xz-utils backdoor situation (CVE-2024-3094)

FAQ on the xz-utils backdoor (CVE-2024-3094)

This is a living document. Everything in this document is made in good faith of being accurate, but like I just said; we don't yet know everything about what's going on.

Update: I've disabled comments as of 2025-01-26 to avoid everyone having notifications for something a year on if someone wants to suggest a correction. Folks are free to email to suggest corrections still, of course.


pyenv setup
pyenv virtualenv 3.7.7 contacts-service
pyenv local contacts-service 3.7.7
pipenv sync -d
Example of AWS AppConfig alongside the Serverless Framework for the use of Feature Flags
service: serverless-feature-flag
name: aws
runtime: nodejs12.x
lambdaHashingVersion: 20201221
memorySize: 128
stage: ${opt:stage, 'develop'}
region: eu-west-1
shouldStartNameWithService: true
Keyboard shortcuts for bash/zsh

Shell Keybindings

Navigation 🚀

Keybinding Action
Alt + f/b Move cursor to previous/next word
Ctrl + a/e Move cursor to beginning/end of command
Ctrl + xx Toggle between the start of line and current cursor position
Rails bin/setup script, from
# Set up Rails app. Run this script immediately after cloning the codebase.
# Exit if any subcommand fails
set -e
# Copy over configs
if ! [ -f .env ]; then
cp .sample.env .env
A serverless.yml file configuring a AWS ElastiCache redis instance that is accessible by all AWS Lambda functions deployed by this serverless function.
service: my-service
name: aws
runtime: nodejs8.10
stage: ${opt:stage, 'dev'}
"Fn::GetAtt": [ElasticCacheCluster, RedisEndpoint.Address]
Function that calculates AWS signature version 4 headers
import datetime
import hashlib
import hmac
import urllib.parse
def aws_sig_v4_headers(access_key_id, secret_access_key, pre_auth_headers,
service, region, host, method, path, query, payload):
algorithm = 'AWS4-HMAC-SHA256'
Helpful retrospective (retro) questions

Retro Questions

  • KPI dashboard review
  • Since our last retro, what's gone well?
  • How do we feel about our productivity and work/life balance
  • How is the product better than last week?
  • How is the company better than last week?
  • Is there anything we should ask a consultant about?
  • How is the office/ops?
  • How can we enjoy the journey more?
Serverless Lifecycle Cheat Sheet

Serverless plugin author's cheat sheet

This cheat sheet provides a detailed overview of the exposed lifecycle events and available commands (and entrypoints) of the Serverless framework, that can be hooked by plugins (internal and external ones). The document is structured by the commands invoked by the user.

Lifecycle events are shown as the globally available outer events (all providers) and sub lifecycle events that are provider specific in the called order. Currently only the AWS provider is shown. If you have information about the other provider,

m3u8 stream to mp4 using ffmpeg

1. Copy m3u8 link

Alt text

2. Run command

echo "Enter m3u8 link:";read link;echo "Enter output filename:";read filename;ffmpeg -i "$link" -bsf:a aac_adtstoasc -vcodec copy -c copy -crf 50 $filename.mp4