| ▲ | bilekas 4 hours ago | ||||||||||||||||||||||||||||||||||||||||
The phrasing of the title is loaded and the content phrases it as some kind of fault of open source. Then, which I find the most amusing, proceeds to blame MicroSlop for the attempted suuply chain attack, > Microsoft did not immediately provide the specific number of customers affected, when asked by TechCrunch. Yeah, because that's how open source works. Tech crunch doing hard work no not explain that. > This is Microsoft’s second known breach over the past few weeks that has allowed hackers to compromise its open source projects, per Ars Technica. I, like many others love to knock on Microslop when I can, but in this case they did the right thing. The article phrases it like they did everything wrong, they're all at fault and shame on them for limiting the breach. This is not the first time I've seen an article from Zack Whittaker that just rubbed me the wrong way. > steal passwords of AI developers This phrasing has it's own connotations. AI developers versus developers who use AI? > This is the latest example in recent months of hackers breaching widely popular open source projects with the aim of planting malware on a large number of users who have the code installed on their computers. These hacks are known as “supply chain” attacks as they target code that is often used in a large number of software products, or by a specific kind of user, which may be advantageous to hack as they sometimes have access to cloud systems and large amounts of customers’ data. Describes literally nothing of what a supply chain attack is, just the result of one and the reasons for their attack surface. Very very bad reporting in my opinion. Bad breach, and I hate to admit M$ did the safe and right thing, but this 'reporting' leaves a lot to be desired. | |||||||||||||||||||||||||||||||||||||||||
| ▲ | dgellow 4 hours ago | parent | next [-] | ||||||||||||||||||||||||||||||||||||||||
TechCrunch is very sloppy and unreliable. I’ve seen them reporting on things I worked on where they just invented facts for SEO purpose and there is no way to get them to correct | |||||||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||||||
| ▲ | raffael_de 4 hours ago | parent | prev | next [-] | ||||||||||||||||||||||||||||||||||||||||
What's your post mortem, then? As in - what happened and how should it be read? | |||||||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||||||
| ▲ | philipwhiuk 4 hours ago | parent | prev [-] | ||||||||||||||||||||||||||||||||||||||||
> > This is Microsoft’s second known breach over the past few weeks that has allowed hackers to compromise its open source projects, per Ars Technica. > I, like many others love to knock on Microslop when I can, but in this case they did the right thing. I've no idea what your problem with this sentence is. They have an organisational security problem, aided/demonstrated by lack of effort to effectively lockdown GitHub Actions and allowing MRs to circumvent CI/CD. That this is a Microsoft problem that was present pre-AI is not up for debate. See https://www.cisa.gov/sites/default/files/2025-03/CSRBReviewO... In the age of AI, it's now endemic and being weaponised. | |||||||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||||||