{"id":77960,"date":"2024-04-26T12:26:02","date_gmt":"2024-04-26T04:26:02","guid":{"rendered":"https:\/\/version-2.com\/?p=77960"},"modified":"2024-09-25T17:46:05","modified_gmt":"2024-09-25T09:46:05","slug":"how-linux-almost-had-a-terrible-horrible-no-good-very-bad-day","status":"publish","type":"post","link":"https:\/\/version-2.com\/zh\/2024\/04\/how-linux-almost-had-a-terrible-horrible-no-good-very-bad-day\/","title":{"rendered":"How Linux (Almost) Had a Terrible, Horrible, No Good, Very Bad Day"},"content":{"rendered":"\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

<\/p>

How Linux (Almost) Had a Terrible, Horrible, No Good, Very Bad Day<\/strong><\/h2>

If there\u2019s one thing you can say about the people behind the xz supply chain hack, they were certainly willing to play a long con. \u00a0\u00a0 For the last two years, a (probable) state-sponsored hacker quietly began integrating themselves into the open source community, particularly with the people responsible for maintaining xz utils (more on what this is and what it does in a minute.)\u00a0 They began systematically inserting a back door into this core component of the Linux operating system that would have allowed attackers to bypass SSH authentication and remotely access millions of systems.\u00a0 We were just days away from the biggest supply chain attack<\/a> in history when they were caught.<\/p>

What is XZ Utils?<\/strong><\/h4>

Xz Utils is a program that handles file compression, and it is included as part of several popular Linux distros like Fedora, Debian, and Ubuntu.\u00a0 There is even a Windows version, although Windows software is usually a zip file rather than an xz file.\u00a0 \u00a0 Programs like this are crucial because large downloads like software packages need to be compressed, or they would take forever to download even with the highest internet speed.<\/p>

\u00a0<\/p>

Open Source, Open to All<\/strong><\/h4>

To understand how we came so close to disaster, you first have to understand how open source<\/a> software works.\u00a0 Open source means that the source code \u2013 the building blocks of the software \u2013 is available for anyone to see and modify. \u00a0 Open source software is like buying a box of legos<\/a> \u2013 sure, you can make the robot on the outside of the box, but you can also modify and invent whatever you want.\u00a0 The same applies to open source software \u2013 if you have the requisite programming knowledge, you can contribute bug fixes, work on features, and shape the future of the programs you use every day.\u00a0 Software like Microsoft Windows and macOS are closed source (although macOS runs on FreeBSD, which is open source, but the user interface and applications are closed source.) With these operating systems, you\u2019re at the mercy of Microsoft and Apple to fix bugs, and as we all know, they often don\u2019t (just take a look at this 40+-year-old bug<\/a> someone found in Windows in 2018!)\u00a0 The huge advantage of using an open source OS like Linux is that if you have a bug or a feature request that you want to be implemented, you can just do it yourself. \u00a0\u00a0 Of course, just because anyone can technically contribute, does not mean there is just software anarchy.\u00a0 According to The Linux Foundation, most projects have a structure<\/a>:<\/p>