archisgore

NPM/Node.js recently had a clever, yet simple, code injection attack using "dependency confusion" as the vulnerability. I describe the attack as conducted (simulated, really), and a systemic solution Polyverse has been building for the past two years designed to solve specifically this problem.

A recap of the attack, for baseline:

Node dependencies are specified by name and version but not address/location, i.e., {“sorter”: “1.0”, “binary-search”: “2.0”, “polyverse-billing”: 1.0}.

Notice the last one? It’s intended to be Polyverse internal and contains our proprietary (and sensitive) billing code. Obviously it does not exist on npmjs.com, the public upstream node package repository. It instead comes from a private repository hosted by Polyverse.

In a Sequence Diagram, this is how the flow worked before the attack. Pretty straight-forward.

versipellis

Podcasts for Data Science & Stuff

I asked the Twittersphere for data science (& tangentially-related) podcasts recommendations, and got a much bigger response than I expected with some really superb recommendations, so I created a gist with the suggestions I received. They're arranged alphabetically by name below, along with relevant Twitter accounts, links, and names of the hosts (if I could find them).

Shoot me a tweet @bennyjtang if you have more suggestions to add to this list!

Original Twitter thread

Adversarial Learning

• @Adversarial_L
• Andrew Musselman, Joel Grus

jdegoes

Applied Functional Programming with Scala - Notes

Copyright © 2016-2018 Fantasyland Institute of Learning. All rights reserved.

1. Mastering Functions

A function is a mapping from one set, called a domain, to another set, called the codomain. A function associates every element in the domain with exactly one element in the codomain. In Scala, both domain and codomain are types.

val square : Int => Int = x => x * x

paulp

class Bippy(override val toString: String)

trait A            { implicit def lowPriority: Bippy  = new Bippy("A") }
object B extends A { implicit def highPriority: Bippy = new Bippy("B") }
object C           { implicit def highPriority: Bippy = new Bippy("C") }

object Test {
  def main(args: Array[String]): Unit = {
    import B._, C._
    println( implicitly[Bippy] ) // Prints: A

stephenparish

Commit Message Conventions

These rules are adopted from the AngularJS commit conventions.

• Goals
• Generating CHANGELOG.md
  • Recognizing unimportant commits
  • Provide more information when browsing the history
• Format of the commit message
• Subject line

jsanders

extern crate bignum;
extern crate time;

use std::rand::task_rng;
use std::iter::{count,range_step_inclusive};
use std::num::{Zero,One};
use bignum::{BigUint,RandBigInt,ToBigUint};

// Find all prime numbers less than n
fn small_primes(bound: uint) -> ~[uint] {

korczis

// dot.exe -T svg -o architecture.svg architecture.dot

digraph architecture {
	// Render chart with left to right layout
	rankdir="LR";

	// AMQP communication node
	amqp [label="AMQP",shape=box,fillcolor="burlywood",style="filled"]; 

	// Clients

dypsilon

Backend Development

• node.js
  • Installation paths: use one of these techniques to install node and npm without having to sudo.
  • Node.js HOWTO: Install Node+NPM as user (not root) under Unix OSes
  • Felix's Node.js Guide
  • Creating a REST API using Node.js, Express, and MongoDB
  • Node Cellar Sample Application with Backbone.js, Twitter Bootstrap, Node.js, Express, and MongoDB
  • JavaScript Event Loop
• Node.js for PHP programmers

rmacfie

public static class CryptographyExtensions
{
	/// <summary>
	/// 	Calculates the MD5 hash for the given string.
	/// </summary>
	/// <returns>A 32 char long MD5 hash.</returns>
	public static string GetHashMd5(this string input)
	{
		return ComputeHash(input, new MD5CryptoServiceProvider());
	}