Half a Second – a book about the XZ backdoor
15 hours ago
- In March 2024, a Microsoft engineer discovered a hidden backdoor in XZ Utils, a widely used Linux compression tool, after noticing a half-second delay in login.
- The backdoor was inserted over two years through manipulation of a burned-out, solo volunteer maintainer, highlighting vulnerabilities in open-source infrastructure.
- The incident reveals a structural imbalance: critical but unglamorous software components often rely on unpaid, overstretched volunteers, while major parts receive corporate funding.
- The book 'Half a Second' is narrative nonfiction for general readers, explaining technical aspects in plain language, and is available in free web, PDF, and EPUB formats.