arc.net released for everyone who uses windows as BETA.
❤1
A supply-chain attack involving obfuscated malicious code in the xz package was discovered by a developer at Microsoft who noticed a small 600ms delay with SSH processes when doing some routine micro-benchmarking. The account that made the offending commits seemingly played the long game, slowly gaining the trust of xz's developer before injecting the attack. The attack allows for the interception and modification of data used with the library, allowing malicious actors to break sshd authentication and gain access to affected systems. The situation is developing and more vulnerabilities could be discovered. https://www.techspot.com/news/102456-linux-could-have-brought-down-backdoor-found-widely.html
TechSpot
Linux could have been brought down by backdoor found in widely used utility
Andres Freund, a PostgreSQL developer at Microsoft, was doing some routine micro-benchmarking when he noticed a small 600ms delay with ssh processes, noticing that these were using...
🤯1
In a study, students who learned to code with AI made more progress during training sessions, had significantly higher correctness scores, and retained more of what they learned compared to students who didn't learn with AI.
https://austinhenley.com/blog/learningwithai.html
Austinhenley
Learning to code with and without AI
We studied the impact of AI code generators on novice programmers and how they used the AI.
The xz/liblzma vulnerability was introduced by an attacker who offered to help a struggling solo maintainer following community pressure to implement changes.
https://robmensching.com/blog/posts/2024/03/30/a-microcosm-of-the-interactions-in-open-source-projects/
Robmensching
A Microcosm of the interactions in Open Source projects
Originally a thread on Twitter about the xz/liblzma vulnerability, when I finished typing it, I realized I had a real world slice of Open Source interaction that deserved more attention.
This article looks at how GitHub entered the market, what existed before, and what gap GitHub filled.
https://graphite.dev/blog/github-monopoly-on-code-hosting
Graphite.dev
How GitHub monopolized code hosting
How GitHub became a version control monopoly