David Baker acorncom

FAQ on the xz-utils backdoor (CVE-2024-3094)

This is a living document. Everything in this document is made in good faith of being accurate, but like I just said; we don't yet know everything about what's going on.

Background

On March 29th, 2024, a backdoor was discovered in xz-utils, a suite of software that

Currently, there is an explosion of tools that aim to manage secrets for automated, cloud native infrastructure management. Daniel Somerfield did some work classifying the various approaches, but (as far as I know) no one has made a recent effort to summarize the various tools.

This is an attempt to give a quick overview of what can be found out there. The list is alphabetical. There will be tools that are missing, and some of the facts might be wrong--I welcome your corrections. For the purpose, I can be reached via @maxvt on Twitter, or just leave me a comment here.

There is a companion feature matrix of various tools. Comments are welcome in the same manner.

This is how I configured the deploy of my rails apps to AWS Elastic Beanstalk through CircleCI 1.0.

If you are using the Circle CI 2.0, take a look at this article from ryansimms

Configure Environments Variables

On Project Settings > Environment Variables add this keys:

AWS_ACCESS_KEY_ID
AWS_SECRET_ACCESS_KEY
The aws user must have the right permissions. This can be hard, maybe, this can help you.

Converting libraries to Ember CLI addons

In this guide we will cover two main cases:

Ember specific library
vendor library

Ember library

The Ember library will assume that Ember has already ben loaded (higher in the loading order) and thus will assume it has access to the Ember API.

Data Down / Actions Up
- http://emberjs.jsbin.com/nayaho/edit?html,js - Interdependent select boxes. No observers.
- http://ember-twiddle.com/2d7246875098d0dbb4a4 - One Way Input
Plain JSBin's
- http://rwjblue.jsbin.com/pixeki/edit?html,js,output
Ember Version Base JSBin's
- 1.0 - http://emberjs.jsbin.com/juluje/edit?html,js,output
1.1 - http://emberjs.jsbin.com/cofufo/edit?html,js,output

	#!/usr/bin/env node

	import { chromium } from "playwright";
	import { readFileSync } from "node:fs";
	import { once } from "node:events";

	async function main() {
	const browser = await chromium.launch({ headless: false });
	try {
	const cookies = await readCookies("cookies.json");

	<!doctype html>
	<html>
	<head>
	<title>Glimmer Demo</title>
	</head>
	<body>
	<script src="./app.bundle.js"></script>
	<example-app />
	</body>
	</html>

	/*
	notifying the store that a record has been remotely deleted and should be fully removed.
	*/
	function pushDeletion(store, type, id) {
	let record = store.peekRecord(type, id);

	if (record !== null) {
	let relationships = {};
	let hasRelationships = false;

	ApplicationAdpater = DS.ActiveModelAdapter.extend
	synchronizer: Em.inject.service()
	ajax: (url, type, options) ->
	hash = @ajaxOptions(url, type, options)
	# set up hash.success & hash.error callbacks normally
	@get('synchronizer').handleRequest(hash)

	function cssLoaded(href) {
	var cssFound = false;

	for (var i = 0; i < document.styleSheets.length; i++) {
	sheet = document.styleSheets[i];
	if (sheet['href'].indexOf(href) >= 0 && sheet['cssRules'].length > 0) {
	cssFound = true;
	}
	};