HackerTrans
TopNewTrendsCommentsPastAskShowJobs

andymcsherry

no profile record

comments

andymcsherry
·2 mesi fa·discuss
Andy from Lightning here. Yeah, the PyPi credentials were stolen through the compromised pl-ghost bot account. The attacker used this account to create a new actions workflow, which was ran and parsed out secrets for PyPi. After releasing the package, the attacker then used that account to troll us a bit with those comments.
andymcsherry
·2 mesi fa·discuss
Andy from Lightning here. The malicious file that gets installed has this signature:

  router_runtime.js

  SHA256 5f5852b5f604369945118937b058e49064612ac69826e0adadca39a357dfb5b1
  SHA1 f1b3e7b3eec3294c4d6b5f87854a52471f03997f
  MD5 40d0f21b64ec8fb3a7a1959897252e09
andymcsherry
·2 mesi fa·discuss
Andy from Lightning here. The malicious packages were published today at 12:45 PM UTC to PyPi. Before that, there were no affected distributions, and we were unaware of any leak. The original release on Github did not contain the issue, but we have taken it down to prevent any confusion.
andymcsherry
·2 mesi fa·discuss
Andy from Lightning here. The malicious code was not submitted to the main repo at Github. It appears our PyPi credentials were leaked and compromised packages were published directly there for versions 2.6.2 and 2.6.3
andymcsherry
·2 mesi fa·discuss
Andy from Lightning here. Thanks for pointing that out, we are updating the CVE. Only the versions from PyPi were affected. The malicious code was not checked into the GitHub repository
andymcsherry
·anno scorso·discuss
Hey ipsum, sorry I could have mentioned that. We spend a ton of effort on open source and sharing our ML knowledge with the community. If you don't want to use our platform, the entire source code and a tutorial is there to run it on your own.
andymcsherry
·anno scorso·discuss
Here's an open-source serving implementation: https://lightning.ai/bhimrajyadav/studios/build-a-production...

Also, a deployable model: https://lightning.ai/bhimrajyadav/ai-hub/temp_01jwr0adpqf055...
andymcsherry
·anno scorso·discuss
Australia has a slowish rail network because it is sparsely populated. It is an extreme version of America, the distances between population centers are quite large and there's not much in-between. There's also not much reason for anyone from Sydney to visit Canberra, and if you do, you certainly need a car to get around.
andymcsherry
·anno scorso·discuss
That’s the software platform used to deploy it