The Main Thing: Why we can't have nice things!

While benchmarking his system, Andres Freund, a developer at Microsoft, noticed an anomaly that unravelled into a scenario worthy of a cyber espionage thriller.
The core of this story focuses on XZ Utils, a seemingly innocuous open-source library for file compression and decompression in Linux environments.

It all started in early 2021 with complaints about the poor maintenance of the library being sent by multiple people to the single package maintainer. Then, coincidentally, a person using the alias 'Jia Tan' embarked on a long con by starting to contribute high-quality code patches. 'Jia Tan' integrated themselves into the community over a two-year period until they were given commit access by early 2023. That is when, Jia Tan introduced a backdoor that would allow remote code execution on any infected machine.

Following the insertion of the backdoor, there was a coordinated campaign to pressure all major Linux distributions to adopt the latest, impacted code. The patience, complexity, and coordination point to a state actor. It was only by chance that Freund stumbled upon this issue because it caused a delay in network requests. Hobby open-source maintainers have no chance of protecting their code against such a distributed and prolonged attack.

It has sparked a critical conversation about the reliance on open-source volunteers for maintaining pieces of critical infrastructure and the sophisticated lengths to which attackers will go to exploit these dependencies. The quality of software we have today is thanks to the unpaid work of thousands of people. It would be a shame if we lost the benefits and culture of open source due to a few bad actors. Fortunately, companies like Socket are actively working to identify vulnerabilities like this. I guess the cat-and-mouse, attack-and-defend way of working is here to stay.

This Weeks Updates

Enabling the Team

Bayer CEO: Corporate Bureaucracy Belongs In The 19th Century. Here's How We're Fighting It by Bill Anderson
Adverse jury decisions and a pipeline setback have sent Bayer's share price to a nearly 20-year low.

Creating a Culture of Ownership: Breaking Free from Hierarchy by Diederick Janse
A strong sense of ownership leads to greater responsibility, higher job satisfaction, increased commitment, and ultimately, better results.

Product Direction

The Product Model at Amazon by Marty Cagan
Many companies have influenced what we have come to refer to as the product operating model, but none more so than Amazon.

Long Backlogs and Unmeasurable Work by Ant Murphy
There are two common reasons why you see product backlogs become long and unmanageable: Lack of strategy and Working in a big way.

Continuous Discovery

Story-Based Customer Interviews Uncover Much-Needed Context by Teresa Torres
Customer interviews are one of the most impactful activities a product team can undertake. But only if we discover and use the right methods.

I Don’t Have Time for Product Discovery by Jim Morris
Teams stuck in planning loops should shift from trying to predict the future to focusing on discovery.

Continuous Design

Design Engineering by David Hoang
Software engineering, young but complex, blends creativity with problem-solving. Design engineers are now key, showing the field's evolving roles.

Why UX Designers Should Create Object Maps (and How To Start) by Alan Wilson
Object-oriented design enables designers to align products more closely with user behaviors and needs.

Continuous Delivery

Redis Tightens Its License Terms, Pleasing No One by Liam Proven
FOSS developers need to keep up, but users need security. The leading in-memory database vendor, Redis, is moving to an approach with more restrictive terms.

Everything I Know About The XZ Backdoor by Evan Boehs
Evan shares real-time updates and findings on suspicious 'XZ backdoors'.

THE UXDX MAJOR EVENTS

FREE COMMUNITY EVENTS 

Check out more upcoming community events 

Learn More about UXDX

New Video Released This Week

Explore accessible data visualization with Google's Kent Eisenhuth. Learn about inclusive design, best practices, and overcoming challenges to make data understandable for everyone. Gain insights from Google's approach to creating effective, universally accessible data graphics. 👇👇

Job of the Week

UX Quality Architect
🏬 Ford
📌 Dearborn, MI, USA

About Ford
Ford Motor Company, established in 1903 by Henry Ford, is an iconic American automaker known for pioneering mass production and the Model T car. Headquartered in Dearborn, Michigan, Ford produces a wide range of vehicles globally, including innovative electric models.

See role details here

The Results of Last Week’s Poll

The question was: What is your company's current approach to hiring?

This is quite encouraging. 59% of companies are hiring which means there are new opportunities out there.

But the fact that 16% of companies are still shrinking is a bit concerning. Hopefully, this will continue to trend in the right direction over the coming months.