Gdq

Josh and Kurt talk about an attack against PyTorch and NPM. The PyTorch attack shows the difficulty of operating a large open source project. The NPM situation continues to show the difficulty in trying to backdoor open source. Many people are watching, and it only takes one person to notice a problem and report it, and we all benefit. https://traffic.libsyn.com/opensourcesecuritypodcast/Episode_413_PyTorch_and_NPM_get_attacked_but_its_OK.mp3 Show Notes Peanut Butter the dog plays Gyromite The Wizard movie PyTorch supply chain attack npm Package Found Delivering Sophisticated RAT Deceptive Deprecation: The Truth About npm Deprecated Packages Changing a lightbulb Spelunking the Bitcoin Blockchain with Josh Bressers | CypherCon 4.0 Operation Triangulation - What You Get When Attack iPhones of Researchers 9th Annual State of the Software Supply Chain

Josh and Kurt talk about how to think about open source in the context of society. Open source is more like a natural resource than a supplier. It’s common to think of open source projects as delivered to us, but it’s more like acquiring raw materials from the forest. The problem is we’re harvesting the raw materials in an unsustainable manner at the moment. https://traffic.libsyn.com/opensourcesecuritypodcast/Episode_357_Is_open_source_being_overexploited.mp3 Show Notes I am not a supplier Josh’s question about the environment sjvn Gorilla toolkit article Gorilla Web Toolkit Awesome Games Done Quick GeoGuessr Awesome Games Done Quick 2023