Stop. Truncating. Hashes.

https://www.phoronix.com/news/OpenWrt-Compromised-ASU-Builds

We run this security-sensitive service but only keep the logs for 7 days😔

Obviously hindsight is 20/20, but a good example on why at companies I always want as much log retention as possible.

@cR0w In my professional life I've seen it multiple times

@cR0w @stacksmashing Bits aren't cheap y'know!

@stacksmashing people are very often privacy aware and angry with entities saving logs for more than a few days (or at all) UNTIL the entity was compromised and then they are suddenly considered morons for not saving way more logs... :'-)

@stacksmashing nodds in agreement

To me it seems either criminal incompetence or as @stman would say, malicious intent...