Links for 2018-08-09

  • How I gained commit access to Homebrew in 30 minutes

    If I were a malicious actor, I could have made a small, likely unnoticed change to the openssl formulae, placing a backdoor on any machine that installed it. If I can gain access to commit in 30 minutes, what could a nation state with dedicated resources achieve against a team of 17 volunteers? How many private company networks could be accessed? How many of these could be used to escalate to large scale data breaches? What other package management systems have similar weaknesses? This is my growing concern, and it’s been proven time and time again that package managers, and credential leaks, are a weak point in the security of the internet, and that supply chain attacks are a real and persistent threat. This is not a weakness in Homebrew, but rather a systemic problem in the industry, and one where we need more security research.

    (tags: homebrew github security jenkins credentials scary)

  • Fonez – Pre-owned Phones

    Galway-based refurb phone retailer, recommended by co-worker Ciaran where he picked up his Pixel

    (tags: phones ireland shopping mobile)

  • ncw/rclone

    “rsync for cloud storage” – Google Drive, Amazon Drive, S3, Dropbox, Backblaze B2, One Drive, Swift, Hubic, Cloudfiles, Google Cloud Storage, Yandex Files

    (tags: backup github sync cloud s3 storage rsync rclone google aws dropbox backblaze yandex onedrive)

  • People Think This Whole QAnon Conspiracy Theory Is A Prank On Trump Supporters

    This, if true, is the most gloriously Discordian thing ever.

    “Let us take for granted, for a while, that QAnon started as a prank in order to trigger right-wing weirdos and have a laugh at them. There’s no doubt it has long become something very different. At a certain level it still sounds like a prank. But who’s pulling it on whom?” they [Roberto Bui, Giovanni Cattabriga, and Federico Guglielmi] said.

    (tags: q conspiracy politics trump qanon luther-blissett discordianism wu-ming funny crazy)

This entry was posted in Uncategorized. Bookmark the permalink. Trackbacks are closed, but you can post a comment.

Post a Comment

Your email is never published nor shared. Required fields are marked *

You may use these HTML tags and attributes <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

*
*