Over the past five years open-source software, web development, and JavaScript have gone through quite a change. While not a new attack technique, targeted supply-chain attacks are proving to be effective when applied in new ways, specifically within these spaces. Before discussing the individual incidents it's worthwhile to understand why tools like NPM (Node Package Manager from npm, Inc.) and GitHub are becoming commonplace.
It works! Well, sorta...I've been working on my CPAT project for a while now. Quite honestly, I've grown tired of looking at ideas instead of code. So, I felt I needed to push for the inflection point where it was either proven, or failed in spectacular over-ambition.
I threw this on Twitter pretty quickly when it happened. Now that I've sat on it for a little bit I think it deserves a longer post here. Schema changes in Cockroach DB are distributed by design--the same as the data. This is inherently difficult to maintain.
I recently needed to automate metagoofil searches using Python, and thought I'd share the "proof of concept" script that got it working. I'll apologize ahead of time for any errors--I'm still only just beginning to learn Python.
My biggest problem so far has been myself. My ideas for this project take it into being something huge. Here's the hard work that often stumps me: relishing in those ideas; writing them down; and reigning the scope back into actionable items. Items that are actionable and reasonable for working in the evenings. That is tough.