New node-ipc update deletes your harddrive if you have a russian or belarusian ip address. Pushed via github and NPM (node.js package manager).
They didn't troll russians though; they ended up deleting evidence of russian war crimes against ukranians and leftist NGO's are going to have them arrested for terrorism.
>can't into using test or staging before moving shit into production >not auditing what you pull in
got what they fucking deserved desu
Jackson Gonzalez
I'm still trying to figure out if the async issues would actually allow the code to delete files on your PC or not. Bit lazy as to run it in a vm tho.
Jose Taylor
>not auditing what you pull in The node-ipc package didn't have much of an update to be audited for. What happened here was the dev created the malware package, then went back to node-ipc and included the malware as a dependency in order for node-ipc to run then force pushed an update. Even if audited, it was obfuscated by the dev in an attempt to actively hide it. On top of this, node-ipc is very heavily used even by large companies and programs like Unity, because of this Unity actually ended up directly installing this malware into its own users computers.
Cameron Long
Hey I use that for one of my current projects at work
Matthew Johnson
The nigger who did this should be imprisoned
>FOSSfags on suicidewatch Not really. Something like this could just as easily happen in proprietary software.
Wyatt Smith
This is sabotage, a nigger leftist used his position to abuse trusted source for updaters and injected a virus that runs as you update. Because he is a leftist nigger, his code doesn't really differentiate where you're from, so his whole theatrics about hitting Russians failed. Instead it hit seems to hit people randomly. Biden destroyed the trust in Western financial institutions, this leftist nigger destroyed trust in Western development institutions. He is living proof the cogs of the machine are breaking apart because he won't be the last one to boldly do something so retarded
Isaiah Gutierrez
>FOSSfags on suicidewatch >Not really. Something like this could just as easily happen in proprietary software. I'd honestly wager that the fact is was FOSS was what caught him. Even when he tried to delete the commit and hide it as an "ssl check" the actual commit deletion attempt was still there. He tried to cover his tracks, but it didn't work.
Exactly. Someone actually went through the trouble of de-obfuscating the code and posting it on github while explaining what it does, which is where it initially gained attention. If it were proprietary software we'd all still be scratching our heads, if we even heard about it in the first place.
Juan Howard
its gonna take days before it deletes node_modules based af, far better than fagging with hoic
Andrew Mitchell
Imagine a village where you all drink from a well Your village is at War with the village next to you and The local activist retards decides to poison the lake nearby to btfo the enemy village
You end up drinking contaminated water
Charles Ward
Hmmmm almost sounds like a CYBER-PANDEMIC. REMEMBER THAT?
Elijah Jones
>If it were proprietary software we'd all still be scratching our heads, if we even heard about it in the first place. Cheers to that. Even with the detailed explanations by FOSSers, a lot of people are still slow to catching on to how bad what happened here really was.
Dylan Bennett
They can claim they have evidence of Hillary Clinton murdering children for all I care. It's irrelevant.
Worse than that. It was a well that was sitting there for many years, unpoisoned and free to all. Then one day he decided to poison the well water when people he didn't like came to have a drink.
Samuel Lopez
When that happens we now know exactly how
Microsoft will push an update to Windows that will have a virus in it
Blake Perry
Can they back them up?
Brody Green
you are correct They are only applicable to people github does not like This is what happens when the fabric of morals and ethics degrade and aren't shared between like minded and colored people
Jaxon Morgan
>i have a pending windows update right now uhhhhhhhh
Owen Garcia
>can't into using test or staging before moving shit into production You'd be both surprised and terrified at how common this is. Even at companies that should know better.
Colton Davis
Well poisoning is exactly what this was.
Chase Gray
You're fucking retarded and should be banned from computers.
Ian Myers
This is why he's trying to slide it by the best he can with "protestware". Which ironically he thinks is a new term, and doesn't even know what WANK was.
Colton Collins
>leftist NGO's are going to have them arrested for terrorism.
This software gets 42k downloads a week. The malware was online for 6 minutes. Do the math. Theres no way the NGO guy is real and a lot of details of the story seem awfully convenient.
>This software gets 42k downloads a week. That's just direct downloads. That isn't counting the hundreds of programs that use it as a dependency and installs it that way. The real numbers we're looking at is in the millions at least. Remember, anyone that had and updated Unity installed this malware.
Easton Ward
the software get's a million downloads a week this specific malware update was pushed to 41,000 computers.
41000 people got btfo
Luke Barnes
>NGO based in Washington DC >NGO think tank based in Washington DC >NGO institute based in Washington DC Thats a nice way of saying you're glowniggers
Carson Baker
Russia will pay for those six million war crimes. We do not need any evidence to believe that they happened for sure.
Kevin Harris
i didn't think about that maybe literal glowniggers got btfo by this too
Evan Bailey
can't believe there are assholes still using 3rd party libraries and not writing everything from scratch
>six million war crimes Pretty anti-semetic of you to only count half of Russia's war crimes. We all know there was evidence of at least 12 million war crimes, likely more.
Can i get a quick rundown? Do people know who the faggot that send out the malware is? I pretty much only use my PC for Reading and Playing so I'm not very knowledgeable about the more technical stuff
Carson Cox
Imagine trying to virtue signal and then you end up being accused of collaborating with the ones you were trying to attack AND being a terrorist. Pottery.
Just shows you can't trust any of those faggots though with all their claims of security and who great their independent work is.
Carter Martin
Well put
Lucas Perry
yeah he did it through public github repos so he's basically fucked