Served in the Krogan uprisings. Now I run a podcast
Good for them
By chance or by design would be other examples. Your question prompted me to look into the origins of the phrase and it appears to come from Latin.
https://www.vocabulary.com/articles/pardon-the-expression/by-accident-vs-on-accident/
Horrific, my condolences to the family.
“On accident”… That doesn’t even make sense. You do something “by accident”.
I only use maps and youtube from google nowadays. The rest are shit
Kdeconnect works great too if you are using linux and android
I’m not sure but it is a good question and a good project if none already exists.
Looking at work history from employees of these companies on linkedin we might discover more.
I export my totp from freeotp+. I have it added to keepassxc and sync that with syncthing to multiple devices.
If I lose the phone I can just import the exports to a fresh app on another phone.
Another option is use waydroid and backup the VM
Running a middle relay for years with no issues.
Ive thought about using it for bank apps so I dont have hassle if I lose the phone or it gets robbed. Has anyone tried this ?
You are right, as you note this requires a set of skills that many don’t possess.
I have been looking for ways I can help going forward too where time permits. I was just thinking having a list of possible targets would be helpful as we could crowdsource the effort on gitlab or something.
I know the folks in the lists are up to their necks going through this and they will communicate to us in good time when the investigations have concluded.
I think going forward we need to look at packages with a single or few maintainers as target candidates. Especially if they are as widespread as this one was.
In addition I think security needs to be a higher priority too, no more patching fuzzers to allow that one program to compile. Fix the program.
I’d also love to see systems hardened by default.
I’m curious to know about the distro maintainers that were running bleeding edge with this exploit present. How do we know the bad actors didn’t compromise their systems in the interim ?
The potential of this would have been catastrophic had it made its way into the stable versions, they could have for example accessed the build server for tor or tails or signal and targeted the build processes . not to mention banks and governments and who knows what else… Scary.
I’m hoping things change and we start looking at improving processes in the whole chain. I’d be interested to see discussions in this area.
I think the fact they targeted this package means that other similar packages will be attacked. A good first step would be identifying those packages used by many projects and with one or very few devs even more so if it has root access. More Devs means chances of scrutiny so they would likely go for packages with one or few devs to improve the odds of success.
I also think there needs to be an audit of every package shipped in the distros. A huge undertaking , perhaps it can be crowdsourced and the big companies FAAGMN etc should heavily step up here and set up a fund for audits .
What do you think could be done to mitigate or prevent this in future ?
They can have him, I’m sick of seeing him show up in thumbnails on youtube.
more like don’t shoot you if your bank balance is over a certain threshold.
On a bullshit teams call right now. I’d call it not working a feature 😄
The internet archive library fiasco springs to mind.
This was a really interesting read , Thanks for sharing