[conspire] xz exploit and backdoor

[Ron / BCLUG]

Rick Moen wrote on 2024-04-05 10:53:

> Maintaining_Chromium_, by contrast, is a dizzyingly complex and
> expensive task, that I imagine teams of volunteers without corporate
> backing couldn't hand,

I saw on the Wikipedia link that there are 31,000,000 lines of code, 
excluding comments & blank lines!


> any more than Firefox would be maintainable
> without Mozilla Corporation having a revenue base, and continuing to see
> its future in the browser codebase.

It's been raised as a reason that Canonical packages browsers as snaps 
now - even for them (and like them or not, they're skilled), merely 
building & packaging them is daunting.

I heard recently that Canonical is now offering paid support for Ubuntu 
14.04. Therefore there must be enough clients asking for this to make it 
worthwhile.

And, if so, the more they could bundle as snaps - once - and have run on 
14.04 through 24.04... well, I can see the appeal.



> Web browsers are just that complex -- as Deirdre, who's been an insider
> on WebKit / Apple Safari, can tell you.  Worryingly, they are also a
> major attack target with a huge attack surface.

Yeah, they're the single largest potential vulnerability vector on 
desktop computers.

Fortunately, until "AI", many of the best and brightest developers were 
working tirelessly for a decade or so to harden them (sandboxing, 
multi-process arch, etc.).


I take some solace in that.




> So say we all.
> https://www.youtube.com/watch?v=EisvM8F_5PE
> 
> (Hey, link is from another of Canada's gifts to world culture, BSG.)

Hey, that was filmed here. Cool.

I just spent way too much time looking for my old neighbourhood, with 
its Potemkin Village and studio buildings without luck.


Locations:

http://www.battlestarlocations.com/locations-guide


CMPP Backlot Studio (Potemkin Village):

https://www.google.ca/maps/@49.2000048,-122.9792597,65a,35y,360h,60.39t/data=!3m1!1e3?hl=en&entry=ttu