00:42:55 James conroy: We don’t truck with those central Illinois folks 00:48:18 Jamal Ahmed: Slide Deck for tonight: https://1drv.ms/p/s!AgQhEfFA_KshgYMNqnhVQ_J1mfe63Q 00:48:18 Andrew Denner: https://1drv.ms/p/s!AgQhEfFA_KshgYMNqnhVQ_J1mfe63Q 00:52:31 James Conroy: arch claims it wasn't targeted https://archlinux.org/news/the-xz-package-has-been-backdoored/ 00:52:56 Sean T.: I think the backdoor specifically checked for deb and rpm 00:53:17 Grant T.: Reacted to "I think the backdoor..." with ➕ 00:54:28 Carey Schug/USA:IL:Des Plaines area: could AI look through all the code for possible bad spots to be checked manually? 00:55:37 Sean T.: From what I've heard, attempts to use AI to detect security vulnerabilities in code haven't been very successful. 00:56:13 Sean T.: Of'course people are trying and techniques will get better, but as of now I don't think AI is a panacea for this. 00:56:32 Grant T.: It makes perfect sense that the clever regurgitator can’t help figure out something new / unseen by itself. 01:06:09 Sam: "Nation State"? I would take a closer look at Texas... 01:06:19 James Conroy: Replying to ""Nation State"? I wo..." Shhhh 01:06:31 James Conroy: Replying to ""Nation State"? I wo..." We don't do anything like that 01:13:39 tony.c: he should have a blackhat on 01:13:51 Jamal Ahmed: Reacted to "he should have a bla..." with 😂 01:13:56 tony.c: at least a black hoodie 01:16:18 tony.c: i A dpkg-dev Depends xz-utils 01:16:49 tony.c: from ... 
aptitude why xz-utils 01:18:35 tony.c: https://www.youtube.com/watch?v=jg5F9UupL6I 01:19:11 Sean T.: Reacted to "https://www.youtube...." with ❤️ 01:20:47 Sam: "Hook" means shared object? 01:26:44 edhowland: https://oxide.computer/podcasts/oxide-and-friends/1843393 01:27:25 Lee Lammert: Dpes tjos ,eam tje suste,jas beem reverted to a safe version? 5.6.1.revertto5.4-3.2 01:42:35 Grant T.: lsof -p $(ps -aux | grep 'sshd' | grep 'listener' | awk '{print $2}') COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME sshd 3601 root cwd DIR 8,3 720 2 / sshd 3601 root rtd DIR 8,3 720 2 / sshd 3601 root txt REG 8,3 1158312 30271 /usr/sbin/sshd 01:42:38 Grant T.: hd 3601 root mem REG 8,3 1864504 59902 /lib64/libc.so.6 sshd 3601 root mem REG 8,3 100672 19130 /lib64/libz.so.1.2.13 sshd 3601 root mem REG 8,3 2852744 33415 /usr/lib64/libcrypto.so.1.1 sshd 3601 root mem REG 8,3 64024 25017 /lib64/libpam.so.0.85.1 sshd 3601 root mem REG 8,3 202544 59996 /lib64/libcrypt.so.2.0.0 sshd 3601 root mem REG 8,3 210664 60027 /lib64/ld-linux-x86-64.so.2 01:43:00 Grant T.: sshd 3601 root 0u CHR 1,3 0t0 4 /dev/null sshd 3601 root 1u CHR 1,3 0t0 4 /dev/null sshd 3601 root 2u CHR 1,3 0t0 4 /dev/null sshd 3601 root 3u IPv4 14641 0t0 TCP *:22 (LISTEN) sshd 3601 root 4u IPv6 14643 0t0 TCP *:22 (LISTEN) 01:43:26 Grant T.: # lsof -p $(ps -aux | grep 'sshd' | grep 'listener' | awk '{print $2}') | grep 'liblzma' # 01:46:03 Andrew Denner: https://oxide.computer/podcasts/oxide-and-friends/1843393 01:47:56 Gary Meyer: the above is the 1hr 15 min intervire w Andres... 01:53:50 Jamal Ahmed: this was awesome! thank you 01:59:43 Gary Meyer: NTPD maintainer (the sole one in 2016) is Harlan Stenn. He used to run Plus 5 Computing (I think) along I-170 02:03:30 Gary Meyer: here in StL. He and Alfredo Garcia from SLU University were active in the group that preceeded SLUUG. They "arranged" UUCP mail & file transfered back in the days of dialup modems back in 1980s here in StL 02:06:01 James Conroy: Well I;m looking at NTP, and it's managed in bitkeeper. I wonder how many distros support that anymore 02:06:12 James Conroy: arch only has it in the AUR 02:17:26 Jamal Ahmed: got to drop. Thanks everyone! 02:24:27 Robert Levitt: I have an appointment at 8 AM tomorrow morning. I’m going to have to go. Sayonara, everybody. 02:25:48 James Conroy: great simple tool to generate SBOMS https://github.com/anchore/syft 02:27:54 Jonathan Drews: https://marc.info/?l=openbsd-misc&m=171227941117852&w=2 02:29:23 Jonathan Drews: https://marc.info/?l=openbsd-misc&m=171179460913574&w=2 02:29:44 Jonathan Drews: "This dependency existed not because of a deliberate design decision by the developers of OpenSSH, but because of a kludge added by some Linux distributions to integrate the tool with the operating system's newfangled orchestration service, systemd." 02:31:12 James Conroy: example entry from SBOM 02:31:14 James Conroy: { "id": "681dc088302d615b", "name": "github.com/charmbracelet/lipgloss", "version": "v0.10.0", "type": "go-module", "foundBy": "go-module-file-cataloger", "locations": [ { "path": "/go.mod", "accessPath": "/go.mod", "annotations": { "evidence": "primary" } } ], "licenses": [], "language": "go", "cpes": [ "cpe:2.3:a:charmbracelet:lipgloss:v0.10.0:*:*:*:*:*:*:*" ], "purl": "pkg:golang/github.com/charmbracelet/lipgloss@v0.10.0", "metadataType": "go-module-entry", "metadata": { "h1Digest": "h1:KWeXFSexGcfahHX+54URiZGkBFazf70JNMtwg/AFW3s=" } }, 02:42:34 Andrew Denner: It depends how paranoid you are :-) 02:43:45 Andrew Denner: An argument for cattle not pets 02:45:05 Andrew Denner: http://cloudscaling.com/blog/cloud-computing/the-history-of-pets-vs-cattle/ 02:46:11 Andrew Denner: If you loose your pet dog you are mighty sad, if your cow in the herd dies oh well, kill it and quickly replace it. Build early and often 02:50:33 Brad Jones: Thank you, I will be replaying this tomorrow while at work. 02:52:08 Steve Stegmann: Andrew, thanks for the great, and scary, presentation 02:52:11 Andrew Denner: The AT&T outage from a few weeks ago 02:52:20 Andrew Denner: As well. Was a cert error 02:53:50 Ron BC: DarknetDiaries had a podcast episode about (likely) nation-state actors infiltrating Greek telecoms prior the the last Olympics held in Athens. I'm reminded of it with the 911 outage vis-a-vis hackers. 03:01:25 Ron BC: "a kludge added by some Linux distributions to integrate the tool with the operating system's newfangled orchestration service, systemd" Oh no, a server has been integrated with a service orchestrator. What a "kludge". 03:02:04 Ron BC: OpenBSD, those who couldn't keep their online man pages running during an upgrade - those guys?