<p>Thinking a lot about the <a href="https://mastodon.social/tags/xz" class="mention hashtag" rel="tag">#<span>xz</span></a> backdoor this week. Almost exactly 10 years ago, I wrote this about the <a href="https://mastodon.social/tags/Heartbleed" class="mention hashtag" rel="tag">#<span>Heartbleed</span></a> attack and how we should do more to support <a href="https://mastodon.social/tags/OSS" class="mention hashtag" rel="tag">#<span>OSS</span></a>, especially for important libraries. Sadly, almost all of what I wrote then is still relevant. <a href="https://web.archive.org/web/20140420132336/https://mashable.com/2014/04/14/heartbleed-open-source/" target="_blank" rel="nofollow noopener noreferrer" translate="no"><span class="invisible">https://</span><span class="ellipsis">web.archive.org/web/2014042013</span><span class="invisible">2336/https://mashable.com/2014/04/14/heartbleed-open-source/</span></a></p>
<p>Working my way down the shopping list: IPv6 support in the IP stack needs to happen eventually but is probably not a near term priority since this is a LAN connected test device.</p><p>Making the IP changeable via firmware is easy, I should do that next.</p><p>Then probably replacing hard-coded SSH password auth with (configurable) public key auth is a reasonable next step. Will have to start digging through the SSH RFCs to figure out how ssh-ed25519 client authentication actually works.</p>
<p><span class="h-card" translate="no"><a href="https://void.rehab/@mia" class="u-url mention">@<span>mia</span></a></span> no (yes (no))</p>
<p>Facial expression + Columbo outfit looks a little sus ikik but it makes more sense when you see the original reference trust me</p>
<p>actually it looks like the library was not as bad as i thought and i don&#39;t *need* to ship the entire JS engine to run it on a JS host</p>
@ageha@tomo.airen-no-jikken.icu can’t sleep, even with boythoughts (◞‸◟;)
<p><span class="h-card" translate="no"><a href="https://federated.saagarjha.com/users/saagar" class="u-url mention">@<span>saagar</span></a></span> <span class="h-card" translate="no"><a href="https://discuss.systems/@steve" class="u-url mention">@<span>steve</span></a></span> <span class="h-card" translate="no"><a href="https://social.treehouse.systems/@marcan" class="u-url mention">@<span>marcan</span></a></span> but why T___T</p>
watching Bob Ross and having some fun.
Attached image 0