We've been hosting a live show weekly on Mondays at 5p for about an hour, and recording them all; here is the recording.
In addition to Bryan Cantrill and Adam Leventhal, we were joined by special guest Andres Freund.
Our research for this episode:
- Andres' initial public disclosure
- New York Times: Did One Guy Just Stop a Huge Cyberattack? by Kevin Roose
- Kevin Roose
- New York Times front page from April 4th, 2024
- How I got started as a developer with Andres Freund & Heikki Linnakangas | Path To Citus Con Ep08
- The Mystery of ‘Jia Tan,’ the XZ Backdoor Mastermind | WIRED
- How one volunteer stopped a backdoor from exposing Linux systems worldwide - The Verge
- Linux backdoor was a long con, possibly with nation-state support, experts say - Nextgov/FCW
- research!rsc: Timeline of the xz open source attack
- Brian Krebs thread on mastodon
- Xz/liblzma: Bash-stage Obfuscation Explained
- A Microcosm of the interactions in Open Source projects
- Risky Business #743 -- A chat about the xz backdoor with the guy who found it (podcast)
- Risky Biz News: F-Droid narrowly avoided XZ-like incident in 2020 (podcast)
- What we know about the xz Utils backdoor that almost infected the world | Ars Technica
- Everything I know about the XZ backdoor
- LINUX Unplugged 556: The xz Backdoor Exposed 🚨 (podcast)
If we got something wrong or missed something, please file a PR! Our next show will likely be on Monday at 5p Pacific Time on our Discord server; stay tuned to our Mastodon feeds for details, or subscribe to this calendar. We'd love to have you join us, as we always love to hear from new speakers!