Sign up to save your podcasts
Or
Share The insider perspective on the event-stream compromise (Changelog Interviews #326)
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
The insider perspective on the event-stream compromise (Changelog Interviews #326)
Adam and Jerod talk with Dominic Tarr, creator of event-stream, the IO library that made recent news as the latest malicious package in the npm registry. event-stream was turned malware, designed to target a very specific development environment and harvest account details and private keys from Bitcoin accounts.
They talk through Dominic’s backstory as a prolific contributor to open source, his stance on this package, his work in open source, the sequence of events around the hack, how we can and should handle maintainer-ship of open source infrastructure over the full life-cycle of the code’s usefulness, and what some best practices are for moving forward from this kind of attack.
Join the discussion
Changelog++ members support our work, get closer to the metal, and make the ads disappear. Join today!
Sponsors:
- Rollbar – We catch our errors before our users do because of Rollbar. Resolve errors in minutes, and deploy your code with confidence. Learn more at rollbar.com/changelog.
Featuring:
- Dominic Tarr – Website, GitHub, X
- Adam Stacoviak – Website, GitHub, LinkedIn, Mastodon, X
- Jerod Santo – Website, GitHub, LinkedIn, Mastodon, X
Show Notes:
Something missing or broken? PRs welcome!
View all episodes
By Changelog Media
4.4
2929 ratings
Adam and Jerod talk with Dominic Tarr, creator of event-stream, the IO library that made recent news as the latest malicious package in the npm registry. event-stream was turned malware, designed to target a very specific development environment and harvest account details and private keys from Bitcoin accounts.
They talk through Dominic’s backstory as a prolific contributor to open source, his stance on this package, his work in open source, the sequence of events around the hack, how we can and should handle maintainer-ship of open source infrastructure over the full life-cycle of the code’s usefulness, and what some best practices are for moving forward from this kind of attack.
Join the discussion
Changelog++ members support our work, get closer to the metal, and make the ads disappear. Join today!
Sponsors:
- Rollbar – We catch our errors before our users do because of Rollbar. Resolve errors in minutes, and deploy your code with confidence. Learn more at rollbar.com/changelog.
Featuring:
- Dominic Tarr – Website, GitHub, X
- Adam Stacoviak – Website, GitHub, LinkedIn, Mastodon, X
- Jerod Santo – Website, GitHub, LinkedIn, Mastodon, X
Show Notes:
Something missing or broken? PRs welcome!
More shows like Changelog Master Feed
View all
Software Engineering Radio - the podcast for professional software developers
275 Listeners
Hanselminutes with Scott Hanselman
379 Listeners
The Changelog: Software Development, Open Source
288 Listeners
Software Engineering Daily
624 Listeners
Talk Python To Me
583 Listeners
Soft Skills Engineering
290 Listeners
Thoughtworks Technology Podcast
43 Listeners
The TWIML AI Podcast (formerly This Week in Machine Learning & Artificial Intelligence)
436 Listeners
Syntax - Tasty Web Development Treats
982 Listeners
CoRecursive: Coding Stories
188 Listeners
Kubernetes Podcast from Google
181 Listeners
Practical AI
208 Listeners
The Stack Overflow Podcast
62 Listeners
Big Technology Podcast
507 Listeners
Oxide and Friends
65 Listeners