Backdoor discovered in Ruby "strong password" library, takes your "strong passwords" and uploads them into a pastebin

Hi, do you believe me when I say we need ocap security yet

@cwebber To be fair, blindly pulling in software that isn't audited or even curated is dumb no matter what.


We've created a situation where this is a necessity, so a little responsibility and empathy is in order. The principle that "many eyes make bugs shallow" doesn't apply to the threat model that's evolved. People have reasons for making bad decisions. We distance ourselves and fix blame, but we do the same things and we caused this. So that's not fair

Fair is a value served by justice, which means doing the thing in our power to change outcomes

Sign in to participate in the conversation

Officially endorsed by @Gargron as a joke instance (along with Things that make unique as an instance.
- Federates with TOR servers
- Stays up to date, often running newest mastodon code
- Unique color scheme
- Strictly enforced rules
- A BananaDogInc company. Visit our other sites sites including, psychicdebugging and gonnaroll