more Quotes
Connect with us

Entertainment news

How one volunteer stopped a backdoor from exposing Linux systems worldwide – The Verge


An off-the-clock Microsoft worker prevented malicious code from spreading into widely-used versions of Linux via a compression format called XZ Utils.

p>span:first-child]:text-gray-13 [&_.duet–article-byline-and]:text-gray-13″>

Illustration of a computer screen with a blue exclamation point on it and an error box.

a:hover]:text-gray-63 [&>a:hover]:shadow-underline-black dark:[&>a:hover]:text-gray-bd dark:[&>a:hover]:shadow-underline-gray [&>a]:shadow-underline-gray-63 dark:[&>a]:text-gray-bd dark:[&>a]:shadow-underline-gray”>Photo by Amelia Holowaty Krales / The Verge

Linux, the most widely used open source operating system in the world, narrowly escaped a massive cyber attack over Easter weekend, all thanks to one volunteer.

The backdoor had been inserted into a recent release of a Linux compression format called XZ Utils, a tool that is little-known outside the Linux world but is used in nearly every Linux distribution to compresses large files, making them easier to transfer. If it had spread more widely, an untold number of systems could have been left compromised for years.

And as Ars Technica noted in its exhaustive recap, the culprit had been working on the project out in the open.

The vulnerability, inserted into Linux’s remote log-in, only exposed itself to a single key, so that it could hide from scans of public computers. As Ben Thompson writes in Stratechery.  “the majority of the world’s computers would be vulnerable and no one would know.”

The story of the XZ backdoor’s discovery starts in the early morning of March 29th, as San Francisco-based Microsoft developer Andres Freund posted on Mastodon and sent an email to OpenWall’s security mailing list with the heading: “backdoor in upstream xz/liblzma leading to ssh server compromise.”

Freund, who volunteers as a “maintainer” for PostgreSQL, a Linux-based database, noticed a few strange things over the past few weeks while running tests. Encrypted log-ins to liblzma, part of the XZ compression library, were using up a ton of CPU. None of the performance tools he used revealed anything, Freund wrote on Mastodon. This immediately made him suspicious, and he remembered an “odd complaint” from a Postgres user a couple of weeks earlier about Valgrind, Linux’s program that checks for memory errors. 

After some sleuthing, Freund eventually discovered what was wrong. “The upstream xz repository and the xz tarballs have been backdoored,” noted Freund in his email. The malicious code was in versions ​​5.6.0 and 5.6.1 of the xz tools and libraries. 

Shortly after, enterprise opensource software company Red Hat sent out an emergency security alert for users of Fedora Rawhide and Fedora Linux 40. Ultimately, the company concluded that the beta version of Fedora Linux 40 contained two affected versions of the xz libraries. Fedora Rawhide versions likely received versions 5.6.0 or 5.6.1 as well.

PLEASE IMMEDIATELY STOP USAGE OF ANY FEDORA RAWHIDE INSTANCES for work or personal activity. Fedora Rawhide will be reverted to xz-5.4.x shortly, and once that is done, Fedora Rawhide instances can safely be redeployed.

Although a beta version of Debian, the free Linux distribution, contained compromised packages, its security team acted swiftly to revert them. “Right now no Debian stable versions are known to be affected,” wrote Debian’s Salvatore Bonaccorso in a security alert to users on Friday evening.

Freund later identified the person who submitted the malicious code as one of two main xz Utils developers, known as JiaT75, or Jia Tan. “Given the activity over several weeks, the committer is either directly involved or there was some quite severe compromise of their system. Unfortunately the latter looks like the less likely explanation, given they communicated on various lists about the “fixes” mentioned above,” wrote Freund in his analysis, after linking several workarounds that were made by JiaT75.

JiaT75 was a familiar name: they’d worked side-by-side with the original developer of .xz file format, Lasse Collin, for a while. As programmer Russ Cox noted in his timeline, JiaT75 started by sending apparently legitimate patches to the XZ mailing list in October of 2021.

Other arms of the scheme unfolded a few months later, as two other identities, Jigar Kumar and Dennis Ens, began emailing complaints to Collin about bugs and the project’s slow development. However, as noted in reports by Evan Boehs and others, “Kumar” and “Ens” were never seen outside the XZ community, leading investigators to believe both are fakes that existed only to help Jia Tan get into position to deliver the backdoored code.

“With your current rate, I very doubt to see 5.4.0 release this year. The only  progress since april has been small changes to test code. You ignore the many  patches bit rotting away on this mailing list. Right now you choke your repo.  Why wait until 5.4.0 to change maintainer? Why delay what your repo needs?”

“With your current rate, I very doubt to see 5.4.0 release this year. The only  progress since april has been small changes to test code. You ignore the many  patches bit rotting away on this mailing list. Right now you choke your repo.  Why wait until 5.4.0 to change maintainer? Why delay what your repo needs?”

a:hover]:text-black [&>a:hover]:shadow-underline-black dark:[&>a:hover]:text-gray-e9 dark:[&>a:hover]:shadow-underline-gray-63 [&>a]:shadow-underline-gray-13 dark:[&>a]:shadow-underline-gray-63″>An email from “Jigar Kumar” pressuring the developer of XZ Utils to relinquish control of the project.
a:hover]:text-gray-63 [&>a:hover]:shadow-underline-black dark:[&>a:hover]:text-gray-bd dark:[&>a:hover]:shadow-underline-gray [&>a]:shadow-underline-gray-63 dark:[&>a]:text-gray-bd dark:[&>a]:shadow-underline-gray”>Image: Screenshot from The Mail Archive

“I am sorry about your mental health issues, but its important to be aware of your own limits. I get that this is a hobby project for all contributors, but the community desires more,” wrote Ens in one message, while Kumar said in another that “Progress will not happen until there is new maintainer.”

In the midst of this back and forth, Collins wrote that “I haven’t lost interest but my ability to care has been fairly limited mostly due to longterm mental health issues but also due to some other things,” and suggested Jia Tan would take on a bigger role. “It’s also good to keep in mind that this is an unpaid hobby project,” he concluded. The emails from “Kumar” and “Ens” continued until Tan was added as a maintainer later that year, able to make alterations, and attempt to get the backdoored package into Linux distributions with more authority.

The xz backdoor incident and its aftermath are an example of both the beauty of open source and a striking vulnerability in the internet’s infrastructure.

A developer behind FFmpeg, a popular open-source media package, highlighted the problem in a tweet, saying “The xz fiasco has shown how a dependence on unpaid volunteers can cause major problems. Trillion dollar corporations expect free and urgent support from volunteers.” And they brought receipts, pointing out how they dealt with a “high priority” bug affecting Microsoft Teams.

Despite Microsoft’s dependence on its software, the developer writes, “After politely requesting a support contract from Microsoft for long term maintenance, they offered a one-time payment of a few thousand dollars instead…investments in maintenance and sustainability are unsexy and probably won’t get a middle manager their promotion but pay off a thousandfold over many years.”

Details of who is behind “JiaT75,” how they executed their plan, and the extent of the damage are being unearthed by an army of developers and cybersecurity professionals, both on social media and online forums. But that happens without direct financial support from many of the companies and organizations who benefit from being able to use secure software.

Continue Reading

Entertainment news

Study sheds new light on origin of fast radio bursts –

The long-time exposure photo taken on July 25, 2022 shows a night view of China’s Five-hundred-meter Aperture Spherical Radio Telescope (FAST) under maintenance in southwest China’s Guizhou Province. [Photo/Xinhua]

A Chinese research team has introduced a novel method for a comprehensive analysis of the behaviors of active fast radio bursts (FRBs) in the time-energy domain and revealed the randomness of the behaviors.

FRBs are intense pulses of radio emission that last just a few milliseconds. The origin of these brightest cosmic explosions in radio bands remains unknown.

Based on the rich data of China’s Five-hundred-meter Aperture Spherical radio Telescope (FAST), a research team at the National Astronomical Observatories of the Chinese Academy of Sciences (NAOC) proposed a new analysis framework that is able to quantify the randomness and chaotic nature of the bursting events.

The study reveals that the FRBs’ behaviors in the time-energy domain are fundamentally different from those of common transient physical phenomena such as earthquakes and solar flares, and exhibit a high degree of randomness like a Brownian motion, shedding new light on the origin of FRBs.

The excellent observation capabilities of FAST, combined with innovative analytical methods, will enable in-depth study of mysterious burst signals in the universe, which is expected to eventually reveal their origin, said Li Di, from NAOC, who led the study.

The study was published Friday as a cover paper in the journal Science Bulletin.

<!–enpproperty 1171244262024-04-14 14:44:34:0Study sheds new light on origin of fast radio burstsChina,FAST,Astronomy10077075074NationNation Chinese research team has introduced a novel method for a comprehensive analysis of the behaviors of active fast radio bursts in the time-energy domain.101弓迎春/enpproperty–>

Continue Reading

Entertainment news

Star Diary: Comet 12P/Pons-Brooks reaches its brightest (15 to 21 April 2024) – Sky at Night Magazine

Comet 12P/Pons-Brooks reaches perihelion, its closest approach to the Sun this week, and should be at its brightest. Find out how you can see them for yourself as well as our usual stargazing highlights in this week’s podcast guide, Star Diary, 15 to 21 April 2024.

Find Star Diary in your favourite podcast player now

Chris: Hello and welcome to Star Diary, the podcast from the makers of BBC Sky at Night Magazine. You can subscribe to the digital edition of the magazine by visiting iTunes, Google Play, or Apple News, or to the print edition by visiting

Ezzy: Greetings listeners, and welcome to Star Diary. A weekly guide to the best things to see in the northern hemisphere’s night sky. As we are based here in the UK, all times are in BST. In this episode, we’ll be covering the coming week from 15 to 21 April. I’m Ezzy Pearson, the magazine’s features editor and I’m joined on the podcast today by Katrin Raynor, an astronomer and astronomy writer.

Hello, Katrin.

Katrin: Hello, Ezzy. How are you?

Ezzy: I’m doing well. So what do we have coming up in this week’s night sky?

Katrin: As we pass the middle of April, we have the start of another meteor shower and a planetary conjunction, which is going to be tricky to observe. The Moon is going to delight us this week with a few clair obscur effects, which appeal to adults and younger observers alike.

You know, they’re real… great fun to spot. So the Solar System, well, on 19th, the Eta Aquarid meteor shower begins. But it doesn’t peak until the beginning of May, when it may be possible to see around 50 meteors per hour.

So these meteors originate from the consultation of Aquarius and is debris left over from Halley’s comets.

Unfortunately, the shower is more prominent in the southern hemisphere and appears in the early pre dawn hours at northerly latitudes. But it will be possible to see some meteors in the eastern sky.

And conjunction wise with the planets, on 20th we have Jupiter and Uranus. They’re reaching conjunction, separated by just half a degree. And they’re going to be low on the western horizon in the dusk glow.

Bright Jupiter will be easy to spot, however Uranus is going to be a bit more tricky. So grab a pair of binoculars or a telescope to see the conjunction after 9PM BST. And Comet Pons-Brooks passes into the constellation of Taurus the Bull.

Speaking of the comets, Comet Pons-Brooks reaches perihelion on 21st.

So perihelion is when an orbiting body passes at its closest point to the Sun. And the comet should be at its predicted maximum brightness of magnitude +4.5, which means it may be visible with the naked eye in the western horizon. Perihelion, I think my astronomy teacher a few years ago, to remember perihelion and aphelion. He always said, perihelion meaning perilous, it’s close to the Sun.

So I also, that was a really good way of remembering.

Ezzy: Yeah. That is one that took me a while to get my head around. For me, it’s aphelion is it’s afar. Which is… I think yours is better.

Katrin: Yeah. Peri. Perilous. It’s going to get burned up by the S

un or something. I don’t know. It’s too close.

Ezzy: Yeah. The thing I always get slightly mixed up in my brain is the fact that when it’s a perihelion, it doesn’t necessarily mean it’s hidden behind the Sun.

Because to me, it’s like when it’s its closest, oh, that must be when it’s on the other side of the Sun. But that’s not actually what happens at all because of the way that our orbits are aligned and everything like that. Sometimes we can be looking at it sideways on when it’s passing close to the Sun.

Sometimes, comets do pop behind the Sun for a bit and can’t see them. But we should be able to see it when it’s passing through perihelion.

Katrin: And similar to that, actually, I will think if it’s closer to Earth. Then we’ll be able to see it better, but obviously that’s not the case. So there’s always like these nuances and it’s like, ooh.

Ezzy: When it’s closer to the Sun it’s giving off more gas. It’s hotter so it’s giving off more gas and more dust. So it’s got a bigger tail and coma and we can see it and it’s more bright. But it’s also sometimes further away than other times. And it’s this kind of like balance. And also comets are just notoriously unpredictable.

Katrin: They are.

Ezzy: You’re never sure what they’re going to do. I mean, it might be that comet Pons-Brooks doesn’t survive its encounter with perihelion. Sometimes comets do just break up. Hopefully it won’t, hopefully we’ll have a couple more weeks of it gracing our night skies still to come.

Katrin: Yes, I mean we deserve a good comet, don’t we really. But just to say it is going to be a challenging object to view in the twilight sky. By the end of the month it’s going to disappear into the evening twilight, so make the most of any clear nights to get out and observe it.

So the Moon, we have a couple of clair obscur effects to look out for this week. If you’re not familiar with this term, clair obscur is the interplay of light and shadow as the Moon changes its phases. So it’s possible to see faces, letters, and star clusters on the Moon caused by the changing light and shadow.

And as I mentioned earlier, these are  just great effects to spot. They’re real fun. I think, you know, it’s a good opportunity for kids to get involved. It might spark their interest. And yeah, I’ve seen, you know, a few of these effects now. And I remember the first time I saw Lunar X and V, I was like, “Oh,” yeah, you know, you can see the actual, the letters on the Moon.

It was brilliant.

Ezzy: Some of them are definitely easier to see than others. And some of them are much more obvious. Like, why is the Lunar X called the Lunar X? Because it looks like an X. So you know what you’re looking for.

Katrin: Yeah. I mean, a bit like the Jewelled Handle effect. I’m like, oh, it’s going to be bright and sparkly, but you know, it’s not. But worthwhile seeing. And I will be talking about this in a minute.

But 16 April, we have two effects to look out for on the morning of 16th as the Moon starts to set in the western sky. So we have Lunar X and Lunar V. It should be visible along the terminator. And the terminator is the line separating the light and the dark sides of the Moon.

So the X appears when sunlight skims the rims of the adjoining craters, Blanchinus, La Caille and Purbach at the same time, so their interiors are still steeped in shadow. Excuse my pronunciation there. I think we were talking earlier, weren’t we Ezzy, that because astronomy can be a lone hobby, if you like. Sometimes when you’re coming across these words, you’ve got no one to turn to and say, “well, how do I pronounce these?”

Ezzy: It also doesn’t help that it’s so many things are just a mismatch of all these different languages. You know, you’ve got some which are French and some which are Latin. Then there’s occasional Arabic one gets chucked in there as well, some Chinese. It’s just, I don’t know what pronunciation scheme I’m following here.

So, I think, just try your best.

Katrin: Sure and people pronounce them differently as well, don’t they? So it’s a bit like the tom-ah-to, tom-ay-to thing.

Ezzy: Yeah.

Katrin: But, you know, they’re still right. We’re both right, no matter how you pronounce it.

Farther north along the terminator, look for the Lunar V at the same time.

The slanted sunlight highlights two converging ridges of Mare Imbrium ejecta and the eroded rims of the craters Ukert M and N, located just east of Ukert. So I think you are going to have to kind of take to the internet or dig out your Moon map to locate these craters. There’s so many on the Moon, you know, if I was trying to tell you how to view these now, I’d probably be here for a long time.

Ezzy: Well, as usual, we have guides on how to locate the Lunar X and the Lunar V, and many craters on the Moon as well, over on our website, So if you are trying to find anywhere in particular, that’s always a good place to start.

Katrin: Moving on to 18th, so two days later after you’ve hopefully managed to spot Lunar X and Lunar V, the Jewelled Handle will be visible, which is best through binoculars or a small telescope.

So if you locate the 77% waxing gibbous Moon around 7PM BST, you’ll be able to see the illuminated arc of the Jura Mountains that border Sinus Iridum, the Bay of Rainbows, which is a semi circular bay located on the northwest region of the Moon. And I do think the Jewelled Handle will probably be a lot easier to spot than Lunar X and V.

So yeah, a lot to see, I think, on the Moon. Lots of exciting effects. So keep an eye out for.

Ezzy: Yeah, I think it’s also one of those things that’s really lovely about the Moon is because not only does it have these phases, which it changes every day, because it’s also got the libration. So that’s sort of like the Moon’s wobble a bit.

No two months are the same, even if you’re looking at when the sort of like the same phase, the light and the shadow is always slightly different. So it does change when you’re looking at it. So it’s well worth having a closer look at the Moon whenever you can.

Katrin: Like I said a few weeks ago, you know, I just, I love looking at the Moon, except when there is a meteor shower happening around the time.

Ezzy: Except when there’s a meteor shower.

Katrin: I think the Moon’s a bit like Marmite then, isn’t it? You either love it or hate it.

Ezzy: I think you sometimes love it and you sometimes hate it.

Katrin: Yes. We’re loving it this week. So just to end the week on 16th, this week’s dark sky object will create a real buzz, which is a terrible joke, because I’m going to talk about the Beehive Cluster.

So whilst you’re out on the night of 16th looking for Lunar X and V, take a trip to the constellation of Cancer to see the 60% waxing Moon, and sitting 3.3º northeast of M44, which is the Beehive Cluster, and it’s an open star cluster and one of the closest star clusters to Earth. I think Mary may have mentioned this a few weeks ago, so grab a pair of binoculars. Locate your gaze downwards from the Moon to find this area of glittering stars.

It is possible to see the cluster with the naked eye from dark sky sites, but it’s a popular pit stop for astronomers when conjunctions with the Moon or planets occur.

Ezzy: We often talk about when the Moon’s going to be passing the Beehive Cluster because the two do look very good together. Yeah. And as usual, if anybody does take a picture of that or any of the other things we’ve mentioned this week, please do send them in to us at Find the details in the notes below. We always love seeing your images and we print the best pictures in the magazine every month.

So hopefully there’ll be something in this week’s night sky that you’ll be able to get out there and have a look at. And thank you, Katrin, for taking us through all of them.

If at home you want to make sure that you are kept up to date with all of the latest goings on in the night sky, please do subscribe to the podcast and we will hopefully see you here next week.

But to just summarise this week again, we start off on 19th with the Eta Aquarid meteor shower which will just be beginning on 19th.

On 20th, Jupiter and Uranus are going to be in conjunction, so you get to see the two of those together.

On 21st, Comet Pons-Brooks is going to be reaching perihelion and will be at its brightest. It’s going to be disappearing out of our skies in the next couple of weeks, so definitely try to get a glimpse of that whilst you still can.

Over on the Moon, we’ve got several clair obscur effects which are definitely worth looking for. On 16 April, the Lunar X and V will both be visible along the terminator.

On the 18th, the Jewelled Handle will be on show near to the Bay of Rainbows.

And finally, on 16th as well, look out towards the Beehive Cluster where you’ll be able to see it next to the 60% waxing Moon.

So lots of really good things to see in the night sky. Thank you very much again  Katrin for taking us through all of those and we’ll hopefully see all of you back here next week. Goodbye!

If you want to find out even more spectacular sights that will be gracing the night sky this month, be sure to pick up a copy of BBC Sky at Night magazine where we have a 16 page pull out sky guide with a full overview of everything worth looking up for throughout the whole month. Whether you like to look at the Moon, the planets, or the deep sky.

Whether you use binoculars, telescopes, or neither, our sky guide has got you covered. With detailed star charts to help you track your way across the night sky. From all of us here at BBC Sky at Night Magazine, goodbye.

Chris: Thank you for listening to this episode of the Star Diary podcast from the makers of BBC Sky at Night Magazine.

Which was edited by Lewis Dobbs. For more of our podcasts, visit our website at, or head to Spotify, iTunes or your favorite podcast player.

Continue Reading

Entertainment news

Deals: Samsung Galaxy A55 and A35 prices fall – news –

In the last week of March, Amazon Germany offered a free storage upgrade for the Galaxy A55, so the 128GB and 256GB models both cost the same – €480. Now that is over, but the two versions cost less.

The 256GB model is down to €460 and now getting the 128GB one actually makes sense as its price is down to €400. The Galaxy A55 has a microSD slot, so it’s easy to add more storage if you need it. The A55 has a premium build, great battery life and the Samsung/AMD chipset is both fast and stable under sustained load.

There’s also the Samsung Galaxy A35. It has the same display (Gorilla Glass Victus+ and all), but it uses the older Exynos 1380 chipset. And the 128GB model has only 6GB of RAM, you need to go up to the 256GB version if you want 8GB RAM (which is a bit pricey at the moment). That aside, the two phones are more similar than they are different.

For a more detailed comparison, check out our Galaxy A55 vs. Galaxy A35 article.

The Samsung Galaxy S23 FE is touted as an alternative to the A55 in some regions, but that doesn’t work in Germany. The 128GB model is €160 more than the A55 and the extra performance of the Exynos 2200 isn’t worth it, in our opinion. The poor battery life is a major downside and the 10MP 3x telephoto camera doesn’t quite make up for it.

The Realme 12 Pro+ is one to check out if zoom on a budget is something you want. It has a 3x periscope (71mm) with a 64MP sensor behind it. 3x shots turn out great in almost all lighting conditions, 6x shots are okay, but you need a stead hand. Anyway, the Realme also brings a 50MP main (1/1.56”, OIS) and 8MP ultra wide (112°), plus a 32MP selfie (22mm lens). It features a 6.7” 120Hz FHD+ AMOLED display, a Snapdragon 7s Gen 2 chipset and a 5,000mAh battery with 67W fast charging.

The Honor 90 Lite is half the price, but boasts a 100MP main camera. It’s also responsible for zooming, since there is no dedicated tele lens. This phone has a 6.7” 90Hz IPS LCD (FHD+) and a Dimensity 6020 for 5G connectivity, plus a 4,500mAh battery with 35W fast charging. We almost didn’t mention the 5MP ultra wide camera, but it barely deserves mentioning.

Amazon has a weird combo on offer – Samsung Galaxy Tab A9 or Tab A9+ with a pair of Galaxy Buds Pro 2. You can have just the tablets for €100 less, but the headphones cost €140 on their own, so there are some savings to be had. There are versions with Wi-Fi and with cellular connectivity, but note that the plus model has 5G, while the regular A9 only has 4G.

The Lenovo Legion Go takes the Ryzen Z1 Extreme that we’ve seen in the Asus ROG Ally, but makes the controllers detachable like on the Nintendo Switch. Also, this one packs an 8.8” LCD with QHD+ resolution and 144Hz refresh rate, so it has the edge on the Ally.

Remember LG? They may have bailed on smartphones, but they still make accessories. Check out the LG Tone Free DT80Q TWS buds. They have ANC and Dolby tech on board, both Atmos and Dolby Head Tracking. The sound processing is develop by the British audio pioneers Meridian.

We may get a commission from qualifying sales.

Continue Reading


Copyright © 2021 ZimFocus.

One Zimbabwe Classifieds | ZimMarket

Zimbabwe Market Classifieds | ZimMarket

1 Zimbabwe Market Classifieds | ZimMarket

Linking Buyers To Sellers Is Our Business Tradition