[bradly]

I agree. It is interesting how much they focus the hardware servers in the article.

I'd be more interested knowing which package was vulnerable?, was it a known exploit?, and what systems were/are in place to alert on vulnerable dependencies?. Instead they are focused on the new servers just taking too long and not enough money because of advertiser pressures.

[dbaggerman]

They do mention their OS being out of date. One possible interpretation is they are using packages provided by a Linux distro, and getting up to date may have required a full OS update.

If that's were case, it would be easy to see how they might want to tie their OS upgrade to a hardware refresh rather than taking servers offline for a reinstall.

[j_bum]

According to a Firebase video [0], the outdated and exploited package was called GhostScript.

[0] https://youtu.be/XNratwOrSiY?si=dxfD8Y7-wfOi0XcJ

[sadeshmukh]

Fireship is the channel name - firebase is the product he initially had based his channel off

[j_bum]

Oops - thanks for correcting my typo