top | item 40985735

(no title)

joh6nn | 1 year ago

Right, but that was the exact nature of the attack: it's a small commit that doesn't look like it needs a lot of scrutiny. Like, I get that you meant "it wouldn't take much scrutiny to find this" but I mean "it doesn't look like it needs to be scrutinized". Especially because, as mentioned in the first comment of the investigation, the change to an unsafe behavior is deliberately obscured by the formatting of the diff.

It's like Where's Wal(do|ly): once you know where to look, it's obvious, but if you don't even know you're supposed to be looking for it, you may never find it

discuss

chefandy|1 year ago

Right-- A busy maintainer sees a weird looking commit-- but it's three lines long, submitted from a known contributor, and the tests pass. It was very carefully planned to be innocuous-looking enough to not trigger any concerns with a casual once-over (oh, it just changes the way an error is printed) and obfuscated enough to not be obviously malicious because of the diff formatting, and submitted by a reliable known contributor. Each piece was designed to make a rigorous code review as unlikely as they could possibly make it.

Sure, that's not how it's SUPPOSED to happen, but I'll eat my hat if at least 95% of people who've approved a PR at some point couldn't have been walked down that path by a dedicated attacker over time. Hopefully this has been enough of a jolt to make that less likely the next time someone tries it.

People often cite death and taxes as the only certainties in life-- we could easily include human fallibility.

Bluestein|1 year ago

> People often cite death and taxes as the only certainties in life-- we could easily include human fallibility.

What was it ... 80% of aviation accidents due human error?