Many open source projects attain a level of "maturity" where no one really needs any new features and there aren't a lot of new bugs being found, and the contributors to these projects dwindle, often to a single maintainer who is generally grateful for developers who take an interest in these older projects and offer to share the choresome, intermittent work of keeping the projects alive.
Ironically, these are often projects with millions of users, who trust them specifically because of their stolid, unexciting maturity.
This presents a scary social-engineering vector for malware: A malicious person volunteers to help maintain the project, makes some small, positive contributions, gets commit access to the project, and releases a malicious patch, infecting millions of users and apps.
This is apparently what happened to event-stream, a widely used tool that was compromised by a crypto-currency stealing attacker who gained commit access, poisoned an update, and then locked the project's owner out.
I don't know what to say. #116 [Dominic Tarr/Github]
I'm coming to Halifax to give the closing keynote on day one of Atlseccon on April 24th: it's only my second-ever visit to the city and the first time I've given a talk there, so I really hope you can make it!
Back in 2017, the Norwegian Consumer Council published a damning report on the privacy leaks from kids' "smart watches," a parade of horrors that included allowing unauthorized third parties to trace your kid's location, and also to covertly eavesdrop through the watches' microphones and bark creepy orders at them through their speakers.
The digital age is well and truly upon us, but let’s not forget there’s a load of free TV content floating literally over our heads. No, we’re not talking about the internet. Signals from major broadcast networks are still gratis for anyone who can pick them up with an antenna. And before you envision those […]
Who said LEGO® had to be ground bound? With The Force Flyers DIY Building Block Fly ‘n Drive Drone, you can turn LEGO® and other building-block creations into fully-functional flying machines. It’s available now in the Boing Boing Store for $39.99. This kit comes with everything you need for remote-controlled long distance flight, including a […]
When businesses need big cloud projects done right, they need experts in DevOps. For the uninitiated, that’s shorthand for the framework that allows development and operations teams to work together toward the same goal – not as independent departments with their own agendas. There’s an arsenal of software that has cropped up to help in […]