Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 17 submissions in the queue.

Political Statement Takes Down Chef

posted by martyb on Sunday September 22 2019, @05:44PM   Printer-friendly
from the the-kitchen-is-closed dept.

mechanicjay writes:

A developer of some Ruby Gems pulled the code as a statement against certain entities (Department of Homeland Security — DHS) ultimately using the code. Chef gets owned in the process.

ZDNet has a good rundown of the incident:

https://www.zdnet.com/article/developer-takes-down-ruby-library-after-he-finds-out-ice-was-using-it/

It seems that developers at chef may have used an old copy of the dev's code to get things back up and running again, which seems like exactly the wrong approach.

Original Submission

 
This discussion has been archived. No new comments can be posted.
Political Statement Takes Down Chef | Log In/Create an Account | Top | 57 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 1, Informative) by Anonymous Coward on Monday September 23 2019, @05:33AM (4 children)

    by Anonymous Coward on Monday September 23 2019, @05:33AM (#897427)

    From what I've read [soylentnews.org], webmin is a particularly good choice if you want to outsource your server administration or allow multiple people to do so.

    Starting Score:    0  points
    Moderation   +1  
       Informative=1, Total=1
    Extra 'Informative' Modifier   0  
    Total Score:   1  

  • (Score: 1, Touché) by Anonymous Coward on Monday September 23 2019, @06:56AM (2 children)

    by Anonymous Coward on Monday September 23 2019, @06:56AM (#897447)

    From what I've read [soylentnews.org], webmin is a particularly good choice if you want to outsource your server administration or allow multiple people to do so.

    Just so. Especially if you don't care *which* "multiple people" have such access, as Webmin is notoriously insecure.

    cf. https://www.google.com/search?q=webmin+security+issues [google.com]

    • (Score: 0) by Anonymous Coward on Tuesday September 24 2019, @06:28AM (1 child)

      by Anonymous Coward on Tuesday September 24 2019, @06:28AM (#897996)

      You obviously didn't notice the first part of that comment linked to a story titled "Webmin Backdoored for Over a Year."

      • (Score: 0) by Anonymous Coward on Tuesday September 24 2019, @06:54AM

        by Anonymous Coward on Tuesday September 24 2019, @06:54AM (#898000)

        You obviously didn't notice the first part of that comment linked to a story titled "Webmin Backdoored for Over a Year."

        I did not. But that doesn't invalidate my post. In fact, I think it dovetailed nicely with GP's.

        What's more, I upmodded GP once I saw the posting to which the link pointed.

  • (Score: 2) by RS3 on Wednesday September 25 2019, @05:40AM

    by RS3 (6367) on Wednesday September 25 2019, @05:40AM (#898400)

    Only if you allow access to it from the outside. I run servers on non-routeable address subnets, and only allow webmin access from specific internal IP addresses.

    That said, I don't have, nor have ever, deployed webmin ongoing- just tried it from time-to-time, and frankly I don't like what it does to my config files. I wouldn't mind if it would just edit or add certain specific parameters, but it rewrites the whole thing, so bye-bye.