[conspire] xz exploit and backdoor

Ron / BCLUG admin at bclug.ca
Fri Apr 5 00:35:48 PDT 2024 

Rick Moen wrote on 2024-04-05 00:11:

> A decade ago was about when the OpenBSD Foundation got so sick and 
> tired of OpenSSL problems that they created the pared-down LibreSSL 
> fork, which was a very good idea and is quite meritorious.  But 
> LibreSSH?

I was mistaken - LibreSSL was the thing I was thinking of, not the
hallucination called LibreSSH.

OpenSSL being responsible for HeartBleed, not OpenSSH.

I have a memory like a steel trap: rusty.


> Since 2015, pseudonymous developer "Eloston" and a small number of 
> others have removed the code for Google-specific Web services from 
> Chrome's open-source base browser Chromium, replaced Google's binary 
> BLOBs, added configuration flags missing from Chrome, and in general 
> applied a patchset to remove corporate embuggerment -- as persistent 
> fork "ungoogled-chromium".

Wait a second, I thought Chromium was, if not de-Googled, pre-Googled
(the open browser that Google added their stuff to)?


That is, I thought that by having Chromium as a backup browser, I was
running what people sometimes referred to as "un-Googled Chrome".

> Chromium lacks the following Chrome features:[9]
> 
> Automatic browser updates
> 
> API keys for some Google services including browser sync[10]
> 
> The Widevine DRM module Licensed codecs for the popular H.264 video 
> and AAC audio formats
> 
> Tracking mechanisms for usage and crash reports

https://en.wikipedia.org/wiki/Chromium_(web_browser)


Ah, okay, I feel comfortable with that as a backup browser.


ungoogled-chromium's Wiki:

> Features
> 
> Disabling functionality that requires Google domains, including 
> Google Safe Browsing.[9]
> 
> Replacing Google web domains with non-existent domains, and blocking 
> internal requests to those domains.[9]
> 
> Removing binary blobs from the Chromium code and replacing them with
> custom alternatives.[9]
> 
> Adding dozens of flags to change browser behavior that is otherwise 
> unconfigurable.[9]


Yeah, that'll do.

Long Live Firefox.

rb

More information about the conspire mailing list