How the xz backdoor highlights a major flaw in Nix
Background On Friday, March 29th, 2024, a historical and sophisticated security vulnerability (CVE-2024-3094) was discovered in the XZ Utils package and liblzma api in version 5.6.0 and 5.6.1. While this vulnerability mostly affects Debian and RedHat distributions, there was some interesting discussion regarding xz and Nix. How did this affect Nix and NixOS? The truth is not a whole lot in reality. I saw conflicting reports, but supposedly, the tarballs of xz that Nix downloads were not infected....
Why I love auto-cpufreq
Background Back when I first started daily-driving Linux, I was on an Arch based distro. After noticing the sub-par battery life, I started to look around and found this Arch wiki page about different CPU scaling softwares. All of the other ones sounded too complicated but auto-cpufreq stuck out as being simplistic and exactly what I was looking for. Other tools such as TLP were just offering more than what I needed....