Bandersnatch 2024
GnuBreed 2024
Captain Hate 2023
moon_over_vermont 2023
westminsterdogshow 2023
Ann Wilson(Empire1) 2022 Dave In Texas 2022
Jesse in D.C. 2022 OregonMuse 2022
redc1c4 2021
Tami 2021
Chavez the Hugo 2020
Ibguy 2020
Rickl 2019
Joffen 2014
AoSHQ Writers Group
A site for members of the Horde to post their stories seeking beta readers, editing help, brainstorming, and story ideas. Also to share links to potential publishing outlets, writing help sites, and videos posting tips to get published.
Contact OrangeEnt for info: maildrop62 at proton dot me
It looks like it started with "social engineering" - a confidence scam - two years ago, with one person attacking the maintainer of the xz utility and another one offering to help, and then actually helping. That warped over time into slipping more and more suspect code into the package, until they got caught.
It's a bit of an odd one because it took a lot of care and planning but was guaranteed to get caught and removed if it ever went mainstream. So it's not a targeted attack on particular groups, and not subtle enough to pass unnoticed long-term.
If you infect one server you're likely to get away with it, but if you infect every server in the world, there are literally hundreds of honeypot servers set up by security researchers specifically to detect weird stuff like this.
Purely speculation but I'm wondering if this was North Korea rather than China or Russia. It looks like the kind of miscalculation they would make.
Not specifically true, but true in general; we nearly had a global disaster with a small but useful library called xz because the maintainer wasn't getting paid anything despite the code being used on hundreds of millions of computers. (If it's included in iOS or Android, which it probably is, billions.)
The solution proposed here is to make it easy to pay these people.