Linus and Luke Discuss the LTT Hack

Luke is the physical embodiment of "I don't like the consequences but I sure do love the chaos"

I love how this clip is longer than the WAN show used to be

This isn’t a clip… it’s an extended mag

In an alternate reality Luke is a firefighter just absolutely jazzed to go put out giant fires as quickly as possible.

I love how no one seems to be talking about how Dennis has had to edit naked linus so much he developed a very smart technique of just blurring the whole screen and decreasing the size of the blur in order to avoid having to see it more than he has already.

Luke is EXACTLY the kind of person you want when crap hits the fan because he's the kind of person who is built for crisis management. Ready to go, proactive, problem solving, diagnosing potential issues, hard to truly overwhelm, focused, etc.
Guy gets it done.

having employees who get excited to help with something like this is proof the dimensions are merging

Man, I have never identified with Luke more, I, too, absolutely **thrive** on the chaos of everything going to shit and patching every hole that comes up ad hoc. I should also work in disaster response more often 🤣

With clips this long the LMG Clips channel will need it's own Snippet channel.

You can tell how much fun Luke is having by the length of the clip.

This isn't a clip anymore, this is full on belt-fed.
_I love it._

The funny thing is sometimes when you have a VPN running or you activate it during a session, Google will throw up a message saying something like "We noticed weird traffic coming from your device" and refuse to let you interact with any services for a while. But when the tokens are hijacked and used on an entirely different machine they're like "Yeah okay" 🤣

When I saw that LTT was hijacked by some crypto bros I felt absolutely shocked but at the same time I knew TH-cam would be able to restore the channels because the same thing had happened to other youtubers I follow. Still I was sure Linus and the crew where going through though times now mater how easy it was to fix

I want to work on a team with someone like Luke

I wish more workplaces were ran in a way where we as employees would want to drop everything and help when the preverbial hits the fan.
I hope linus does something fantastic to show his gratitude for the team.

The floatplane chat bug, if it's similar to a bug I've encountered in the past on my own apps, should be easily circumnavigated by reversing the order of your chat message array and then having a reverse flex column. CSS takes care of the scroll-to-bottom for you without any janky JS breaking it apart

At the very least, there should be a check box on your account for "Require sign in from unknown IP" where you must enter your credentials any time you attempt to log in from a new IP/location. You should also have to enter your credentials for any major change such as changing the name of your channel, or before deleting videos.

"Some of us had kids to feed!" "And that was great, because there was more for me to do" Luke I love you

At the first LTX i asked luke how long he had been up, and his answer was somewhere in the neighbourhood of 2 days, i always thought he was smiling just because it was a Q&A, but now....

Luke, I feel you. Had a 34h marathon myself and just being engulfed by chaotic energy is a pure blast. It's a rollercoaster that has no predetermined path and just goes on for as long as it has to. You don't know what will come, you don't know how to manage it, you don't know how long it'll last, but you know that you'll figure out what you have to do and anything is possible!

This WAN show was insanely good, everybody in the room was absolutely crashed from being tired and sleep deprived and it was borderline unhinged.
Now get some good rest this week everybody.

Yeah, LTT has its haters but the sheer number of people responding positively and joining Floatplane just proves how much most of us enjoy the content. A hot cup of tea and LTT videos can really help me unwind sometimes.

Bruh this one “clip” is half as long as the whole ass show was a year ago. At this rate, they’ll be doing 34 hour long WAN shows by Christmas.

It always baffled me that Google are happy to send me Notifications on my phone when anyone logs into one of my accounts from a different browser, but won't do anything to stop somebody clearly logging in from another country.

I don’t mind having this clip to be almost an hour long because this topic can’t be sub 20-30 long. I’d rather have all the details than skimming the story. I’m just glad LTT got their channel back

I remember once working 50 hours straight without rest (database event). It was rough. Remember that after 20 hours of work without proper rest, you become impaired and is no longer safe (and I believe no longer legal) to drive. It is important to be able to hand over the work in progress to a colleague and take a taxi. I do agree that the true reward is succeeding to restore services after surmounting impossible odds.

When Luke said VM provider from Germany that made perfect sense to me. There are a few hosting services in Germany that provide really cheap VMs, which often get hijacked and used for botnets and to proxy attacks. I used to see a lot of those in WAF logs and stuff. In fact that's how I used to look for cheap hosting services.

this just shows how great a environment working for LMG!

This entire saga has shown how skilled and experienced the entire LMG team really is. An absolute masterclass in damage control.

kudos to how they handled it, and how no one is in trouble for this. emotions must've been high for a few hours but now that its all done and gone, its nice to see the work environment at LTT is so healthy and chill.

It being a year later and the same thing just happend to me. Im paranoid it could happen again. My Gmail is locked down and all unauthroized users are off my youtube. Is it possible they could add one back to my account using that token?

I watch linus because he spends time packing his kids lunches instead of fixing his life's work on the channel hack, I have to like him more after this lol

The LMG team is just a blessing to us all

Me: I refuse to watch the WAN show, it’s too long.
Also me: Hmm, yes this 57 minute LMG clip is perfectly fine.

Wow, Luke is kind of making me miss the old days when I was the layout editor for my local community college newspaper. Because early college kids suck, pretty much every article would come in the due date for the printer and we had to work our asses off to get that paper together. I had some days that went from noon to 5am.

The LMG team came together to get this sorted...was nice to hear Linus shout out his crew in the video about the hack. Quality people.

They're crew sounds fucking amazing. Like a group of friends.

21:03 I can personally speak about because I have to constantly VPN from SE Missouri to Dallas Texas, and while I get some issues with using a VPN, none of those issues, including TH-cam/Google, log me out when I suddenly teleport hundreds if not 1,000 miles away.

I'm so proud to support LTT
Thank you for being such a pinnacle in this industry

2:59 - 3:16 so Luke is an adrenalin junkee

That moment when a clip is longer than most of the videos on the main channel.

5 minutes in and I already adore Luke and the other relevant employees. Such a good team... Keep being awesome!

Love the energy from this topic. Imagine if your employee had the training to not open that email. Everything would still be business as normal. And we wouldn’t know more about this large TH-cam issue.

Luke is the definition of chaotic good

Luke here saving the day once again March should be Luke Appreciation Month. Everyone was already saying during the hack Wan show would be lit.

Production Issues are always an amazing experience and also a great learning experience. It bonds teams and colleagues too like nothing else.

In every high risk system I have worked on. There is always a large Disaster Recovery File(physical file) that all engineers was made aware off, with exact non physical documents stored on a secured sever. It was our responsibility to make sure everything is always up to date. There was always a "what if" mindset. What if the building burned down. What if the sever crashed. What if we got hacked. We always had access to the Disaster Recovery document in the event a some major event

Oh boy I love feature-length LMG clips

I wish everyone in this world had a job where the pay is a nice extra. Linus proves the a good wage and a nice company culture causes people to see their job as a hobby and it def. increases productivity.

Man, I really hope Google does something to deal with all of this. TH-cam will not survive with this kind of ignorance, and a competitor WILL rise to take the crown if Google slacks.
You dropped this, TH-cam: 👑. And it doesn't belong to you anymore.

Session tokens need to be reset if they are used on another machine (Hardware ID, System ID, IP, and other options to ID sessions tokens to connect it to a machine) so in a case of stolen session token, the system could detect that and ask for authentication.

Remember when the wan show as a whole was this long? Honestly tho, im all for these long segments.

Luke's brain is broken, and I'm here for it 😂

Hi Linus, another good thing that came from this, I heard it first on the Dutch radio (free advertising), and they also criticized TH-cams security.

Luke, having that reaction from your staff shows great leadership. Well done :)

An actual, good work environments where people do extra work because they like working there and the company actually means something to them because they helped build it and are treated accordingly instead of being "incentivized" or forced to?? Healthy work environments are so rare in the tech space so this is really cool to hear.

what is the web site that he mentions 12:33, that you can search by subtitles?

I was most worried about Linus Cat Tips, glad everything is alright!

55:00 i did not consider that someone would be editing the naked footage of Linus 😂😂😂😂

I'm so sick of seeing ELON MUSK, TESLA, JAKE PAUL, CONNOR MCGREGOR etc.. etc.. and then the dreaded QR code at the bottom middle of the screen offering to double your bitcoin. What an absolute plague.

The speed at which this was fixed is a good showing as to the quality of Linus's skills as a ceo, bringing all the right people together through the years and keeping them close, him and evon(? Sorry I don't know how to spell her name) are both absolutely amazing, as is everyone involved in having fixed the situation

Damn, this youtube recommendations are crazy

Chaos, hacking, naked Canadians.

being a former Support Tech, I get that rush but also have nightmares about that...

22:50 if the location changes, if they can query device info, that would let them rule out if it’s probably the same device or something different. like is it the same browser, is the operating system the same, etc, because no normal user is going to copy a session token to avoid logging in again on a different browser or another os partition on the same device.

The IR reminds me of a compromised email account I was working with once. The threat actor used the account to make a free Azure trial, and was using that to host phishing infrastructure. We had already revoked the tokens, but had to wait for the session timeout to force reauthentication. I sat in the VM blade watching them create servers, then I'd delete them. So they'd recreate them. I'd delete them again. For about 45 minutes. Had I known then what I know now, I probably would have left the servers and tried disassociating the public IPs until the sessions timed out, but I was having fun at the time.

Wow, they are both working on ZERO sleep, and I have nothing but sympathy.
Been there, done that, but WOW... well done guys!

I'm like Luke, I just grow in that problems. I actually also missed them, so I'm starting a new company 😂. Being responsible for the tech during those moments are stressful as hell, but you put your whole brain into it and that's amazing.

one thing I don't get is how they could change that much without TH-cam going "hang on, this isn't right" and asking for reauthorization. also how did it not see that it was logged in on a a desktop and realise?

Not Linus almost leaking the password in the video about being hacked 😂 46:24

Luke: I’m not stuck here with you… you’re stuck in here with me

Dude Luke stepped up lol this is why the two of them worked great together

If this is a clip, than what is a full video? A movie?

Please tell me I am not the only one that thought Linus had a sour gummy worm on his hoodie.

2:18 Undeniable proof Linus is Canadian.

The fact Luke was like "This is Great!" *continues to be awake for over 24 hours* and Linus is woken up at like 3 am, trying everything he can.

Luke is inspirational enough to make me stop listening to this and continue my work
This break has gone on too long

What's the site name for youtube subtitle search at 12:34? I couldn't understand the name.

Happy you got ot resolved this fast, and Linus said it already, but I wish for smaller creates the process could be this smooth as well. i understand YT is corporate so for larger channels it will be faster, but still some channels can't even fix this problem in even a week.

I mean... next to a 5 hour wan shown, 56 minutes is a clip haha haha. LOVE IT!!!!!

Could you guys make a video with a list of suggestions to follow to have a safer experience while using TH-cam as a smaller creator? I know about not opening files that I don't recognise, checking mail addresses, etc, but I'm hearing a lot of methods for high-jacking accounts and I feel that I'm totally outdated every 2 weeks or so.

RIP to all the channels over the last year and in the future that YT will delete AND NOT recover for the owners. Like mine was, Ef YT. I'm glad LTT was able to get recovered, but many channels have not.

I did some 36 hour shifts when I was younger and I absolutely agree with Luke, it can be fantastic if you're doing something that you love and care about.

I feel like a round of bonuses or paying overtime on that work your team did is probably in order. It's awesome to have a team who just rocks up like that, so appreciate them and give some goodies out, they deserve it. And get some rest guys, you can hear the adrenaline shakes in Luke's voice.

its hilarious because you can tell Luke's tired but hes past that "I'm tired" feel and he's just powering through it.

46:24 no damn way you just got hacked, and while talking about it, accidentally show how long your new password is! that is priceless lmao

Was there a presentation/talk about this at LTX 2023?

41:00 the best advertisement for Framework so far

I wished that google/youtube would provide this kind of support to smaller channels and just not to bigger channels. I have seen people who say that they are a week from an event and they are still dealing with it. Took google/youtube less than 24 hours to restore LTT.

i have a question , where does luke work , he works in lmg but he said he dont?

Funny how ar 46:20 he shows a password screen. Mildly ironic

"The Internet exploded"
Sounds like the synopsis of a particularly painful to watch episode of Arrow.

There should be an “unplug the server” option, like they give you a special password, you link it to as many accounts as you want, and when you go to whatever special site it’d be, from absolutely anywhere, then every user is logged out, including whatever device was used to lock down, every thing being done on the account is halted, all access is revoked, except on preauthorised devices, requiring multiple factors, and you can go through your settings, even if it takes 10 minutes to log in and validate, you can be certain absolutely nothing will be done while you’re fixing it.

"That's a way to gain a lot of brownie points ... with me" is my new favourite Luke quote

I cannot find this anymore on LTT - has this been taken offline?

I don't want anything like this to happen again but this WAN show was so fun to watch. I never watch all the way through (sorry) but I sat and watched beginning to end on the first WAN show to ever go into Saturday.

I remember a few other big channels get taken by stealing session tokens last year. How hasn't google fixed this? It seems a massive security flaw and totally undermines MFA confidence.

When it comes to Google and IP tracking, here's what I've noticed:
- I have had to switch up my VPN method because having different IPs for desktop & authentication device created login issues
- Attempts to recover forgotten passwords for old google accounts have failed, even with reset confirmations sent to my phone. I'm not clear if this would be a permanent issue or if it was an unstated cool-off window
- Now vs a year ago Google sends a lot more notifications
- What may impact something like the LTT hack is Google does seems to try to prevent hacks, but VPN use complicates things. Consistent use of one location followed by a sudden login from another can raise suspicions. Conisistent login from various locations makes it difficult to detect suspicious activity. Therefore, it might be better to either use a VPN with a dedicated static IP for all browsing or as an alternative, selectively choose what to access via VPN, especially for sensitive apps like banking. I have accidentally logged into my online banking with my VPN set to an exotic location, and let's just say the next 48 hours weren't pleasant.

I'm with Luke. I love when stuff goes crazy at work. I am in my environment and thriving.

So question, how would you recover from a randsomware attack? What if they gained access to petabyte and the archive and just boom, its all gone? If all machines on the network got compromised.