XZ Gon' Give It To Ya

Last Friday the internet was rocked with the discovery of an exploit in xz-utils that was not only well-put-together technically, but also an example of extremely effective long game social engineering. I could share my opinions, but the takes I’ve seen have actually been fairly nuanced and thoughtful, if (justifiably!) pessimistic, from people with more experience and more familiarity than I have.

So instead I made this.

I wasn’t up to performing this one, but this is still in the series I started many years ago of “computer security exploit song parodies”.

Spectre, via Hogwarts

I know Meltdown and Spectre are old news by now, but here’s yet another analogy to explain how the “speculative execution” optimization leaks supposedly secure information. It involves Harry Potter.

"UseRoaming no"

Hey, it’s been almost a year since we’ve had a computer security issue bad enough that I have to sing a song about it! This time around the bug only affects “computer people” who use “ssh”, “scp”, or “private keys”. But for those of us who do…oh gosh.