I'm not a git expert, but how was the attacker able to push the stability branch directly to the Amazon owned repo? The PR would have been to merge the modified branch to main right?
Joseph's 404 article quotes the hacker as saying they "got admin privileges on a silver platter," so I think this is it: first part of the breach was gaining the GitHub permission to create a branch. Possibly just by asking.
Is anyone familiar with the matter able to comment on the use of Torq-set fasteners? Are they a standard for these sort of use cases? They seem to be used frequently in Aerospace? I tend to use Torx whenever possible, are these better? Or should they have used something else to avoid such issues?
It's a fastener used mostly in the military, developed by Phillips purely to get the military using its proprietary/patented design to extract as much tax dollars as possible. It is widely reviled by aviation mechanics because it strips at the drop of a hat and is difficult to torque.
It is only in use because "it's what we have billions of dollars sunk into existing tools and fastener stock" despite it being wildly inferior to torx, as demonstrated by the fact that NASA needed to make a gigantic fucking C-clamp to keep it from camming out.
Consider that the entire point of the Phillips head (which the torq-set is just a different pattern of) is purposefully designed to cam out to limit torque so that someone can't guerilla it so tight the head snaps off. Which is not an issue in aerospace where everything is assembled with calibrated, precision drivers.
Using it on a "we critically need to be able to get this apart later" part is beyond asinine on NASA's part.
NASA are a bunch of dinosaurs incapable of change. It's really cringe seeing them toot their horns so much about solving a problem that never would have occurred if they weren't using a fastener that even a fresh-out-of-school aircraft mechanic could have told them wasn't appropriate for this application.
NASA got what they deserve. The could just ask every single aircraft mechanic about this one. Especially bloody torq-set. With budget they had. They could machine any head the wanted, and yet they've chosen stupidest one out there.
I first learned about torx when I was a kid as Commodore used torx screws on the Amiga 500. One time I wired up a pseudo SRAM from Active Electronics on a breadboard by putting an interposer in the CPU socket to pull out the signals I needed. Put it in an unused part of the address space and added it to the memory pool. Oh, the fun that hackable hardware was in the 1980s!
I remember my first professional job in 2008 and noticing the lifts in the building had ashtrays in them. I couldn't fathom smoking in such a confined space with others!
I suspect smoking was banned in the lifts but, much like the ashtrays that still exist in airplane bathrooms, it is better that one exists for rule breakers than a fire is started because someone decides to drop the butt on the carpet and stamp it out.
My sister-in-law swam the channel a few weeks ago, under the supervision of a pilot from the linked association. A direct point to point swim is around 33km. Due to the tides and the timing of her swim it was a 58km crossing. Incredible!
I feel folks overcomplicate this. At least for the the HN crowd, it is totally possible to eat mostly non-processed, fresh food, don't drink too much booze, and get an average of 30 minutes of incidental exercise a day. Those three things and you are head of 90% of people.
I'm using an Acer laptop that must be 15 years old for pfsense, never misses a beat, built in UPS! I've got a second laptop, a MacBook air from 2012 running a bunch of containers for Plex, hassio, etc. Works fine. I've got it all in a 19" rack I built out of wood. World's cheapest homelab. Haven't changed it in years.
funny that i have been trying to get my solar inverter data into homeassistant and i have already burned through 3 Raspberry pi 3b+ for some reason. i do not know is it because of a bad rs-232 to usb cable or because i am using a mobile charger to run the pi itself. i have a 2b but the wifi signal isnt great on the usb dongle so for the time being nothing is working. i do not want to use a full desktop/laptop because of power considerations
People should really stop using SD cards for anything halfway important with Pi's. They are proven again and again to be just ticking time bombs. With new Pi being able to boot from USB just fine, get an SSD even if it costs more.
Not just startups[1]. AWS, among others I'm sure, have at least attempted to turn this man's intuition into a little yellow box and an algorithm. Scaling to many thousands of machines at once, instead of just the ones he happens to touch.
