![Libre Lounge artwork](https://is1-ssl.mzstatic.com/image/thumb/Podcasts113/v4/18/ad/e4/18ade4d5-b95f-b392-3255-a72485e33fb9/mza_9172664156482336811.png/100x100bb.jpg)
Episode 2: Thanksgiving, NPM and Malware in Free Software
Libre Lounge
English - November 30, 2018 21:30 - 32.2 MB - ★★★★ - 3 ratingsTechnology Homepage Download Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
In their second episode, Serge and Chris return from Thanksgiving thinking about malware in Free Software, specifically the NPM bitcoin attack found in event-streamer
Show links:
Software Freedom Conservancy (conservancy)Backdoor in event-stream library dependency (hacker news)The event-stream bug report (github)Statement about the event-stream vulerability (bitpay)npm's statement on the event-stream incidentBug Report on ESLint (github)Malware in Linux kernel (lwn)Don't Download Software from Sourceforge (howtogeek.com)Let's Package jQuery: A Javascript Packaging Dystopian Novella (dustycloud.org)Reflections on Trusting Trust - aka the "Thompson attack" mentioned in the episode, a way of embedding malicious code in a compiler that embeds it into the next compiled version of the compilerZooko's Tweet (twitter)Linus's Law (wikipedia)Ka-Ping Yee's dissertation (zesty.ca)-Securing EcmaScript, presentation to Node Security (youtube)Mandatory Access Control (wikipedia)SE Linux Project (github)AppArmor (ubuntu)Docker For Development (medium)The Qubes Operating System (qubes)Android Application SandboxingChris's talk at Northeastern on December 5th - Chris gave the wrong date in the episode, it's on Wednesday... oops!
Chris mentioned that they changed their org-mode configuration inspired
by the chat from our
first episode
to incorporate a priorities-based workflow.
Maybe you want to look at Chris's updated org-mode configuration!
It looks like so:
;; Under GPLv3 or later as published by the FSF
;; We want the lowest and "default" priority to be D. That way
;; when we calculate the agenda, any task that isn't specifically
;; marked with a priority or SCHEDULED/DEADLINE won't show up.
(setq org-default-priority ?D)
(setq org-lowest-priority ?D)
;; Custom agenda dispatch commands which allow you to look at
;; priorities while still being able to see when deadlines, appointments
;; are coming up. Very often you'll just be looking at the A or B tasks,
;; and when you clear off enough of those or have some time you might
;; look also at the C tasks
;;
;; Hit "C-c a" then one of the following key sequences...
;; - a for the A priority items, plus the agenda below it
;; - b for A-B priority items, plus the agenda below it
;; - c for A-C priority items, plus the agenda below it
;; - A for just the agenda
;; - t for just the A-C priority TODOs
(setq org-agenda-custom-commands
'(("a" "Agenda plus A items"
((tags-todo
"+PRIORITY=\"A\""
((org-agenda-sorting-strategy '(priority-down))))
(agenda "")))
("b" "Agenda plus A+B items"
((tags-todo
"+PRIORITY=\"A\"|+PRIORITY=\"B\""
((org-agenda-sorting-strategy '(priority-down))))
(agenda "")))
("c" "Agenda plus A+B+C items"
((tags-todo
"+PRIORITY=\"A\"|+PRIORITY=\"B\"|+PRIORITY=\"C\""
((org-agenda-sorting-strategy '(priority-down))))
(agenda "")))
("A" "Agenda"
((agenda "")))
("t" "Just TODO items"
((tags-todo
"+PRIORITY=\"A\"|+PRIORITY=\"B\"|+PRIORITY=\"C\""
((org-agenda-sorting-strategy '(priority-down))))))))