Kevin BeaumontThe sshd backdoor in #XZ is just way beyond my technical ability. There’s so much there, I imagine more than a few conference talks are going to be submitted for it.
My amateur hour view is it’s really well put together (eg you can only execute commands if you have a private key that only the attacker has) and appears to allow remote removal of the backdoor, too. There’s a whole bunch of features which I’m too dumb to get.
Also for me, performance isn’t that bad - I wouldn’t have noticed it.
All GNU social JP content and data are available under the