Paul J StevensMay 11
Tim Bray πŸ‡¨πŸ‡¦

RE: https://cosocial.ca/@mhoye/116553395984214488

β€œSummary:

A compromised dependency in the JavaScript ecosystem led to credential theft, which enabled a supply chain attack on a Rust compression library, which was vendored into a Python build tool, which shipped malware to approximately 4 million developers before being inadvertently patched by an unrelated cryptocurrency mining worm.”

May 11 at 4:59amWeb
Show threadTodd KnarrMay 11
@timbray The betting pool is now open on when something like this will really happen.
Show threadBenjaminMay 11
@timbray I knew this was satire, because there's the tag at the top, but after reading through all of it, I had to check again.
Show threadDitolMay 11
@blindcoder
I haven't clicked at the link yet. Thank god it's satire. Couldn't tell it from the quote.
@timbray
Show thread πšœπšŽπš•πšŽπšŠ May 11

@timbray

"A dog named Kubernetes ate a YubiKey."

Show threadπ–‘π–”π–†π–™π–π–˜π–”π–’π–ŠπŸ”»π–‰π–”π–“π–Œπ–Šπ–†π–™π–Šπ–—May 11
@selea @timbray can someone please explain this joke? I know nothing about kubernetes except that it does something like container orchestration. So this joke and the bit about "something Kubernetes threw up that looked important" flew over my head.
Show threadSkyrMay 11
@timbray I don't know what made me laugh more: The satiric CVE or the obviously automatically AI-generated renarration on some vendor's blog 🀣🀣🀣
https://sesamedisk.com/cve-2024-yikes-supply-chain-attack/
CVE-2024-YIKES: A Supply Chain Attack Exposed and How to Prevent It

Learn about the CVE-2024-YIKES supply chain attack, its analysis, root causes, and strategies to prevent similar cybersecurity incidents in software ecosystems.

Sesame Disk
Show threadStryder NotaviMay 11
@skyr @timbray We are dangerously close to a world where an Onion article could trigger a bunch of Open Claw agents to sell stocks and move the stock market
Show threadSkyrMay 11
@StryderNotavi I strongly assume this would work as of today
Show threaddanMay 11
@timbray @mhoye @andrewnez I am ashamed to say it took many many paragraphs for it to click that this was satire. Even the lottery winning maintainer didn't push it over the edge of credulity. Also I don't know how quote reply notifications work here so I'm cc'ing the world.
Show threadRachael LMay 11
@dan @timbray @mhoye @andrewnez same. missed the satire tag (low contrast and I scrolled down fast) plus actual site urls not super readable on mobile). So much was believable but odd details kept being added that seemed unlikely for a CVE. Fortunately for the next CVE writer the LLMs will get trained on this soon!
Show threadRachael LMay 11
@dan @timbray hahahaha. https://mastodon.social/@andrewnez/116555656889273884
Show threadRatsnakeMay 11
@timbray he hasn't heard of the Karen build server? smh.
Show threadGraham KMay 11
@timbray This is wild. And way too plausible. I didn’t begin to suspect satire until I read the responses. πŸ€·β€β™‚οΈ
Show threadeuroplus May 11
@timbray @davidgerard @mhoye man, the sting in *that* tail, eh? πŸ˜΅β€πŸ’«
Show threadAnarchic Teapot ⚧️May 11
@timbray Pure brilliance.
Show threadNino van der MarkMay 12

@timbray I didn't realize this was satire until reading the rest of the comments here.

I fully expect something like this to happen any day now, it's the times we live in.

That said, it gave me a good chuckle at our collective expense, so there's that.