this post was submitted on 17 Jul 2025
119 points (98.4% liked)
Cybersecurity
7834 readers
95 users here now
c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.
THE RULES
Instance Rules
- Be respectful. Everyone should feel welcome here.
- No bigotry - including racism, sexism, ableism, homophobia, transphobia, or xenophobia.
- No Ads / Spamming.
- No pornography.
Community Rules
- Idk, keep it semi-professional?
- Nothing illegal. We're all ethical here.
- Rules will be added/redefined as necessary.
If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.
Learn about hacking
Other security-related communities !databreaches@lemmy.zip !netsec@lemmy.world !securitynews@infosec.pub !cybersecurity@infosec.pub !pulse_of_truth@infosec.pub
Notable mention to !cybersecuritymemes@lemmy.world
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Funny, they were handed a secure bootstrap thanks to gnu guix and stage0; yet choose not to just rebootstrap their shit from trusted source code.
Boots into secure bootstrap
npm installI'm not sure that the Ken Thompson type of backdoor is even on the radar as an urgent enough threat to be worth worrying about at this point. I mean, it's fine, but the boot-i-est of bootstraps at this point is the network hardware that's running the network you are trying to secure, and most of it is riddled with holes which are likely to largely undo whatever you're trying to do sad to say.
It only takes one secure system to setup a secure network if one physically has control over the hardware, fiber optic cables need only be trusted to carry encrypted data and be monitored for physical tampering