From 3c9f3f962aa40c57d5336a473787cb0d62f9a188 Mon Sep 17 00:00:00 2001
From: inference <admin@inferencium.net>
Date: Mon, 1 Apr 2024 17:13:24 +0000
Subject: [PATCH] Update webpage "News" from version "1.0.1-beta.1" to
 "1.1.0-beta.1"

---
 news.xhtml | 44 +++++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 43 insertions(+), 1 deletion(-)

diff --git a/news.xhtml b/news.xhtml
index 51c925d..2a79f1c 100644
--- a/news.xhtml
+++ b/news.xhtml
@@ -1,7 +1,7 @@
 <!DOCTYPE html>
 
 <!-- Inferencium - Website - News -->
-<!-- Version: 1.0.1-beta.1 -->
+<!-- Version: 1.1.0-beta.1 -->
 
 <!-- Copyright 2024 Jake Winters -->
 <!-- SPDX-License-Identifier: BSD-3-Clause -->
@@ -34,12 +34,54 @@
 			<nav id="toc">
 				<h2><a href="#toc">Table of Contents</a></h2>
 					<ul>
+						<li><a href="#2024-04-01">2024-04-01</a></li>
+							<ul>
+								<li><a href="#key-ssh-update-20240401">SSH Key Update</a></li>
+							</ul>
 						<li><a href="#2024-02-01">2024-02-01</a></li>
 							<ul>
 								<li><a href="#mirror-codeberg">Source Code Mirror - Codeberg</a></li>
 							</ul>
 					</ul>
 			</nav>
+			<section id="2024-04-01">
+				<h2><a href="#2024-04-01">2024-04-01</a></h2>
+					<article id="key-ssh-update-20240401">
+						<h3><a href="#key-ssh-update-20240401">SSH Key Update</a></h3>
+							<p>On 2024-03-29, a backdoor was discovered in the
+							<a href="https://git.tukaani.org/?p=xz.git">xz-utils</a>
+							software. Inferencium systems <strong><em>did</em></strong> have the affected versions of
+							this software installed, and the tools were used. The software has since been downgraded to
+							the last-known safe version.</p>
+							<p>After extensive research, it
+							<a href="https://gist.github.com/thesamesam/223949d5a074ebc3dce9ee78baad9e27">has been discovered</a>
+							that specific criteria must be met for the backdoor to be effective. Based on
+							<strong><em>what is known</em></strong>, Inferencium systems are unaffected by this attack
+							for the following reasons:</p>
+								<ul>
+									<li>Inferencium systems run Gentoo Linux, which does not include Debian and Red Hat
+									OpenSSH patches.</li>
+									<li>Inferencium systems use musl libc, not glibc. As musl does not support glibc's
+									non-standard <code>IFUNC</code> functionality, the backdoor cannot run.</li>
+									<li>Inferencium systems use Clang as the system compiler, and lld as the system
+									linker, not GCC and ld.</li>
+									<li>Inferencium systems use OpenRC as the init system, not systemd. libsystemd and
+									systemd-notify do not work with OpenRC.</li>
+								</ul>
+							<p>The <em>only</em> criteria met by Inferencium systems is amd64 as the system
+							architecture; this is not enough for the backdoor to be effective. Even if all criteria
+							other than running glibc were met, Inferencium systems would still be unaffected by this
+							attack due to musl not supporting the required <code>IFUNC</code> functionality.</p>
+							<p><strong>Despite the evidence, it is unknown exactly what this malicious code does and is
+							capable of in entirety. As a precautionary measure, I have generated a new SSH key and
+							classifed the previous key as compromised. You can find my new key on the
+							<a href="key.xhtml#ssh-current-2">Key webpage</a>.</strong></p>
+							<p>There is no evidence that my previous key was compromised, so this is entirely a
+							precautionary measure. All files and Git commits, tags, and releases signed with the
+							previous key, even after discovery of the backdoor, up to 2024-04-01, are secure and validly
+							signed by me; the key should not be trusted after this date.</p>
+					</article>
+			</section>
 			<section id="2024-02-01">
 				<h2><a href="#2024-02-01">2024-02-01</a></h2>
 					<article id="mirror-codeberg">