Parade du Grotesque 💀May 13, 2022

It's sad, really, that Windows is such a dumpster fire that people think antivirus software really is mandatory.

Change to an open source OS and antivirus becomes a quaint little tradition, something you indulge in because, yeah, there is that poor guy over there who has to use Windows because his application only runs on that. So we have to scan the files he sent.

And then, there is the corporate world, where everyone thinks Windows is the only real OS.

Show threadNetBSD Foundation 🚩May 13, 2022
@ParadeGrotesque In the 2000s I'd say that this was true, but developers have decided that system package managers are frowned upon, so these days you get disasters like this: https://blog.rust-lang.org/2022/05/10/malicious-crate-rustdecimal.html
Security advisory: malicious crate rustdecimal | Rust Blog

Empowering everyone to build reliable and efficient software.

Show threadParade du Grotesque 💀May 13, 2022

@netbsd

Oh dear.

Show threadYop Solo
@ParadeGrotesque @netbsd
Other kind of disaster: sabotaged packages.
Example: https://www.bleepingcomputer.com/news/security/big-sabotage-famous-npm-package-deletes-files-to-protest-ukraine-war/amp/
BIG sabotage: Famous npm package deletes files to protest Ukraine war

This week, the developer of the popular npm package 'node-ipc' released sabotaged versions of the library in protest of the ongoing Russo-Ukrainian War. The 'node-ipc' package, which gets downloaded over a million times weekly, began deleting files on developer's machines, in addition to creating new text files with "peace" messages.

BleepingComputer
May 17, 2022 at 11:45amWeb