Lately I’ve been talking a lot about the supply chain risk. You import some software, and are suddenly importing their business model and practices. Well, we’ve just had another ‘shenanigan’ unveiled. And its got some good drama. https://github.com/dominictarr/event-stream/issues/116 In a nutshell …
Supply chain risk: more javascript npm shenanigans, OSS governance Read More »
So most of you will have the Slovak ‘NBU’ on your RSS speed-dial, but I found I was a bit behind on my reading of it. As I was catching up, skcsirt-sa-20170909-pypi caught my eye. In a nutshell, its around …
Pytosquatting, Supply Chain Risk, and the Slovak National Security Bureau Read More »
It finally happened to you. A developer used ‘import A’. A pulled in B, B pulled in C, D. D pulled in E… and somewhere along that chain evil lurked. Now all your bits are belong to l33t hackerz. …
(RSS)|Create Account|Update email pref 
db on Canadian banks still don’t have 2FA. Who are the real criminals here?Do you care? sure. Unless you re broke :) CIDC is good for 100K if your bank goes bankrupt. If
Jayme Snyder on Canadian banks still don’t have 2FA. Who are the real criminals here?Do I care with CIDC and current Canadian banking laws? Also TD's passwords are not case sensitive which means they
Simon Rostron on I yaml’d my network: netplan and the new world orderFreeBSD/BSDs in general have terrific documentation, with the added benefit of the forum post from 5 years ago usually providingJayme Snyder on I yaml’d my network: netplan and the new world orderI've always been a BSD/Solaris/HP-UX at heart for this exact reason... though a fresh egocentric BSD developer doesn't see the
Chris on e-bikes and UPS: no, not reallyI'd advise you not to approach any embassies, security checkpoints, etc, on that. 
