Yeah. OPM.

Let's start in 2014 where Our Fearless Leader appoints Michael Daniel to be the US Cybersecurity Coordinator (Cyber Czar) who's proud to have no technical knowledge  (Forbes)

Mix in an inspector general's report that described the agency’s computer security system as a Chinese hacker’s dream.  (NYTimes)

"The problems were so severe for two systems that hosted the databases used by the Federal Investigative Service, which is responsible for the background investigations for officials and contractors who are issued security clearances, that the inspector general argued for temporarily shutting them down because the security flaws “could potentially have national security implications.”"

What do you get?  Unlimited access to the Office of personnel records databases by unknown hackers, including highly sensitive clearance information.  

 “OPM is being very resistant to agree to attend,” Rep. Jason Chaffetz (R-Utah) said. “I’m prepared to issue a subpoena if need be to get them there.”

(NPR, and boy did I love waking up to that on my clock radio last Friday morning)

Extra credit to OPM people refusing to testify before congress re the breach

Stay classy, US government

PS - Check out Krebs on it

OK, it's time to stop trusting SourceForge

Well, it's official.

SourceForge is putting paid third party code into projects, similar to the junk that Oracle puts into Java, or Adobe into Flash.    No surprise, since they're now owned by a job hunting site Dice, or DHI group inc (note the category warning announcement)

They're backtracking on the insertion of some really bad stuff into GIMP (Ars Technica), saying that they thought GIMP was dead, and that listening to their user [outcry] they'll now only do it on certain projects.

They are saying it's opt-in only,but both things are only a bad quarter and a policy change away.

Unfortunately I'm putting them in the AVOID category, like Tucows and CNET :-(

Update: They Definitely time to untrust them - they hijacked NMap!

Perry