flatmap-stream NPM package backdoor incident
Good twitter thread with background on the incident. 2,000,000 downloads per week, used by many other core libs. It appears the attacker persuaded the (overloaded) legit maintainer to hand over ownership then backdoored the package in order to attack copay-dash, a cryptocurrency wallet app.
(tags: cryptocurrency npm packages open-source twitter flatmap-stream packaging security backdoors)
Antoin O Lachtnain on Twitter regarding GDPR and DNA kits
‘It provides legal protections. But the problem is that those protections may not be practically effective. The other problem is the effect that you, as a consenting adult may have on other people who are related to you but who haven’t consented.’ — useful thread
(tags: gdpr privacy data-protection dna)
-
Declarative Airflow Workflows in YAML, from Etsy