Let us begin with Jasmin Paris completes the Barkley Marathons race, the first woman to do the five loop race, with only 99 seconds to spare before the time limit would have stopped her attempt. Which is extremely impressive, given that part of the Barkley tradition involves finding books, running laps on presumably-memorized courses, having to meet time checkpoints along the way, and a whole lot of other things that make it not just a test of physical endurance, but mental capacity. So with no ACL from a decades-old injury, and with a fair amount of hallucinations along the way, Jasmin still completed the Barkley on her third attempt. It turns out that while she was doing this feat, there had been serious worries from the race directors as to whether to stop Jasmin from going out while she was having issues keeping food down. But she completed it, taking several records and firsts along the way, not that she was concerned with such things while out on the course.
The men's side had several finishers, including one who completed the event on his first run.
An important technology note: if you are the kind of person who runs a rolling-release Linux system, or you have pinned your installation to the more unstable parts of your release, the xz package was targeted for malicious code inclusion, and versions that had backdoors that would make ssh sessions insecure through exploitation of systemd were pushed to some of the unstable or rolling-release repositories. The general advice is that if you have an affected version, that you run an update through your package manager immediately, so as to either revert to a safer version or to install a patched version that has removed the backdoor from it. The exploit was discovered by someone running diagnostics on why their sessions with ssh were taking extra time and CPU and why other parts of the system were throwing errors and crashes, and then was able to trace the fault to the xz and lzma tarballs that had been uploaded by a new contributor to xz. Timeline construction and behavior analysis of the contributor and possible sockpuppet accounts is ongoing, while the still sole legitimate maintainer of the package has put up a site about the backdoor, including a link to a FAQ. Much of the other commentary I have seen around about this has been basically about xkcd 2347 and how vulnerable this can make that sole developer, anywhere in the world, especially if they're having crises and would more than happily welcome another person to help maintain a package that a significant amount of people depend upon. Even more so if they're not, y'know, getting paid for their software maintenance by anyone so they can make a living paying attention to such things.
For the most part, the response has been "Fuck, we got lucky", as there are now people spidering out to try and reverse-engineer the payload and see if there are any other attack vectors that could accomplish the same tasks as this one. One person noticed and analyzed and found something suspicious. And then the ethos of open source and analysis went to work.
( More things inside, including technological fails, spreading ashes at theme parks, and people who did very smart things they could not talk about as they were doing them and afterward )
Last for tonight, a person with a phenomenal talent for word recall who makes a living playing (and mostly winning) Scrabble tournaments with an eerie ability to find the maximum-scoring play.
(Materials via![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png)
adrian_turtle, azurelunatic, boxofdelights, cmcmck, conuly, cosmolinguist, elf, finch, firecat, jadelennox, jenett, jjhunter, kaberett, lilysea, oursin, rydra_wong, snowynight, sonia, the_future_modernes, thewayne, umadoshi, vass, the ![[community profile]](https://www.dreamwidth.org/img/silk/identity/community.png)
meta_warehouse community, little_details, and anyone else I've neglected to mention or who I suspect would rather not be on the list. If you want to know where I get the neat stuff, my reading list has most of it.)
The men's side had several finishers, including one who completed the event on his first run.
An important technology note: if you are the kind of person who runs a rolling-release Linux system, or you have pinned your installation to the more unstable parts of your release, the xz package was targeted for malicious code inclusion, and versions that had backdoors that would make ssh sessions insecure through exploitation of systemd were pushed to some of the unstable or rolling-release repositories. The general advice is that if you have an affected version, that you run an update through your package manager immediately, so as to either revert to a safer version or to install a patched version that has removed the backdoor from it. The exploit was discovered by someone running diagnostics on why their sessions with ssh were taking extra time and CPU and why other parts of the system were throwing errors and crashes, and then was able to trace the fault to the xz and lzma tarballs that had been uploaded by a new contributor to xz. Timeline construction and behavior analysis of the contributor and possible sockpuppet accounts is ongoing, while the still sole legitimate maintainer of the package has put up a site about the backdoor, including a link to a FAQ. Much of the other commentary I have seen around about this has been basically about xkcd 2347 and how vulnerable this can make that sole developer, anywhere in the world, especially if they're having crises and would more than happily welcome another person to help maintain a package that a significant amount of people depend upon. Even more so if they're not, y'know, getting paid for their software maintenance by anyone so they can make a living paying attention to such things.
For the most part, the response has been "Fuck, we got lucky", as there are now people spidering out to try and reverse-engineer the payload and see if there are any other attack vectors that could accomplish the same tasks as this one. One person noticed and analyzed and found something suspicious. And then the ethos of open source and analysis went to work.
( More things inside, including technological fails, spreading ashes at theme parks, and people who did very smart things they could not talk about as they were doing them and afterward )
Last for tonight, a person with a phenomenal talent for word recall who makes a living playing (and mostly winning) Scrabble tournaments with an eerie ability to find the maximum-scoring play.
(Materials via
adrian_turtle, azurelunatic, boxofdelights, cmcmck, conuly, cosmolinguist, elf, finch, firecat, jadelennox, jenett, jjhunter, kaberett, lilysea, oursin, rydra_wong, snowynight, sonia, the_future_modernes, thewayne, umadoshi, vass, the meta_warehouse community, little_details, and anyone else I've neglected to mention or who I suspect would rather not be on the list. If you want to know where I get the neat stuff, my reading list has most of it.)
