Backdoor discovered in Ruby "strong password" library, takes your "strong passwords" and uploads them into a pastebin nakedsecurity.sophos.com/2019/

Hi, do you believe me when I say we need ocap security yet

@cwebber To be fair, blindly pulling in software that isn't audited or even curated is dumb no matter what.

Follow

@freakazoid
We've created a situation where this is a necessity, so a little responsibility and empathy is in order. The principle that "many eyes make bugs shallow" doesn't apply to the threat model that's evolved. People have reasons for making bad decisions. We distance ourselves and fix blame, but we do the same things and we caused this. So that's not fair

Fair is a value served by justice, which means doing the thing in our power to change outcomes
@cwebber

Sign in to participate in the conversation
Banana.dog

Officially endorsed by @Gargron as a joke instance (along with freedom.horse). Things that make banana.dog unique as an instance.
- Federates with TOR servers
- Stays up to date, often running newest mastodon code
- Unique color scheme
- Strictly enforced rules
- A BananaDogInc company. Visit our other sites sites including betaMax.video, psychicdebugging and gonnaroll