Episode 2: Thanksgiving, NPM and Malware in Free Software

Libre Lounge

English - November 30, 2018 21:30 - 32.2 MB - ★★★★ - 3 ratings
Technology Homepage Download Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed

Previous Episode: Episode 1: Corporate control, org-mode, mobile phones and PDAs

Next Episode: Episode 3: Hacker Culture, Past, Belonging and Inclusion

In their second episode, Serge and Chris return from Thanksgiving thinking about malware in Free Software, specifically the NPM bitcoin attack found in event-streamer

Show links:

Software Freedom Conservancy (conservancy)Backdoor in event-stream library dependency (hacker news)The event-stream bug report (github)Statement about the event-stream vulerability (bitpay)npm's statement on the event-stream incident Bug Report on ESLint (github)Malware in Linux kernel (lwn)Don't Download Software from Sourceforge (howtogeek.com)Let's Package jQuery: A Javascript Packaging Dystopian Novella (dustycloud.org)Reflections on Trusting Trust - aka the "Thompson attack" mentioned in the episode, a way of embedding malicious code in a compiler that embeds it into the next compiled version of the compilerZooko's Tweet (twitter)Linus's Law (wikipedia)Ka-Ping Yee's dissertation (zesty.ca)
-Securing EcmaScript, presentation to Node Security (youtube)Mandatory Access Control (wikipedia)SE Linux Project (github)AppArmor (ubuntu)Docker For Development (medium)The Qubes Operating System (qubes)Android Application Sandboxing Chris's talk at Northeastern on December 5th - Chris gave the wrong date in the episode, it's on Wednesday... oops!

Chris mentioned that they changed their org-mode configuration inspired
by the chat from our
first episode
to incorporate a priorities-based workflow.
Maybe you want to look at Chris's updated org-mode configuration!
It looks like so:

;; (c) 2018 by Christopher Lemmer Webber
;; Under GPLv3 or later as published by the FSF

;; We want the lowest and "default" priority to be D. That way
;; when we calculate the agenda, any task that isn't specifically
;; marked with a priority or SCHEDULED/DEADLINE won't show up.
(setq org-default-priority ?D)
(setq org-lowest-priority ?D)

;; Custom agenda dispatch commands which allow you to look at
;; priorities while still being able to see when deadlines, appointments
;; are coming up. Very often you'll just be looking at the A or B tasks,
;; and when you clear off enough of those or have some time you might
;; look also at the C tasks
;;
;; Hit "C-c a" then one of the following key sequences...
;; - a for the A priority items, plus the agenda below it
;; - b for A-B priority items, plus the agenda below it
;; - c for A-C priority items, plus the agenda below it
;; - A for just the agenda
;; - t for just the A-C priority TODOs
(setq org-agenda-custom-commands
'(("a" "Agenda plus A items"
((tags-todo
"+PRIORITY=\"A\""
((org-agenda-sorting-strategy '(priority-down))))
(agenda "")))
("b" "Agenda plus A+B items"
((tags-todo
"+PRIORITY=\"A\"|+PRIORITY=\"B\""
((org-agenda-sorting-strategy '(priority-down))))
(agenda "")))
("c" "Agenda plus A+B+C items"
((tags-todo
"+PRIORITY=\"A\"|+PRIORITY=\"B\"|+PRIORITY=\"C\""
((org-agenda-sorting-strategy '(priority-down))))
(agenda "")))
("A" "Agenda"
((agenda "")))
("t" "Just TODO items"
((tags-todo
"+PRIORITY=\"A\"|+PRIORITY=\"B\"|+PRIORITY=\"C\""
((org-agenda-sorting-strategy '(priority-down))))))))

Twitter Mentions

@zooko