Libre Lounge

Episode 2: Thanksgiving, NPM and Malware in Free Software

Listen Later

In their second episode, Serge and Chris return from Thanksgiving thinking about malware in Free Software, specifically the NPM bitcoin attack found in event-streamer

Show links:

  • Software Freedom Conservancy (conservancy)
  • Backdoor in event-stream library dependency (hacker news)
  • The event-stream bug report (github)
  • Statement about the event-stream vulerability (bitpay)
  • npm's statement on the event-stream incident
  • Bug Report on ESLint (github)
  • Malware in Linux kernel (lwn)
  • Don't Download Software from Sourceforge (howtogeek.com)
  • Let's Package jQuery: A Javascript Packaging Dystopian Novella (dustycloud.org)
  • Reflections on Trusting Trust - aka the "Thompson attack" mentioned in the episode, a way of embedding malicious code in a compiler that embeds it into the next compiled version of the compiler
  • Zooko's Tweet (twitter)
  • Linus's Law (wikipedia)
  • Ka-Ping Yee's dissertation (zesty.ca)
-Securing EcmaScript, presentation to Node Security (youtube)
  • Mandatory Access Control (wikipedia)
  • SE Linux Project (github)
  • AppArmor (ubuntu)
  • Docker For Development (medium)
  • The Qubes Operating System (qubes)
  • Android Application Sandboxing
  • Chris's talk at Northeastern on December 5th - Chris gave the wrong date in the episode, it's on Wednesday... oops!

    • Chris mentioned that they changed their org-mode configuration inspired

    by the chat from our
    first episode
    to incorporate a priorities-based workflow.
    Maybe you want to look at Chris's updated org-mode configuration!
    It looks like so:

    ;; (c) 2018 by Christopher Lemmer Webber
    ;; Under GPLv3 or later as published by the FSF
    ;; We want the lowest and "default" priority to be D. That way
    ;; when we calculate the agenda, any task that isn't specifically
    ;; marked with a priority or SCHEDULED/DEADLINE won't show up.
    (setq org-default-priority ?D)
    (setq org-lowest-priority ?D)
    ;; Custom agenda dispatch commands which allow you to look at
    ;; priorities while still being able to see when deadlines, appointments
    ;; are coming up. Very often you'll just be looking at the A or B tasks,
    ;; and when you clear off enough of those or have some time you might
    ;; look also at the C tasks
    ;;
    ;; Hit "C-c a" then one of the following key sequences...
    ;; - a for the A priority items, plus the agenda below it
    ;; - b for A-B priority items, plus the agenda below it
    ;; - c for A-C priority items, plus the agenda below it
    ;; - A for just the agenda
    ;; - t for just the A-C priority TODOs
    (setq org-agenda-custom-commands
    '(("a" "Agenda plus A items"
    ((tags-todo
    "+PRIORITY=\"A\""
    ((org-agenda-sorting-strategy '(priority-down))))
    (agenda "")))
    ("b" "Agenda plus A+B items"
    ((tags-todo
    "+PRIORITY=\"A\"|+PRIORITY=\"B\""
    ((org-agenda-sorting-strategy '(priority-down))))
    (agenda "")))
    ("c" "Agenda plus A+B+C items"
    ((tags-todo
    "+PRIORITY=\"A\"|+PRIORITY=\"B\"|+PRIORITY=\"C\""
    ((org-agenda-sorting-strategy '(priority-down))))
    (agenda "")))
    ("A" "Agenda"
    ((agenda "")))
    ("t" "Just TODO items"
    ((tags-todo
    "+PRIORITY=\"A\"|+PRIORITY=\"B\"|+PRIORITY=\"C\""
    ((org-agenda-sorting-strategy '(priority-down))))))))
    ...more
    View all episodesView all episodes
    Download on the App Store
    Libre LoungeBy Libre Lounge
    • 4.3
    • 4.3
    • 4.3
    • 4.3
    • 4.3

    4.3

    4 ratings