Episode 361: JSJ 357: Event-Stream & Package Vulnerabilities with Richard Feldman and Hillel Wayne
JavaScript Jabber
English - March 26, 2019 10:00 - 1 hour - 80.6 MB - ★★★★★ - 241 ratingsHow To Education News Tech News javascript programming browser internet web programmer developer framework front end node Homepage Download Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Sponsors
Triplebyte
Sentry use the code “devchat” for $100 credit
Clubhouse
CacheFly
Panel
Aaron Frost
AJ O’Neal
Chris Ferdinandi
Joe Eames
Aimee Knight
Charles Max Wood
Joined by special guests: Hillel Wayne and Richard Feldman
Episode Summary
In this episode of JavaScript Jabber, Hillel Wayne kicks off the podcast by giving a short background about his work, explains the concepts of formal methods and the popular npm package - event-stream, in brief. The panelists then dive into the recent event-stream attack and discuss it at length, focusing on different package managers and their vulnerabilities, as well as the security issues associated with them. They debate on whether paying open source developers for their work, thereby leading to an increase in contribution, would eventually help in improving security or not. They finally talk about what can be done to fix certain dependencies and susceptibilities to prevent further attacks and if there are any solutions that can make things both convenient and secure for users.
Links
STAMP model in accident investigation
Hillel’s Twitter
Hillel’s website
Richard’s Twitter
Stamping on Event-Stream
Picks
Joe Eames:
Aimee Knight:
SRE book - Google
Lululemon leggings
DVSR - Band
Aaron Frost:
Chris Ferdinandi:
Paws New England
Vanilla JS Guides
Charles Max Wood:
Sony Noise Cancelling Headphones
KSL Classifieds
Upwork
Richard Feldman:
Elm in Action
Sentinels of the Multiverse
Hillel Wayne:
Elm in the Spring
Practical TLA+
Nina Chicago - Knitting
Tomb Trader
Special Guests: Hillel Wayne and Richard Feldman.
Sponsors
Triplebyte
Sentry use the code “devchat” for $100 credit
Clubhouse
CacheFly
Panel
Aaron Frost
AJ O’Neal
Chris Ferdinandi
Joe Eames
Aimee Knight
Charles Max Wood
Joined by special guests: Hillel Wayne and Richard Feldman
Episode Summary
In this episode of JavaScript Jabber, Hillel Wayne kicks off the podcast by giving a short background about his work, explains the concepts of formal methods and the popular npm package - event-stream, in brief. The panelists then dive into the recent event-stream attack and discuss it at length, focusing on different package managers and their vulnerabilities, as well as the security issues associated with them. They debate on whether paying open source developers for their work, thereby leading to an increase in contribution, would eventually help in improving security or not. They finally talk about what can be done to fix certain dependencies and susceptibilities to prevent further attacks and if there are any solutions that can make things both convenient and secure for users.
Links
STAMP model in accident investigation
Hillel’s Twitter
Hillel’s website
Richard’s Twitter
Stamping on Event-Stream
Picks
Joe Eames:
Aimee Knight:
SRE book - Google
Lululemon leggings
DVSR - Band
Aaron Frost:
Chris Ferdinandi:
Paws New England
Vanilla JS Guides
Charles Max Wood:
Sony Noise Cancelling Headphones
KSL Classifieds
Upwork
Richard Feldman:
Elm in Action
Sentinels of the Multiverse
Hillel Wayne:
Elm in the Spring
Practical TLA+
Nina Chicago - Knitting
Tomb Trader
Special Guests: Hillel Wayne and Richard Feldman.