Email or username:

Password:

Forgot your password?
All posts Eugen's posts Post Back to profile
Eugen Rochko

"Select versions of the massively popular 'node-ipc' package were caught containing malicious code that would overwrite or delete arbitrary files on a system for users based in Russia and Belarus"

bleepingcomputer.com/news/secu

Do not do this

18 Mar 2022 at 20:17 | Open on mastodon.social
33 comments
DELETED

@Gargron "We hate your government, not you. So we're going to screw you over just for being in a specific place."

18 Mar 2022 at 20:19 | Open on mastodon.social
Dag Ågren ↙︎↙︎↙︎

@Gargron I think the real problem here is that it is *possible* to do this in the first place. So many package managers are absolute security nightmares on every level.

18 Mar 2022 at 20:41 | Open on mastodon.social
Nach ✖️

@Gargron fuck fuck FUCK people really need to knock it off with this poorly thought through performative shit. Ticket removed from github, but it links here now: snippet.host/kvcb
18 Mar 2022 at 20:51 | Open on mastodon.social
:umu: :umu:
@Nach @Gargron saw the stupidest take on it today, like "We can thank the author for fake and other shit got deleted".

I can't even describe what happens in their mind.
18 Mar 2022 at 21:24 | Open on expired.mentality.rip
Iutech

@Gargron

You're Russian, right ?
How does the diaspora interacts with the motherland ?
Are you able to give different informations than the official medias or is the effect extremely limited ?

18 Mar 2022 at 20:56 | Open on fosstodon.org
Eugen Rochko

@Iutech I try not to give too many personal details away online. So I’m afraid i can’t give you a satisfying answer.

18 Mar 2022 at 21:03 | Open on mastodon.social
Iutech

@Gargron

I understand, and thank you for replying anyway.
But I wasn't really asking for personal details, more for a general understanding on an important topic that not many people talk about (that I know of, at least).

18 Mar 2022 at 21:05 | Open on fosstodon.org
Arne Babenhauserheide

@Gargron I would like to invite you to freenetproject.org while it is still accessible from Russia (or is it — via VPN?), but if you were to do that, I would also suggest to create a new unconnected pseudonym, so I’ll likely never know whether you actually joined up …

About Russian people, Conan the Terminator-Dad got it right: ieji.de/@eichkat3r/10797366966

We are all human beings, and attacking Russian people for their government’s actions helps Putin's propaganda of an us vs. them.

@Iutech

@Gargron I would like to invite you to freenetproject.org while it is still accessible from Russia (or is it — via VPN?), but if you were to do that, I would also suggest to create a new unconnected pseudonym, so I’ll likely never know whether you actually joined up …

About Russian people, Conan the Terminator-Dad got it right: ieji.de/@eichkat3r/10797366966

18 Mar 2022 at 22:03 | Open on rollenspiel.social
Григорий Клюшников

Modern software development is such a mess. How did we come to networked dependency managers downloading and executing untrusted code with no sandboxing without user consent being the norm? These used to be called RCE vulnerabilities. There need to be technical measures against this stuff. Or better yet: avoid networked dependency managers if you can. Treat every dependency like a liability it is.

18 Mar 2022 at 21:18
Terci
ruff

@Gargron Do not do what what exactly, protest against the war?

18 Mar 2022 at 21:29 | Open on social.librem.one
Григорий Клюшников

ruff, this is pure vandalism, not a protest. Do protest. Don't vandalize stuff. That simple.

18 Mar 2022 at 21:35
ruff

@grishka Oh right, of course. When your family is hot you request authorities to allow protest. got it. and if they reject - you oblige. Of course.

18 Mar 2022 at 21:37 | Open on social.librem.one
ruff
Григорий Клюшников

ruff, you aren't making any sense. Please answer this simple question: how exactly a piece of malware unleashed upon innocent people is an act of protest?

18 Mar 2022 at 21:42
ruff

@grishka @Gargron Innocent people will say - "shit happens" and learn the lesson (not to use npm). If there's a slim chance it can compromise a single nut in a russian war machine it's already a good win.

18 Mar 2022 at 21:49 | Open on social.librem.one
ruff

@grishka @Gargron And by good win I mean not moral satisfaction of some jerk but potentially saved lives.

18 Mar 2022 at 21:50 | Open on social.librem.one
Григорий Клюшников

ruff, it's a fun assumption that Russian military uses computers at all.

> "shit happens" and learn the lesson (not to use npm)
This isn't how this works.

18 Mar 2022 at 21:51
івась тарасик

@grishka
russian military uses money that russian government gets from taxes that «simple innocent» russians pay when buying and using computers. also, i'm like 99,99% sure every army today does use computers.

i'm not defending the nmp maintainer here... just pointing out that the rather manipulative game of looking for holes in one's logic you're playing here can be turned both ways.

@ruff @Gargron

18 Mar 2022 at 22:33 | Open on mastodon.social
Eugen Rochko
ruff

@Gargron @grishka I was waiting when it will come to this - to compare your buttheart from malware with killing people. Good luck with that.

18 Mar 2022 at 21:56 | Open on social.librem.one
Alexey Skobkin

@ruff @grishka @Gargron

Something is really messed up in your head 🤦‍♂️

I hope that it's only a side-effect of emotions and not your everyday thinking process.

19 Mar 2022 at 1:48 | Open on lor.sh
Alexey Skobkin

@ruff @grishka

Let's say your family was shot by some African American. Now you're going to set a bunch of African American houses on fire because some of them MAY be SOMEHOW related to that.

Sounds like a solid plan, yeah?

19 Mar 2022 at 1:44 | Open on lor.sh
ruff

@skobkin @grishka let say you are trying to persuade me they you are innocent to doge criminal responsibilities your president. Because presumably you personally don't pull the trigger.
Sounds totally pathetic, indeed.

19 Mar 2022 at 6:06 | Open on social.librem.one
Григорий Клюшников

ruff, this isn't "my" president. I didn't elect him. I'm as ashamed of him as everyone else but there's nothing I personally can do to help this situation.

19 Mar 2022 at 6:22
Alexey Skobkin

@ruff @grishka
Oh, so now you're trying to use ad hominem to avoid the problem I just pointed out in your discourse?

I mean this would probably work on general public, but looks like we have people who are able to think critically in this thread.

I hope that someday you'll understand that this is the way to fool yourself and not to "defeat" your "opponent".

19 Mar 2022 at 16:11 | Open on lor.sh
ruff

@skobkin @grishka Oh so you insist on derailing the topic by injecting false narrative. So my only remaining words to you - русский долбойоб - иди нахуй.

19 Mar 2022 at 22:54 | Open on social.librem.one
Eugen Rochko

@ruff Protesting the war is fine, but protesting the war in the west is also completely performative. Putin won’t change his plans because somebody in the west went to a rally or a celebrity recorded a touching message.

Turning your software package into malware that targets Russian civilians is pointless cruelty. They have no say over this war either, and it will hit the ones that are against it just as much. It already hit an NGO that documents Russian war crimes.

18 Mar 2022 at 21:36 | Open on mastodon.social
ruff

@Gargron
> They have no say over this war either...

This war is happening because they have nothing to say.

18 Mar 2022 at 21:38 | Open on social.librem.one
Eugen Rochko

@ruff Okay, you don't know what you're talking about, got it.

18 Mar 2022 at 21:40 | Open on mastodon.social
Григорий Клюшников
stux⚡
peturbg

@Gargron
General message for WHAT happend IN PEARL HARBL. that united states of america KILL INOCCENT PEOPLES. what happend in IRAN, IRAQ. Other day my mastodon was flooded from developers of mastodon for not working. Very bad.

18 Mar 2022 at 22:44 | Open on mastodon.bgzashtita.es
Go Up