The major breakthrough here is a method for interfacing brain like organic tissue (that they had already developed) with electronic components. They’re using the brain tissue in a similar fashion as a neural network based AI and training it to relay signals to electronic components in response to certain stimuli, if I understood the article correctly; I skimmed quite a bit though.

deleted by creator

If you disable it you can prevent Microsoft from force updating your windows 10 install to windows 11. Obviously a play to get people to buy new hardware for 11 but a useful anti feature I suppose until you can stomach switching to Linux.

Unless you’re expecting a third game in a series.

I imagine if this attacker wasn’t in a rush to get the backdoor into the upcoming Debian and Fedora stable releases he would have been able to notice and correct the increased CPU usage tell and remain undetected.

I think ideas about prevention should be more concerned with the social engineering aspect of this attack. The code itself is certainly cleverly hidden, but any bad actor who gains the kind of access as Jia did could likely pull off something similar without duplicating their specific method or technique.

as long as you’re up to date on everything here: https://boehs.org/node/everything-i-know-about-the-xz-backdoor

the only additional thing i’ve seen noted is a possibilty that they were using Arch based on investigation of the tarball that they provided to distro maintainers

I don’t foresee anyone with the kind of data needed to do more investigation releasing it to the public, so I doubt we’re going to be getting any satisfying answers to this. Microsoft may have an internal team combing through github logs, but if they find anything they’re unlikely to be sharing it with anyone but law enforcement agencies.

we know about the singapore VPN because they connected to IRC on libera chat with it. the only reason I can think people would believe they’re from hong kong is because of the pseudonym they used, but it’s not like that proves anything.

see link posted in another user’s reply: https://boehs.org/node/everything-i-know-about-the-xz-backdoor#irc

he was using a singapore VPN and had access to multiple sockpuppets. we know literally nothing else about them and anything you’ve heard to the contrary is baseless rumor.

leading theory is that it was a state-sponsored actor, but frankly even that much is speculation and which state is still way up in the air.

if you feel comfortable mucking about in your BIOS, disabling TPM will pretty much guarantee they don’t spring 11 on you. they are really dead set on that requirement for some reason.

It means they can’t make porn images of celebs or anime waifus, usually.