This one contained information I didn't encounter in the earlier ones linked from HN. The earlier ones mostly focused on the multi-step build and extraction process, this one has some detail on the inner workings of the library that gets extracted.
This is one of the most significant computer security events of all time. A genuine backdoor-- not an accidental vulnerability, a backdoor-- created by a very sophisticated, very-likely state-backed, actor who used a combination of social engineering and multiple clever points of indirection to get a vulnerability into a common library. There will be many more articles about it in the months and years to come, and I don't see what's wrong with that as long as they are providing new information.
It also seems to specifically violate HN guidelines:
Throwaway accounts are ok for sensitive information, but please don't create accounts routinely. HN is a community—users should have an identity that others can relate to.
Snarky shallow dismissal ain't sensitive information. It's precisely the sort of behaviour which should be tied to, and reflect reputation of, a primary account.
(Which can of course be pseudonymous, example myself.)
sho_hn|1 year ago
Analemma_|1 year ago
eclectic29|1 year ago
dredmorbius|1 year ago
Throwaway accounts are ok for sensitive information, but please don't create accounts routinely. HN is a community—users should have an identity that others can relate to.
<https://news.ycombinator.com/newsguidelines.html>
Snarky shallow dismissal ain't sensitive information. It's precisely the sort of behaviour which should be tied to, and reflect reputation of, a primary account.
(Which can of course be pseudonymous, example myself.)
saagarjha|1 year ago
StressedDev|1 year ago