Posts - Page 4

In Django models, it’s easy to customize the queryset that’s returned by a model manager. Say that you’re working on a blog, and you have a model that looks something like this:

I’ve been thinking a lot about engineering values and principles lately, and one that keeps popping up is “use the right tool for the job”. I don’t think it’s a very good principle.

Today, GitHub published a write-up on a number of CVEs¹ in the npm packages tar and @npmcli/arborist. In their own words,

In 1984 the co-inventor of Unix, Ken Thompson, delivered a seminal speech in which he highlighted that you can’t trust code that you did not totally create yourself ¹. For a while, this lesson was largely ignored as open-source package registries like RubyGems, PyPI and npm grew rapidly. However, as we’re seeing more and more supply-chain attacks through software dependencies, the risks of using unvetted dependencies are becoming clearer.

Routing attacks on Tor occur when an adversary attempts to influence the route a Tor circuit takes in order to improve their chances of intercepting traffic. In January of this year, I wrote a literature review on this topic that I’m sharing here: PDF link.