How I gained commit access to Homebrew in 30 minutes
If I were a malicious actor, I could have made a small, likely unnoticed change to the openssl formulae, placing a backdoor on any machine that installed it. If I can gain access to commit in 30 minutes, what could a nation state with dedicated resources achieve against a team of 17 volunteers? How many private company networks could be accessed? How many of these could be used to escalate to large scale data breaches? What other package management systems have similar weaknesses? This is my growing concern, and it’s been proven time and time again that package managers, and credential leaks, are a weak point in the security of the internet, and that supply chain attacks are a real and persistent threat. This is not a weakness in Homebrew, but rather a systemic problem in the industry, and one where we need more security research.
-
Galway-based refurb phone retailer, recommended by co-worker Ciaran where he picked up his Pixel
-
“rsync for cloud storage” – Google Drive, Amazon Drive, S3, Dropbox, Backblaze B2, One Drive, Swift, Hubic, Cloudfiles, Google Cloud Storage, Yandex Files
(tags: backup github sync cloud s3 storage rsync rclone google aws dropbox backblaze yandex onedrive)
People Think This Whole QAnon Conspiracy Theory Is A Prank On Trump Supporters
This, if true, is the most gloriously Discordian thing ever.
“Let us take for granted, for a while, that QAnon started as a prank in order to trigger right-wing weirdos and have a laugh at them. There’s no doubt it has long become something very different. At a certain level it still sounds like a prank. But who’s pulling it on whom?” they [Roberto Bui, Giovanni Cattabriga, and Federico Guglielmi] said.
(tags: q conspiracy politics trump qanon luther-blissett discordianism wu-ming funny crazy)