Notices by AndresFreundTec (andresfreundtec@mastodon.social), page 2

I wholeheartedly agree with what Russ wrote here:

"Also if there's anything the community can do for Lasse personally, please pass that along."

"Anyone can be the victim of social engineering."

"I suspect many of us here have had nightmares about being in Lasse's
position, and probably will have more of them in the future."

Indeed.

https://www.openwall.com/lists/oss-security/2024/03/30/25

@dgilman Unfortunately I suspect we'll see a lot more such attacks going forward, in all likelihood with more success in some cases.

I accidentally found a security issue while benchmarking postgres changes.

If you run debian testing, unstable or some other more "bleeding edge" distribution, I strongly recommend upgrading ASAP.

https://www.openwall.com/lists/oss-security/2024/03/29/4

I was doing some micro-benchmarking at the time, needed to quiesce the system to reduce noise. Saw sshd processes were using a surprising amount of CPU, despite immediately failing because of wrong usernames etc. Profiled sshd, showing lots of cpu time in liblzma, with perf unable to attribute it to a symbol. Got suspicious. Recalled that I had seen an odd valgrind complaint in automated testing of postgres, a few weeks earlier, after package updates.

Really required a lot of coincidences.