Sponsored By:

• Core Contributor Membership: Take $1 a month of your membership for a lifetime! Promo Code: summer
• Tailscale: Tailscale is a programmable networking software that is private and secure by default - get it free on up to 100 devices!
• 1Password Extended Access Management: Secure every sign-in for every app on every device.

Support LINUX Unplugged

Links:

• 💥 Gets Sats Quick and Easy with Strike
• 📻 LINUX Unplugged on Fountain.FM
• Jupiter Broadcasting Meetups
• XZ Utils Backdoor Vulnerability (CVE-2024-3094): Comprehensive Guide
• The Mystery of ‘Jia Tan,’ the XZ Backdoor Mastermind
• Who is ‘Jia Tan,’ the coder behind the XZ Utils Linux backdoor?
• Reflections on Distrusting xz
• The Linux kernel does not accept anonymous contributions due to legal reasons. — The Linux kernel does not accept anonymous contributions due to legal reasons.
• Kernel.org Docs on contributions — It is imperative that all code contributed to the kernel be legitimately free software.
• Elon Musk wants to ‘authenticate all real humans’ on Twitter.
• Elon Musk claims alien identity, links human brain function to AI purpose
• Elon Musk Finally Realizes That Verification Requires More Than A Credit Card, Planning To Make Users Upload Gov’t ID
• Elon Musk can show the world how to really do ID
• World ID
• Nostr: All Your Silos Are Broken
• Nostr Iceberg Meme
• NIP-01
• Mapping Nostr keys to DNS-based internet identifiers
• Navigating the social graph — In this paper, you will find a definition of the social graph, principles for thinking about it, and practical ideas for using it for DoS prevention, social discovery, anti-impersonation, accurate ratings, and more.
• Highlighter — Highlighter is like Substack & Patreon but on Nostr.
• Satlantis — Satlantis is like Trip Advisor, meets Instagram and Google Places.
• HiveTalk — Free Video Calls, Messaging and Screen Sharing
• zap.stream — Twitch alt powered by value for value and Nostr
• ostrGit — A truly censorship-resistant alternative to GitHub that has a chance of working.
• Blogstack — Write decentralized blogs over relay using nostr w/ ⚡ lightning tips.
• Ditto — Ditto is a Nostr community server. It has a built-in Nostr relay, a web UI, and it implements Mastodon's REST API.
• UseNostr
• awesome-nostr
• Decentralized publishing for the web
• Nostr Apps
• Nosta — New to Nostr? You're in the right place. Here you can easily set up your profile, discover apps, and browse other profiles.
• Amethyst
• amethyst: Nostr client for Android
• yana
• Primal App
• Membership Summer Discount — Take $1 a month of your membership for a lifetime!
• SpeechNote — Speech Note let you take, read and translate notes in multiple languages. It uses Speech to Text, Text to Speech and Machine Translation to do so.
• rhasspy/piper: — A fast, local neural text to speech system.
• Starship — The minimal, blazing-fast, and infinitely customizable prompt for any shell!
• starship on GitHub
• ZSH Docs: ZDOTDIR
• distrobox-assemble — distrobox-assemble takes care of creating or destroying containers in batches, based on a manifest file.
• Pick: Gathio — Gathio is a simple, federated, privacy-first event hosting platform.

Sponsored By:

• Tailscale: Tailscale is a programmable networking software that is private and secure by default - get it free on up to 100 devices!
• 1Password Extended Access Management: Secure every sign-in for every app on every device.

Support LINUX Unplugged

Links:

• 💥 Gets Sats Quick and Easy with Strike
• 📻 LINUX Unplugged on Fountain.FM
• oss-security mailing list — Backdoor in upstream xz/liblzma leading to ssh server compromise.
• Fedora Announcement
• Debian Announcement
• Ubuntu Announcement
• Kali Linux Announcement
• Arch Linux Announcement
• Gentoo Announcement
• openSUSE Tumbleweeed Announcement
• NixOS Unstable Discussion
• Why does it take two weeks for NixOS to replace xz?
• Andres Freund on Mastodon — I was doing some micro-benchmarking at the time, needed to quiesce the system to reduce noise. Saw sshd processes were using a surprising amount of CPU, despite immediately failing because of wrong usernames etc....
• rwmj on Hacker News — Very annoying - the apparent author of the backdoor was in communication with me over several weeks trying to get xz 5.6.x added to Fedora 40 & 41 because of its "great new features"
• A Microcosm of the interactions in Open Source projects — Make no mistake. This is the way it works. It needs to change.
• Devuan GNU/Linux on X — Devuan is not affected by the latest vulnerability caused by systemd.
• systemd PR: Dynamically load compression libraries
• Matteo Croce on X — I'm the author of such PR. While I absolutely didn't know that libxz had a backdoor, I really think that libraries should be loaded on-demand when rarely used, hence my change :)
• Ryan C. Gordon on X — This is probably how the xz thing happened, right?
• Jan Wildeboer on the Fediverse — Again the FOSS world has proven to be vigilant and proactive in finding bugs and backdoors, IMHO.
• Unplugged Core Membership
• TXLF is coming up! — April 12 - 13 in Austin, Texas.
• LFNW coming up! — April 26 - 28
• Mobile Game Ads Are Boosting Podcast Follower Counts — Wondery, iHeart and Lemonada Media are all using a non-public product from MowPod - which gives extra lives and game credits to gamers if they follow shows on Apple Podcasts from game apps.
• MowPod's podcast promotion tools: tales from the bar
• fortydeux's NixOS Configs
• Prism Launcher — An Open Source Minecraft launcher with the ability to manage multiple instances, accounts and mods.
• World Backup Day — March 31st — One small accident or failure could destroy all the important stuff you care about.
• Updating Our Fiddly Bits | LINUX Unplugged 494