Gentoo GIThub code compromised

[greengeek]

https://nakedsecurity.sophos.com/2018/0 ... mpromised/

[On] 28 June [2018] at approximately 20:20 UTC unknown individuals have gained control of the Github Gentoo organization, and modified the content of repositories as well as pages there. We are still working to determine the exact extent and to regain control of the organization and its repositories.

All Gentoo code hosted on github should for the moment be considered compromised.

Would be interesting to analyse what form those code alterations took and how they affected functionality.

[s243a]

They can just revert to an older version of the branch though right?

[greengeek]

I guess that is what they will do. Roll back to a known good.

Presumably they will be able to see how many downloads there had been. Maybe none.

Kudos to the Gentoo admins for highlighting it immediately. They may not know the extent of the damage yet - or how easy it will be to rectify - but at least they made users aware right away.

Highlights the potential for github (or any other repository for that matter...) being compromised.

[nosystemdthanks]

Highlights the potential for github (or any other repository for that matter...) being compromised.

yeah, i dont think that microsoft would ever use their ownership of github to change the code i hosted there, but given that one of the reasons i wrote the code was to give people another alternative to microsofts full-write-access to their windows machines, im not going to let them gain and keep that ability on my repos.

its deeply ironic that microsoft has full access to so much code now. for example, i use void as a base... i dont download void from github i use their website; though guess where void hosts their code? i dont think that microsoft would abuse their ownership on that particular level... but im not thrilled that theyre in charge of githubs security, either.

they could give people 2 years to migrate to codepen or something, or move to azure servers, or change the terms of service to the point where it interfered with things they dont want there. they can now do all of that and more.

[greengeek]

... or move to azure servers.....

I don't know much about their azure servers but I recently heard something out of the corner of my ear (or read it on a blog somewhere more likely...) that implied that data uploaded to Azure was being used to train AI systems.

I have no idea if that's true, or even how such data could be interfaced with AI but the tone of the comment was that AI was being used to model companies for security purposes and also to give competitive advantage to selected customers.

My ears pricked up because it sounded similar to what Google has been doing the last 5-10 years with creating artificial search results to shape the user experience - and I also heard that AI is now being used to achieve that too, in preference to the older manual methods.

I think it is becoming harder to establish accurate measures of "reality".

[nosystemdthanks]

I think it is becoming harder to establish accurate measures of "reality".

reality is difficult to define-- we tend to think of (and probably should for the most part think of) reality as being an objective thing.

we are very subjective creatures-- if everyone could recite every single book on objectivity ever written, they would still be constantly affected by biases and prejudices and preferences. which im certain isnt always a bad thing, but it can be very inconvenient.

the goal of marketing is to create customers for products, using the general population as a base. there are reliable methods for doing so, and these methods are used by marketers, p.r. firms, politicians, and governments. not to mention the tech industry, who take it to new places.

on the one hand, people are as a rule, largely incapable of being realistic. we are hostages of crisis-oriented thinking, due to the fact that we are wired to treat a crisis as more important than anything else (probably a good thing, but its the reason that drama/crisis feels "more real" than happiness.)

then you have a society whose mission is to manipulate the psychology (again, in terms of marketing) of the population to create a hybrid human/consumer species, at least culturally.

its still easier to profit from destruction than building (and even if you build, building is more profitable if you make room for it-- so more destruction) and this makes consumers a very dangerous (if culturally engineered) breed.

reality is the thing where you can step back and watch all of this for what it is. but its sort of meaningless and theoretical until you can get in and try things and do things-- at which point its all subjective again.

good luck, humanity!

[8Geee]

I have come to the conclusion about 6 years ago, during the 2012 elections, that the internet has become an addictive mind-altering drug. It started with click-bait... just one little click and you're hooked.

MHO
8Geee

[s243a]

I have come to the conclusion about 6 years ago, during the 2012 elections, that the internet has become an addictive mind-altering drug. It started with click-bait... just one little click and you're hooked.

MHO
8Geee

It was mind altering before the internet though. For example think about your perception of foreign countries that we get from the media vs the reality of either visiting the county or talking to someone from the area. Our narratives take much longer to change than reality.

[scsijon]

sorry wrong thread