HeadlinesBriefing favicon HeadlinesBriefing.com

Half a Second: XZ Backdoor Book

Hacker News •
×

On March 29, 2024, a Microsoft engineer running a routine benchmark noticed logging into a test machine took half a second longer than expected. Instead of dismissing it as noise, he investigated and discovered a backdoor in XZ Utils, a small compression tool present on nearly every Linux system worldwide, including servers carrying much of the internet's traffic. Someone had spent two years planting it.

Half a Second tells this story as continuous narrative: the burned-out volunteer maintainer manipulated into giving up control; the engineer whose curiosity caught the attack through luck and instinct; and the unidentified operator who built it. The catch is where the book begins, not what it's about.

Underneath lies a structural fact: while large companies fund visible infrastructure like the Linux kernel, small unglamorous pieces everything depends on—like XZ Utils, maintained for years by a single exhausted person—are left to unpaid, overstretched volunteers. The incident briefly revealed this imbalance.

Written by Adrian Mastronardi (2026), this interpretive narrative nonfiction assumes no technical background, explaining everything in plain language. The web edition is free under CC BY-NC-ND 4.0, with PDF and EPUB downloads available.