binary which is usually at /usr/bin/xz in the installed filesystem

 

[CaffeineAddict]

See the first post

Ah, sorry I missed that somehow,

My reports says:

"status":"benign"

It should say "clean" right?
according to google translate benign means it's good too.

 

[KGIII]

according to google translate benign means it's good too.

It means you're fine.

I wonder if a bad example would be referred to as 'malignant'.

 

[f33dm3bits]

What is xz binary? I only know of xz archives.

which xz
/usr/bin/xz

 

[KGIII]

The language in this video is adult in nature. If you click this link, you will hear adult language.

I think it's important to understand the social engineering that went into this.

If you are underage and an adult restricts you from bad language, you can read and extrapolate from this blog post that kind of sums it up.

A Microcosm of the interactions in Open Source projects

Originally a thread on Twitter about the xz/liblzma vulnerability, when I finished typing it, I realized I had a real world slice of Open Source interaction that deserved more attention.

robmensching.com

Again, there will be adult language in the video. (I almost didn't include this, but we allow adult language, and themes, in the various music threads. I figure being off-site is an acceptable barrier to entry.)

 

[Disabled]

If you click this link

I saw that already.. thanks anyway, but is a new one which have timeline, much more interesting...
I wonder if we ever find out, like.. who is behind and who is that so called microsoft employee...
I bet he was a linux dev
Your turn !

 

[KGIII]

I bet he was a linux dev

He is and was. He works for MSFT. MSFT contribute to the kernel and other FOSS projects. MSFT is on the Linux Foundation.