Low Level Learning - Backdoor In Open Source by Subverting The Build Tools

This is pretty crude stuff compared to what could be done, but still, it shows how vulnerable git repos can be. [Correction: git was not involved in the backdoor, see Soléne's blog post Lessons learned with XZ vulnerability, nevertheless, git will happily distribute any binary files, including executables that could be used to subvert the development process. This can happen by accident or design, see e.g. https://github.com/LifeWithDavid/RaspberryPiPico-BareMetalAdventures/tree/main/Chapter%2004] See Backdoor in upstream xz/liblzma leading to SSH server compromise for some more details.

Subscribe to Low level Learning.

Comments

Post a Comment

Popular posts from this blog

David Hestenes - Tutorial on Geometric Calculus

Image
This is a very high-level overview, and not too technical, for the first fifteen minutes at least. It's about the relationship between mathematics and physics and development of scientific ideas. At 40:11 he shows how Structure and Interpretation of Classical Mechanics should have been written! See Lasenby, Doran & Gull (1998[2004])  Gravity, Gauge Theories and Geometric Algebra   and  David Hestenes - New foundations for classical mechanics . Subscribe to  Nomen Nominandum . GAME2020 - 1. Dr. Leo Dorst. Get Real! (new audio!) See  https://www.jeremyong.com/klein/  in this context SSE stands for  Streaming SIMD Extensions . See also  https://enkimute.github.io/ganja.js . Subscribe to BiVector .
Read more

David Turner Obituary by Sarah Nicholas Fri 24 Nov 2023

Image
This was in The Guardian: David Turner obituary , only eight days after I posted  David Turner Talking About Sixty Years of Functional Programming History : This talk was given in London in 2017: See  Turner, D. A. "Some History of Functional Programming Languages" also  John Hughes - Why Functional Programming Matters  and David MacQueen's talk at ICFP 2015 in  Numberphile - Sophie Maclean on the Catalan Numbers . At 10:30 This whole discussion abut combinator reduction is especially interesting. I didn't know Arthur Norman had tried building hardware for combinator machines. I'll look that up: maybe start here A.C. Norman  Faster combinator reduction using stock hardware  in LFP '88: Proceedings of the 1988 ACM conference on LISP and functional programming. At 26:25 on the ISWIM virtual machine implemented in the PAL compacting garbage collector?! This work Reynolds and others did was at MIT in Masecheusetts and Argonne National Laboratory Illinois. Did
Read more

Modeling Probability Distributions and Solving Differential Equations

Image
See  Spread Polynomials : 27:48 On factorization of spread-polynomials, see  Lewis Carroll - Crocodile Story Subscribe to Norman Wildberger . JPL Orbits & Ephemerides: https://ssd.jpl.nasa.gov/orbits.html See also this very impressive student project, which is a digital orrery that uses the JPL Ephemerides: https://www.robots.ox.ac.uk/~mjc/Papers/3YP_Report.pdf  This seems to be the basis for a way to make a space-flight simulator for planets. See  Trying to Make a Sci-Fi Movie  for the context. See also  Laplace Transform : Algebraic construction The Laplace transform can be alternatively defined in a purely algebraic manner by applying a field of fractions construction to the convolution ring of functions on the positive half-line. The resulting space of abstract operators is exactly equivalent to Laplace space, but in this construction the forward and reverse transforms never need to be explicitly defined (avoiding the related difficulties with proving convergence).  Mikusiński
Read more