Create accountLogin

Recent searches

No recent searches

Search options

Only available when logged in.
hachyderm.io is one of the many independent Mastodon servers you can use to participate in the fediverse.
Hachyderm is a safe space, LGBTQIA+ and BLM, primarily comprised of tech industry professionals world wide. Note that many non-user account types have restrictions - please see our About page.

Administered by:

Server stats:

9.7K
active users

hachyderm.io: AboutStatusProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.3.5

Public
John Goerzen

I am getting tired of reading about the #xz #security issue as if it is all about issues within #opensource. It is much bigger than that, and those takes conflate the problem with the solution.

So I wrote "The xz issue isn't about Open Source" here: changelog.complete.org/archive

Brian Campbell

@jgoerzen It's amazing how extensive the Microsoft/SolarWinds/VMWare attack was (note that this was a multi-vendor supply chain attack): en.wikipedia.org/wiki/2020_Uni

Also, absolutely absurd that SolarWinds tried to blame this on things like an 'intern [...] using an insecure password ("solarwinds123") on their update server'; how was an intern ever allowed to do such a thing, an intern should be getting proper guidance and security review, not solely responsible for setting up an update server.

en.wikipedia.org2020 United States federal government data breach - Wikipedia
Apr 05, 2024, 05:00 PM·Public·Web
0boosts·1favorite
Public
John Goerzen

@unlambda Yeah, the facepalm emoji doesn't even start to cover that one.

ExploreLive feeds
About