New node-ipc update deletes your harddrive if you have a russian or belarusian ip address. Pushed via github. It's kind of unprecedented for FOSS to do something like this, but it happened.
They didn't troll russians though; they ended up deleting evidence of russian war crimes against ukranians and leftist NGO's are going to have them arrested for terrorism.
github com/RIAEvangelist/node-ipc/issues/233
reddit com/r/linux/comments/tg9zk1/the_authors_of_nodeipc_have_pushed_malware_in_an/
Other urls found in this thread:
github.com
news.ycombinator.com
twitter.com
OKay but, why tf does any of this matter?
Death to Open Source
github.com
github filled with salt
it matters because the malware was pushed through an official chain and this was a dependency for a lot of shit. Unity even uses it; that means if you have ANY game that uses unity; and it got this update
>Kerbal Space Program uses unity
it deletes your hard drive
It's like if Microsoft pushed malware in a directX 12 update.
github literally hosted a geotargeted virus. if they can do it to select countries they can do it to individuals.
this is seriously unprecedented and serious business.
>Update Windows
oops! your entire hardrive is gone! slava ukranina!
reminder to NEVER AUTO UPDATE.
disable auto update on all of your shit.
only update during peak hours where if there was a poisoned update you'd hear about it rapidly (hopefully before you updated that day)
>every game using unity has it's hard drive wiped
i'm thinking this would be international news, mate. you're clearly not reporting what actually happened.
>turning off auto-updates
>microsoft windows 10 and above
let me know if you figure it out.
it only affected Belaruse and Russian ip addresses. The malware checked what your ip address was and only nuked that.
It's a fucking javascript module it's in everything.
here's your news faggot
news.ycombinator.com
>wiping hard disk based on IP address
the absolute state of software devs. even if you take being a massive activist faggot as a given, how can you not foresee that this will backfire in various ways?
on another note, all of those "modern" software projects out there that pull in 200 packages from every tranny on the internet can't be used securely in production without dedicated teams to vet them. that goes for node, golang, rust, all of that shit.
they should have known better.
>
i'm not spending 45 minutes trying to get around Any Forums's fucking spam filter to post news articles. Google it. News is starting to drop now it just happened today.
I swear Australians can only be drunk or retarded or both.
do you prefer this, or a shill thread?
hoping to learn if coffee is good for you, finally?
>>Any Forums86090219
thanks.
just use archive.is in future, you can usually post those no problems put (slash) or (word) or (dot) or something in between.
Checks out.
Not an argument.
What retard doesn't have a version lock for any serious project?
>absolutely devastated
blow it out you ass virtue signaler
apparantly an NGO with 30,000k evidence of russian warcrimes that was acquired at the cost of many lives just like star wars
Looks like it's time to go back to reinventing the wheel.
This is perhaps one of the biggest happenings in a long while and nobody here will give a shit
their own fault for not reading the source code
What a retard.
Should have made it dormant, that way he can overwrite the git history after it gets installed enough and shit never gets traced back to him.
>be me
>uses vpn with russian ip to shitpost at Any Forums
>gets update
>hd fucked
>FUUUUUUUUUUUUUUUUUUU.mp4
the wheel was already invented in C
these tranny devs re-invent it in node, or rust, or some shit language on top of a language, but they're too lazy to actually re-invent anything, so they re-use as many modules as possible from other trannies for even the most mundane things.
what you get is this intricate dependency web of tranny laziness and inefficient code written by literal nigger cattle. at any time one of these trannies can go ape shit and wipe your drive if your not careful about what software you use.
avoid anything that uses javascript (node.js) or rust entirely.
If it's written in pure C it's likely fine. tranny's and nigger cattle can't write C
Based and truthpilled. Rather code in native Javascript than working with fucking npm and 10 different CSS interpreters these packages require.