XZ backdoor in a nutshell by Portable4775 in c/linux@lemmy.ml
[-] Portable4775@lemmy.zip 2 points 8 months ago

It places unknown/new software in a sandbox. You want an AV that tests all pre-existing packages in a sandbox.

XZ backdoor in a nutshell by Portable4775 in c/linux@lemmy.ml
[-] Portable4775@lemmy.zip 2 points 8 months ago

A whitelisting application has a list of what it knows it bad AND what it knows in advance to be good.

How would it know this? Is this defined by a person/people? If so, that wouldn't have mattered. liblzma was known in advance to be good, then the malicious update was added, and people still presumed that it was good.

This wasn't a case of some random package/program wreaking havoc. It was trusted malicious code.

Also, you're asking for an antivirus that uploads and uses a sandbox to analyze ALL packages. Good luck with that. (AVs would probably have a hard time detecting malicious build actions, anyways).

What we know about the xz Utils backdoor that almost infected the world by Portable4775 in c/programming@programming.dev
[-] Portable4775@lemmy.zip 8 points 8 months ago* (last edited 8 months ago)

It's crazy how they pressured/manipulated the maintainer. Especially fucked up considering he wasn't in a good mental state and was still helping the community by maintaining FOSS software.

Is TypeScript a fad or is my manager delusional? by Portable4775 in c/programming@programming.dev
[-] Portable4775@lemmy.zip 13 points 8 months ago

What's the point of calling something a "fad"? If the technology works well and it provides value to you, why should you care what other people think?

(Example: Look at PHP)

Portable4775

joined 8 months ago