I was talking to my manager the other day, discussing the languages we are using at $dayjob. He kind of offhandedly said that he thinks TypeScript is a temporary fad and soon everything will go back to using JavaScript. He doesn’t like that it’s made by Microsoft either....
A whitelisting application has a list of what it knows it bad AND what it knows in advance to be good.
How would it know this? Is this defined by a person/people? If so, that wouldn’t have mattered. liblzma was known in advance to be good, then the malicious update was added, and people still presumed that it was good.
This wasn’t a case of some random package/program wreaking havoc. It was trusted malicious code.
Also, you’re asking for an antivirus that uploads and uses a sandbox to analyze ALL packages. Good luck with that. (AVs would probably have a hard time detecting malicious build actions, anyways).
It’s crazy how they pressured/manipulated the maintainer. Especially fucked up considering he wasn’t in a good mental state and was still helping the community by maintaining FOSS software.
Performance Imprulevement Plan (sh.itjust.works)
Is TypeScript a fad or is my manager delusional?
I was talking to my manager the other day, discussing the languages we are using at $dayjob. He kind of offhandedly said that he thinks TypeScript is a temporary fad and soon everything will go back to using JavaScript. He doesn’t like that it’s made by Microsoft either....
XZ backdoor in a nutshell (lemmy.zip)
What we know about the xz Utils backdoor that almost infected the world (arstechnica.com)
How to stop one chicken from bullying the rest?
I have 5 hens and 1 hen is bullying all of the other chickens. What are some ways I can prevent this?