Stop. Truncating. Hashes.

https://www.phoronix.com/news/OpenWrt-Compromised-ASU-Builds

@stacksmashing Is this a common thing that I've been lucky enough to miss? This was the first one I remember seeing.

We run this security-sensitive service but only keep the logs for 7 days😔

Obviously hindsight is 20/20, but a good example on why at companies I always want as much log retention as possible.

@cR0w In my professional life I've seen it multiple times

@stacksmashing (⁠╯⁠°⁠□⁠°⁠）⁠╯⁠︵⁠ ⁠┻⁠━⁠┻

@cR0w @stacksmashing Bits aren't cheap y'know!

@buherator @stacksmashing Sounds like something a cloud engineer would say. 🤔

@stacksmashing people are very often privacy aware and angry with entities saving logs for more than a few days (or at all) UNTIL the entity was compromised and then they are suddenly considered morons for not saving way more logs... :'-)