pull down to refresh

The backdoor attempt was a very serious one, with a very high bar of knowledge, research, development and tradecraft to reach this far into the Linux ecosystem. Additionally, changes made by the threat actor on Github span multiple years. The backdoor itself is super well put together, and even includes the ability to remotely deactivate and remove the backdoor via a kill command.
We should stop using open source and only buy American vendor products! Yeah, good luck with that.
There are no easy fixes.. we should just try to reduce the risk and calmly work some solutions.
Great write-up! & call to buidl. Things are definitely heating up.
Processing less user data & using fewer 3rd party dependencies needs to be a part of any software roadmap this next 2 years. Something I mentioned in The Privacy Pivot here on SN. In this case a lucky break and not much that could be done, but more vulnerabilities are around the corner no doubt.
It’s already a full time job to report on them it feels like.
"We should also acknowledge that open source developers are largely unpaid"
Let them use LN and they will be paid. I would send some sats for such backdoor discovery above, and imagine whole world too...
reply
Good model :)
reply
deleted by author
reply
because of much lower entry barrier for tipping like for example 500 sats
reply
deleted by author
reply
All you are doing is signaling that open source work is only worth fractions of a penny
lol, and now multiply 500sats by number of users of SSH, or even only a generous part of them
reply
using fewer 3rd party dependencies
Looking at the JS community :S ... just don't run JavaScript.
It's going to be a wild ride from now on... and as always... it's not just "software", we are on top of magma in the "hardware" realm...
reply