@kibergo885
fern vids feel like real youtube premium
@ZaminTheBest_cr
imagine working on something so powerful that can bring countries to there knees just to be caught by a guy noticing a 0.5 second delay
@ismailosman5048
The fact that you explained it in a way that someone with no technical background would understand speaks volumes, thank you for another great video
@P4INKiller
A developer being polite and helpful? Major red flag right there.
@matijastevovic5636
Thank you so much for not doing the typical "...Collin was born on a cold night of 1994. When he was 4, his favorite dish was lasagna..." etc. like most of these channels do to make their videos as loooong as possible. Also it was really well explained considering I know nothing about this stuff. Great Job!
@ryanbrownie4634
fun fact Andres Freund's , last name translates to friend in German . He is truly a friend the internet needed
@wowoking2
The production of some of these youtube videos nowadays is crazy
@GuidoHaverkort
4:12 'My ability to care has been very limited' is very much a phrase i will start using myself
@liveen
At 03:41 keep in mind "fork yourself" was not meant as an insult. Forking works like a fork. You have the source code, the handle of the fork, and then you have the separate tips of it, the forks. Essentially, the commenter is suggesting that the other guy makes a clone of the code on github with himself as the maintainer, so that they can make further progress on the code without the delays. If you and I were to make a paint type program, and we fork a program that has everything except the bucket tool and the brush tool, and you implement the brush tool in your fork, and I implement the bucket tool in mine, we now have 3 versions of the same code. 1. The base code, the original paint. 2. Your fork with the brush tool, probably named something like "yourname-paint-brush" 3. My fork with the bucket tool, probably named something like "mycodeisbetterthanyourslmaogoforkyourselfsuckiiiiiiit-bucket"
@adoSrelliK
Man, source citations in EVERY scene is just crazy professional. Higher standard than many 'professional' documentaries by bigger companies. Well done!
@ethansexton2590
There’s nothing I love more than getting a YouTube recommendation in my feed that changed my perspective of everything
@bhaskarjyotideka9243
04:46 devs/ maintainers being polite, the biggest red flag. 🚩
@JoeriBlomberg
Everyone, please repeat after me: "Thank you for saving the internet, Andres"
@qura-q2r
your non technical way of explaining all these very technical topics makes the videos really interesting rather than boring Amazing work!!
@lj1643
Millions of modules are maintained by developers with little reward, yet power the largest companies.
@devrim-oguz
The crazy thing is that backdoor wasn’t even inside the code itself. But was attached while the code was being deployed.
@zqw._s
ferns voice is just right for these type of videos.Mysterious but also the type of voice that will keep you wondering for more content
@ceoofgambling
fern just dropping banger after banger
@HappyGick
The real reason behind the suspicion of state sponsonred hackers, for us IT engineers, is not just the social engineering. It's how sophisticated the technical details of the attack really were. I myself don't fully understand all the details. But in essence it's a supply chain attack. It only triggers when specifically compiling SSH with xzutils in a Linux distro. Undetectable during code reviews. Some Linux distros weren't even affected because they didn't compile SSH the way that the attack expected. And the payload was hidden in the test suite. Many many details that would've made this attack close to unthinkable for nearly every hacker, except for state sponsored groups. It's unanimously agreed that it was state sponsored because it's just too multi layered.
@arlo1473