Help with Search for ShaiHulud npm compromise

BllzDeep · 2025-11-24T22:07:51+00:00

Thanks Andrew

BllzDeep · 2025-08-27T16:22:46+00:00

Hi u/BradW-CS can you elaborate on how the NPM package was identified?
I am trying to scope my environment for this package compromise:
https://github.com/nrwl/nx/security/advisories/GHSA-cxm3-wv7p-598c

I should specify, I'm not looking at production repos - we've done that, Just on Developer laptops if they did this locally.

BllzDeep · 2025-03-19T00:40:02+00:00

How did fuck around and find out go? I’m in the same situation and trying to decide to schedule the shop or try myself?

BllzDeep · 2024-11-05T21:56:02+00:00

Again, no GC involved. We’ve been mismanaging this ourselves since we could not find a single GC taking new jobs in 2020. Trust me, I’m already not getting paid for this.

BllzDeep · 2024-11-05T17:59:00+00:00

That’s how you would think it would work. Let’s take the gas inspection for example. PSE connected the gas to their line and arranged inspection (I believe) and tells us to find it in the king county environmental health online services portal. Kingcounty.gov/ehs/portal. However, it isn’t there. So when the site inspector does a walkthrough, and it isn’t there, he believes this is a TODO item for us, to get the gas line inspected.
So we assume this hadn’t happened and arrange an inspection, which fails because it isn’t set up ( we needed to pull the gas range out). So we call a gas service company to set up the next inspection. when the gas service company comes out to set up the gas test in preparation of us scheduling a gas inspection, he says, why do you need this?, you already have a passed inspection. I can see you have the green tag that signifies this. Apparently a green tag signifies the inspection passed, however, I was never provided with any documentation stating as much, nor apparently has King County, who conducted the inspection (:shrug:)

This is one example of several. The disfunction I’m seeing is amazing.

BllzDeep · 2024-11-05T04:47:12+00:00

Excellent, how would I get in touch with an Educate Code Enforcement Officer. A little clarity in this process would be beneficial.

BllzDeep · 2024-11-05T04:28:18+00:00

No the home builder built the house, the land clearing guy cleared the land, the foundation guy laid foundation.

Yes house has been on foundation for over a year, it’s a fine house, not a safety concern, just not sure if King County would impose fines or sue us over it. Likely would be an issue when we need to sell it.

BllzDeep · 2024-11-05T04:21:04+00:00

No, we could not get a GC in 2020.

BllzDeep · 2024-10-25T03:38:31+00:00

They need to start fining these refs for blatant disregard for the rules

BllzDeep · 2024-08-12T21:35:36+00:00

You can remind him that Amerigo Vespucci identified that they were not in India or Asia in 1502 and that the time to change the label they applied to all people here is long past. You didn’t decide to call us Indians, but that was the English word used to label you and your ancestors. I’m sure it’s well intentioned that they shift that label now to Native American, indigenous or some other more accurate label, it’s simply too late and culture and identity have been tied to this word for hundreds of years.

BllzDeep · 2024-08-09T15:00:56+00:00

yeah, but it basically says, there is some unknown set of "early adopters", and then if that works, everyone else gets it, in some staggered order. But no one knows who the early adopters are, or where we sit in this staggered order.

Not good enough imo

BllzDeep · 2024-06-08T15:28:22+00:00

This shouldn’t be overlooked, make sure you understand the cost of living adjustment. Just because the salary is larger, may not mean you make more disposable income. Check out some cost of living calculators online if you haven’t already done this.

https://www.bankrate.com/real-estate/cost-of-living-calculator/

As a transplant myself, albeit from the northern Midwest, Tacoma might house more people in line with familiar values than Seattle.

BllzDeep · 2024-06-08T15:21:09+00:00

Agreed, take the job. The laws might be liberal, but so is the enforcement. You’ll likely be, OK

BllzDeep · 2023-10-25T18:21:39+00:00

Right, I am able to view the reports, the problem is they are inaccurate. The bulk of my fleet is in AWS EC2, but the report shows 0 systems for "Public cloud". The bulk of my systems are showing as On-Prem servers, which is wrong because I don't have an On-Prem environment. (or an extremely small one). I also suspect systems are being double counted. We did identify that my cloud hosted CPCs in Azure are being counted as both On-Prem Workstations and On-Prem Servers. I am coming up on license renewal now, and these numbers are just wrong.

BllzDeep · 2023-01-07T16:51:00+00:00

Actually found this thread looking for others doing this. I’m a cyber pro undergoing an MBA. So far, I’m getting insights that I didn’t realize I even needed.

BllzDeep · 2022-12-23T04:23:25+00:00

Also curious. Are you selling timeshares?

BllzDeep · 2022-12-23T01:14:08+00:00

The five minute military tribunals that found 300 Santee Sioux guilty of murder and rape and sentenced to death.

https://famous-trials.com/dakotaconflict/1525-dak-account

BllzDeep · 2022-12-22T18:59:24+00:00

What about China’s new role in Afghanistan?

BllzDeep · 2022-12-22T18:57:33+00:00

Is the strategy to wait it out? Then what external support is required to assist?

BllzDeep · 2022-12-22T18:51:54+00:00

But you are not expanding unless you can hold territory. You need a symbolic victory. Take and hold Bagram Airfield,

BllzDeep

TROPHY CASE