Tom Scottಪರಿಶೀಲಿಸಿದ ಖಾತೆ

Next up, composer @TobiasStich, who somehow turned my vague requests into the actual, tense music you can hear. And finally, GFX team @SupportClass, who created an incredible automation suite for Adobe Creative Suite that built the show graphics with a couple of clicks.

Now that Lateral's going out to the world, and it seems that the world likes it, there are some more folks I want to give a shout out to! First of all, editor @mrsmmartin. I sent raw footage, she sent back six brilliant shows.

“The self-driving system software classified the pedestrian as an unknown object, as a vehicle, and then as a bicycle with varying expectations of future travel path.”https://twitter.com/NTSB_Newsroom/status/999642196751069184 …

And that's it. That's all the ideas I have. Oh, and the botnet user didn't change anything, not a single file. So I've changed all my passwords. Now I'm going to set my PC to do a full malware scan; take a walk; get lunch; and hope that this isn't the tip of a horrible iceberg.

Three, via my SCP client (WinSCP) or through my SSH client (PuTTY). That seems unlikely, but it's not implausible. If all the people affected were WinSCP/Putty users, that's worth looking into, but again that's not something I can do.

Two, via 1Password. But it was buried in a text file: you'd have to look through everything manually, ignore the much higher-value targets, and somehow understand my weird filing system that doesn't even say what the password is for. That doesn't make sense.

So the way I figure it, there are three ways it could have leaked: One, through Dreamhost. Nothing I can do about that if so.

But: that password was extremely long and complicated, not reused, and stored in a text file in an offline 1Password vault. The only other place it's been are Dreamhost's servers (obviously) and pasted into my SCP and SSH clients.

Dreamhost say it's not a false alarm. It was an attack on multiple accounts, gathered via client-side malware or credential reuse. They automatically blocked it and reset my password.

I got an email from my web host, DreamHost, telling me that a botnet IP has just logged into my server account there. Which is not great. I mean, full marks to them for noticing and shutting it down, but, agh. But: it's also absolutely baffling me.

Oh boy. Apologies for a second Twitter thread in one day but — and I can't think of a more eloquent way to put this — aaaaaaagh. I need to vent some thoughts.

Just, @YouTube, please don't let people announce breaking changes on Twitter. It hurts everyone, including you. Rant ends.

Hire someone whose job it is to talk to all the teams, to work out what's coming, and — as far as possible — keep the highly engaged users in the loop. Call them the Creator Communication Lead or something like that. You'll avoid this seemingly-endless run of PR disasters.

I know, YouTube, this is a really difficult problem! But scaling a video platform to reach billions of people is also a really difficult problem, and you've managed that.