xz
github-explorer
xz | github-explorer | |
---|---|---|
25 | 13 | |
160 | 133 | |
- | 3.0% | |
9.7 | 4.3 | |
2 months ago | 4 months ago | |
C | HTML | |
GNU General Public License v3.0 or later | - |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
xz
-
XZ backdoor story – Initial analysis
Very funny. This one:
https://github.com/tukaani-project/xz/commits?author=thesame...
- Xz: Update maintainer and author info. The other maintainer suddenly disappeared
- Thanks Andres Freud
- The xz-utils backdoor has been removed
-
The xz sshd backdoor rabbithole goes quite a bit deeper
> The payload of the 'hack' contains fairly easy ways for the xz hackers to update the payload. They actually used it to remove a real issue where their hackery causes issues with valgrind that might lead to discovering it, and they also used it to release 5.6.1 which rewrites significant chunks;
The valgrind fix in 5.6.1 overwrites the same test files used in 5.6.0 instead of using the injection code's extension hooks. This is done with what should have been a highly suspicious commit: https://github.com/tukaani-project/xz/commit/6e636819e8f0703... - this replaces "random" test files with other "random" test files. The state reson is questionable to begin but not including the seed used when the the purpoted reason was to be able to re-create the files in the future is highly suspicous. This should have raised red flags bug no one was watching. I'd say this is another part of the operation that was much more sloppy than it needed to be.
-
Timeline of the xz open source attack
In https://archive.softwareheritage.org/browse/revision/e446ab7...
-
GitHub Disabled the Xz Repo
You're right, but maybe because there's nothing to see : https://github.com/tukaani-project/xz
- Xz Repository Censored by GitHub
- Backdoor in upstream xz/liblzma leading to SSH server compromise
- The Return of the Frame Pointers
github-explorer
-
Backdoor in upstream xz/liblzma leading to SSH server compromise
clickhouse has pretty good github_events dataset on their playground that folks can use to do some research - some info on the dataset https://ghe.clickhouse.tech/
Example of what user JiaT75 did so far:
https://play.clickhouse.com/play?user=play#U0VMRUNUICogRlJPT...
pull requests mentioning xz, 5.6 without downgrade, cve being mentioned in the last 60 days:
https://play.clickhouse.com/play?user=play#U0VMRUNUIGNyZWF0Z...
- Everything You Always Wanted to Know About GitHub (But Were Afraid to Ask)
-
Stargazers intersections for most popular GitHub projects in Venn diagrams
It shouldn’t be hard to implement: https://ghe.clickhouse.tech/#how-to-download-the-data
- GitHub Profile Achievements
-
Getting 10TB of GitHub Logs and Extracting Details of All Users and Repositories
The article leaves a bitter taste of unnecessary complexity. Data engineering should not be hard.
For example, you can load the GitHub Archive to ClickHouse, and it will be accessible with interactive real-time queries: https://ghe.clickhouse.tech/
See also https://til.simonwillison.net/clickhouse/github-explorer
-
Hundreds of millions of stars turned into a map of GitHub projects
I recommend checking https://ghe.clickhouse.tech/
It explains the full pipeline - how to download, collect, and analyze this sort of data.
- Everything you always wanted to know about GitHub (but were afraid to ask)
-
Cached Chrome Top Million Websites
Yes, it's continuously updated.
The source code is here: https://github.com/ClickHouse/github-explorer
This shell scripts updates it: https://github.com/ClickHouse/github-explorer/blob/main/upda...
What are some alternatives?
wasmtime - A fast and secure runtime for WebAssembly
map-of-github - Inspirational Mapping
libarchive - Multi-format archive and compression library
crux-top-lists - Downloadable snapshots of the Chrome Top Million Websites pulled from public CrUX data in Google BigQuery.
stencil-golang - Template repository for Golang applications
map-of-reddit - Interactive map of reddit
tukaani-project
github-profile-trophy - 🏆 Add dynamically generated GitHub Stat Trophies on your readme
Folly - An open-source C++ library developed and used at Facebook.
demo - A new issue is created in this repo every minute
freedesktop-sdk
hn-search - Hacker News Search