Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Tue 23 Oct 2018, 16:19
All times are UTC - 4
 Forum index » Off-Topic Area » Security
Gentoo GIThub code compromised
Post new topic   Reply to topic View previous topic :: View next topic
Page 1 of 1 [9 Posts]  
Author Message
greengeek


Joined: 20 Jul 2010
Posts: 5242
Location: Republic of Novo Zelande

PostPosted: Fri 29 Jun 2018, 14:38    Post subject:  Gentoo GIThub code compromised  

https://nakedsecurity.sophos.com/2018/06/29/linux-distro-hacked-on-github-all-code-considered-compromised/

Quote:
[On] 28 June [2018] at approximately 20:20 UTC unknown individuals have gained control of the Github Gentoo organization, and modified the content of repositories as well as pages there. We are still working to determine the exact extent and to regain control of the organization and its repositories.

All Gentoo code hosted on github should for the moment be considered compromised.


Would be interesting to analyse what form those code alterations took and how they affected functionality.
Back to top
View user's profile Send private message 
s243a

Joined: 02 Sep 2014
Posts: 1228

PostPosted: Fri 29 Jun 2018, 14:51    Post subject:  

They can just revert to an older version of the branch though right?
Back to top
View user's profile Send private message 
greengeek


Joined: 20 Jul 2010
Posts: 5242
Location: Republic of Novo Zelande

PostPosted: Fri 29 Jun 2018, 15:01    Post subject:  

I guess that is what they will do. Roll back to a known good.

Presumably they will be able to see how many downloads there had been. Maybe none.

Kudos to the Gentoo admins for highlighting it immediately. They may not know the extent of the damage yet - or how easy it will be to rectify - but at least they made users aware right away.

Highlights the potential for github (or any other repository for that matter...) being compromised.
Back to top
View user's profile Send private message 
nosystemdthanks

Joined: 03 May 2018
Posts: 333

PostPosted: Fri 29 Jun 2018, 18:54    Post subject:  

greengeek wrote:
Highlights the potential for github (or any other repository for that matter...) being compromised.


yeah, i dont think that microsoft would ever use their ownership of github to change the code i hosted there, but given that one of the reasons i wrote the code was to give people another alternative to microsofts full-write-access to their windows machines, im not going to let them gain and keep that ability on my repos.

its deeply ironic that microsoft has full access to so much code now. for example, i use void as a base... i dont download void from github i use their website; though guess where void hosts their code? i dont think that microsoft would abuse their ownership on that particular level... but im not thrilled that theyre in charge of githubs security, either.

they could give people 2 years to migrate to codepen or something, or move to azure servers, or change the terms of service to the point where it interfered with things they dont want there. they can now do all of that and more.

_________________
the end of the distro war, and the distro https://ptpb.pw/OnBT
Back to top
View user's profile Send private message Visit poster's website 
greengeek


Joined: 20 Jul 2010
Posts: 5242
Location: Republic of Novo Zelande

PostPosted: Fri 29 Jun 2018, 19:09    Post subject:  

nosystemdthanks wrote:
... or move to azure servers.....
I don't know much about their azure servers but I recently heard something out of the corner of my ear (or read it on a blog somewhere more likely...) that implied that data uploaded to Azure was being used to train AI systems.

I have no idea if that's true, or even how such data could be interfaced with AI but the tone of the comment was that AI was being used to model companies for security purposes and also to give competitive advantage to selected customers.

My ears pricked up because it sounded similar to what Google has been doing the last 5-10 years with creating artificial search results to shape the user experience - and I also heard that AI is now being used to achieve that too, in preference to the older manual methods.

I think it is becoming harder to establish accurate measures of "reality".
Back to top
View user's profile Send private message 
nosystemdthanks

Joined: 03 May 2018
Posts: 333

PostPosted: Fri 29 Jun 2018, 19:23    Post subject:  

greengeek wrote:
I think it is becoming harder to establish accurate measures of "reality".


reality is difficult to define-- we tend to think of (and probably should for the most part think of) reality as being an objective thing.

we are very subjective creatures-- if everyone could recite every single book on objectivity ever written, they would still be constantly affected by biases and prejudices and preferences. which im certain isnt always a bad thing, but it can be very inconvenient.

the goal of marketing is to create customers for products, using the general population as a base. there are reliable methods for doing so, and these methods are used by marketers, p.r. firms, politicians, and governments. not to mention the tech industry, who take it to new places.

on the one hand, people are as a rule, largely incapable of being realistic. we are hostages of crisis-oriented thinking, due to the fact that we are wired to treat a crisis as more important than anything else (probably a good thing, but its the reason that drama/crisis feels "more real" than happiness.)

then you have a society whose mission is to manipulate the psychology (again, in terms of marketing) of the population to create a hybrid human/consumer species, at least culturally.

its still easier to profit from destruction than building (and even if you build, building is more profitable if you make room for it-- so more destruction) and this makes consumers a very dangerous (if culturally engineered) breed.

reality is the thing where you can step back and watch all of this for what it is. but its sort of meaningless and theoretical until you can get in and try things and do things-- at which point its all subjective again.

good luck, humanity!

_________________
the end of the distro war, and the distro https://ptpb.pw/OnBT
Back to top
View user's profile Send private message Visit poster's website 
8Geee


Joined: 12 May 2008
Posts: 1700
Location: N.E. USA

PostPosted: Fri 29 Jun 2018, 23:48    Post subject:  

I have come to the conclusion about 6 years ago, during the 2012 elections, that the internet has become an addictive mind-altering drug. It started with click-bait... just one little click and you're hooked.

MHO
8Geee

_________________
Linux user #498913

Some people need to reimagine their thinking.
Back to top
View user's profile Send private message 
s243a

Joined: 02 Sep 2014
Posts: 1228

PostPosted: Sat 30 Jun 2018, 12:19    Post subject:  

8Geee wrote:
I have come to the conclusion about 6 years ago, during the 2012 elections, that the internet has become an addictive mind-altering drug. It started with click-bait... just one little click and you're hooked.

MHO
8Geee


It was mind altering before the internet though. For example think about your perception of foreign countries that we get from the media vs the reality of either visiting the county or talking to someone from the area. Our narratives take much longer to change than reality.
Back to top
View user's profile Send private message 
scsijon

Joined: 23 May 2007
Posts: 1362
Location: the australian mallee

PostPosted: Thu 12 Jul 2018, 19:19    Post subject:  

sorry wrong thread
Back to top
View user's profile Send private message Visit poster's website 
Display posts from previous:   Sort by:   
Page 1 of 1 [9 Posts]  
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » Off-Topic Area » Security
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.0995s ][ Queries: 12 (0.0319s) ][ GZIP on ]