Michael G

The best thing about making a mouthwatering cheesecake is the fact that it ain’t no rocket science, and Brad wants everyone to know that.

Watch as Brad walks viewers through an unbelievably easy way to make a cheesecake.

“The key for cheesecakes is to go low and slow in the oven,” he told WooGlobe. “Also, make sure your ingredients are room temp, they will incorporate easier. Once it’s done baking, turn the oven off and let it sit in there with the door closed until cool, about one hour. You can crack the door but you risk cracking your cheesecake!”

Goes to show that there’s always a more creative (and easy) way of doing most things!
Location: Chesapeake, United States

WooGlobe Ref : WGA417218
For licensing and to use this video, please email licensing@wooglobe.com

ꜰᴏʟʟᴏᴡ ᴍʏ ꜱᴏᴄɪᴀʟ ᴍᴇᴅɪᴀ
Instagram : https://www.instagram.com/tutusthomson
Tiktok : https://www.tiktok.com/@tutusthomson
Twitter : https://twitter.com/TutusThomson
Wordpress : https://tutusthomson.wordpress.com
Facebook : https://www.facebook.com/TutusThomson

As of April 5, Drupal 7 will have nine months before it’s entirely unsupported and becomes a liability. Migrating out of Drupal 7 can be complicated, and this is one reason many organizations have put it off for so long. While it’s true that Drupal 8 and beyond represent a radical change from Drupal 7, in everything from architecture (the introduction of Symfony components) to theming (Twig versus PHP), the path from Drupal 7 to now Drupal 10 is well trodden, and we’re very familiar with it at Chapter Three.

Because Drupal 7 has been around for well over a decade, many websites built on it have accumulated vast amounts of content, resulting in complex data structures with custom content types, fields, taxonomies, and entity relationships. Inconsistencies or irregularities in legacy data complicate the migration process.

From: “Arch Linux: Recent news updates: David Runge” arch-announce@lists.archlinux.org

TL;DR: Upgrade your systems and container images now!

As many of you may have already read 1, the upstream release tarballs for xz in version 5.6.0 and 5.6.1 contain malicious code which adds a backdoor.

This vulnerability is tracked in the Arch Linux security tracker 2.

The xz packages prior to version 5.6.1-2 (specifically 5.6.0-1 and 5.6.1-1) contain this backdoor.

We strongly advise against using affected release artifacts and instead downloading what is currently available as latest version!

Upgrading the system

It is strongly advised to do a full system upgrade right away if your system currently has xz version 5.6.0-1 or 5.6.1-1 installed:

pacman -Syu

Regarding sshd authentication bypass/code execution

From the upstream report 1:

> openssh does not directly use liblzma. However debian and several other
distributions patch openssh to support systemd notification, and libsystemd
does depend on lzma.

Arch does not directly link openssh to liblzma, and thus this attack vector is not possible. You can confirm this by issuing the following command:

ldd "$(command -v sshd)"

However, out of an abundance of caution, we advise users to remove the malicious code from their system by upgrading either way. This is because other yet-to-be discovered methods to exploit the backdoor could exist.

URL: https://archlinux.org/news/the-xz-package-has-been-backdoored/

After observing a few odd symptoms around liblzma (part of the xz package) on Debian sid installations over the last weeks (logins with ssh taking a lot of CPU, valgrind errors) I figured out the answer: The upstream xz repository and the xz tarballs have been backdoored. At first I thought this was a compromise of debian’s package, but it turns out to be upstream. ↫ Andres Freund I don’t normally report on security issues, but this is a big one not just because of the severity of the issue itself, but also because of its origins: it was created by and added to upstream xz/liblzma by a regular contributor of said project, and makes it possibly to bypass SSH encryption. It was discovered more or less by accident by Andres Freund. I have not yet analyzed precisely what is being checked for in the injected code, to allow unauthorized access. Since this is running in a pre-authentication context, it seems likely to allow some form of access or other form of remote code execution. ↫ Andres Freund The exploit was only added to the release tarballs, and not present when taking the code off GitHub manually. Luckily for all of us, the exploit has only made it way to the most bloodiest of bleeding edge distributions, such as Fedora Rawhide 41 and Debian testing, unstable and experimental, and as such has not been widely spread just yet. Nobody seems to know quite yet what the ultimate intent of the exploit seems to be. Of note: the person who added the compromising code was recently added as a Linux kernel maintainer.