Karl Voit  Sep 29, 2023

After basically the whole #Microsoft #Azure cloud was hacked (see list of related sources on https://karl-voit.at/cloud/ ), the first follow-up incidents went public caused by missing containment actions:

60,000 emails were stolen from 10 #USA #StateDepartment accounts
https://www.reuters.com/world/us/chinese-hackers-stole-60000-emails-us-state-department-microsoft-hack-senate-2023-09-27/

If you didn't understand until now: basically EVERYTHING at Microsoft got hacked and Microsoft can't (or won't) get rid of the intruders. Everything authenticated by Microsoft is tainted. Even #Windows auth.

You Can't Control Your Data in the Cloud

Show threadKarl Voit  Sep 29, 2023

Now that I have migrated some of my hosts to #NixOS, I do have a bad feeling because of #Microsoft and most probably GitHub being hacked.

As mentioned on https://www.karl-voit.at/2023/09/12/nix/ the deep #GitHub dependency turns out to be a real downer for this OS.

#security #integrity

I Started With Nix, NixOS, Home Manager and Flakes

I Started With Nix, NixOS, Home Manager and Flakes

public voit - Web-page of Karl Voit
Show threadAlexander Sosedkin Sep 29, 2023
@publicvoit

> For example, when GitHub would be out of business or the service is down for some other reason, NixOS would probably be dead. Its main repositories are on GitHub and there is no obvious fall-back concept to other repositories hosted on different services.

This is just plain false. Flakes and channels can point anywhere; the only thing that'd need special care to move is the registry repo that points to all the other repos.
Show threadIslandUsurper Sep 29, 2023

@monk @publicvoit I can understand why someone would say it, though. By default, the flakes registries and the previous channels both point to GitHub URLs. They don’t have to, but it’s not obvious that they could be different.

Two big things I would worry about if GitHub became unusable for any reason: 1) nixpkgs is friggen’ huge, in terms of size and activity, so picking a forge successor must be done carefully. 2) issues and PRs are hard to migrate.

Show threadIslandUsurper 

@monk @publicvoit none of these problems are actually specific to GitHub, I think. It’s just what Nix uses currently. Communicating the change when necessary takes the same amount of work regardless of the host. Maybe the issues/prs migration can be easier with better tooling elsewhere.

A disaster plan sounds like a good idea. I hope someone has one, but I haven’t heard of it.

Sep 29, 2023 at 3:04pmWeb