• 0 Posts
  • 29 Comments
Joined 1 year ago
cake
Cake day: June 27th, 2023

help-circle

  • I totally came to say this. Google has become designed to tarpit you into staying on the site longer. They no longer have the goal of giving you what you want quickly, they want you to see more ads.

    Google makes $307/yr. per user. They are strongly motivated to tarpit us. If we want a clean search experience we need to be open to the idea of paying.

    As an embedded systems dev that searches a lot of obscure stuff, I use Kagi and love it. Go try its free searches and see for yourself.

    If you value your time and mental stability, please do yourself a favor and go see what clean, high quality search results look like on Kagi.









  • The malicious code was written and debugged at their convenience and saved as an object module linker file that had been stripped of debugger symbols (this is one of its features that made Fruend suspicious enough to keep digging when he profiled his backdoored ssh looking for that 500ms delay: there were no symbols to attribute the cpu cycles to).

    It was then further obfuscated by being chopped up and placed into a pure binary file that was ostensibly included in the tarballs for the xz library build process to use as a test case file during its build process. The file was supposedly an example of a bad compressed file.

    This “test” file was placed in the .gitignore seen in the repo so the file’s abscense on github was explained. Being included as a binary test file only in the tarballs means that the malicious code isn’t on github in any form. Its nowhere to be seen until you get the tarball.

    The build process then creates some highly obfuscated bash scripts on the fly during compilation that check for the existence of the files (since they won’t be there if you’re building from github). If they’re there, the scripts reassemble the object module, basically replacing the code that you would see in the repo.

    Thats a simplified version of why there’s no code to see, and that’s just one aspect of this thing. It’s sneaky.