You can spin up a cheap VPS in a matter of minutes for less than five dollars. You do not need anything but a credit card usually. If you want a dedicated server all to yourself then it gets significantly more expensive but no less straightforward. If you want to put your own hardware online you’ll have to look at a collocation seller or arrange something with an ISP.

Of course if your home internet connection upstream is good enough, and your ISP permissive enough you could also just do dynamic DNS and have everything running off that.

Why not? Nationalize it and treat it like the infrastructure it is. Take the ISPs, too, while you’re at it.

Video is nearly impossible to host in a sustainable way. The bandwidth usage is among the most expensive things you can host. The only way you’re getting something better than YouTube is if it’s tax funded somehow.

I imagine if this attacker wasn’t in a rush to get the backdoor into the upcoming Debian and Fedora stable releases he would have been able to notice and correct the increased CPU usage tell and remain undetected.

I think ideas about prevention should be more concerned with the social engineering aspect of this attack. The code itself is certainly cleverly hidden, but any bad actor who gains the kind of access as Jia did could likely pull off something similar without duplicating their specific method or technique.

as long as you’re up to date on everything here: https://boehs.org/node/everything-i-know-about-the-xz-backdoor

the only additional thing i’ve seen noted is a possibilty that they were using Arch based on investigation of the tarball that they provided to distro maintainers

I don’t foresee anyone with the kind of data needed to do more investigation releasing it to the public, so I doubt we’re going to be getting any satisfying answers to this. Microsoft may have an internal team combing through github logs, but if they find anything they’re unlikely to be sharing it with anyone but law enforcement agencies.

we know about the singapore VPN because they connected to IRC on libera chat with it. the only reason I can think people would believe they’re from hong kong is because of the pseudonym they used, but it’s not like that proves anything.

see link posted in another user’s reply: https://boehs.org/node/everything-i-know-about-the-xz-backdoor#irc

he was using a singapore VPN and had access to multiple sockpuppets. we know literally nothing else about them and anything you’ve heard to the contrary is baseless rumor.

leading theory is that it was a state-sponsored actor, but frankly even that much is speculation and which state is still way up in the air.

i also remember having the cube around the same time in OSX somehow but I forget the method

Imagine a cape on an escalator.

deleted by creator

Not just space, bandwidth.

It means they can’t make porn images of celebs or anime waifus, usually.

Look into your shell’s tab completion abilities, the find command, and fzf. There’s also stuff like midnight commander but I find that to be a little overkill for my tastes.