this post was submitted on 06 May 2024
74 points (98.7% liked)

Open Source

31018 readers
1065 users here now

All about open source! Feel free to ask questions, and share news, and interesting stuff!

Useful Links

Rules

Related Communities

Community icon from opensource.org, but we are not affiliated with them.

founded 5 years ago
MODERATORS
top 3 comments
sorted by: hot top controversial new old
[–] [email protected] 4 points 6 months ago

If only we could do something to prevent that sort of thing… like making foss development an actual source of income for example!

[–] [email protected] 2 points 6 months ago

We need a security competition. Pick the winners and standardize them and solidify their versions a little once verified. Rerun every 2yrs

[–] [email protected] 1 points 6 months ago

Github-associated emails

I hope this gets taken seriously by CISA and they are ntact Microsoft and the email providers to see what sort of information can be found out about these "individuals". I'm usually against tracking but in this case, it can help us understand more about the malicious actors, like, are their IPs coming from a certain state, or are they all isong a VPN, and if so, which one? And then, if applicable, getting in touch with the VPN provider and getting as much data as possible.

How about using that data to aid in investigations (as it jas beem done mamy times before)? I mean, imagine this turns out to be a state actor! We need to know what's happening. We need to know if these are connected. And this information can help predict their next move.

To quote Gandalf from the LOTR films (not sure if that quote is in the books):

"Send word to all our allies... The enemy's moving against us. We need to know where he will strike".

Also, first they tried to strike Linux systems, then they tried to strike the Web. What's next? If anyone has any ideas, feel free to share them here, as we can get an idea of what projects need to be more vigilant.