Maciej’s notes and links

Hi, I’m Maciej. I’m a software engineer and cycling enthusiast. You can find my notes and link collections here.

xz attack

This is a collection of links and quotes from the many articles published on the topic of the recent XZ Utils attack. There is no original research here. Andres Freund’s email to Openwall mail list, that publicly disclosed the vulnerability Bash Obfuscation Explained from two pieces by Russ Cox: Timeline of the xz open source attack and The xz attack shell script Filippo Valsorda’s thread on Bluesky I found Russ Cox’s Timeline of the xz open source attack to be particularly informative on the social / human aspects of the operation....

April 3, 2024