diff options
Diffstat (limited to 'TODO.md')
| -rw-r--r-- | TODO.md | 6 |
1 files changed, 6 insertions, 0 deletions
@@ -19,6 +19,7 @@ - wkd for pgp - home: rename "Archived Posts..." to "Older Posts" - archive: rename "Archived Posts..." to "Older Posts" +- index with pagefind: (<https://pagefind.app/>, <https://www.tbray.org/ongoing/When/202x/2025/11/01/Blog-Search-Pagefind>) ## linting - replace `<img>` in old posts with `{{< figure >}}` (partial work @@ -145,6 +146,9 @@ <https://blog.tidelift.com/the-state-of-package-signing-across-package-managers> - declarative install (go) rationale: <https://blog.phylum.io/phylum-discovers-dozens-more-pypi-packages-attempting-to-deliver-w4sp-stealer-in-ongoing-supply-chain-attack> + - counterexamples: + - rubygems (arbitrary ruby) + - rust (arbitrary rust in `build.rs`) - typosquatting (see sqo vulns from may email) - starsquatting (requests, phpass): https://medium.com/checkmarx-security/typosquatting-attack-on-requests-one-of-the-most-popular-python-packages-3b0a329a892d - ref: https://kerkour.com/rust-crate-backdoor @@ -238,6 +242,7 @@ - heat pump (pictures/heat-pump-20220930) - <https://insideevs.com/news/509767/tesla-model3-control-arm-fix/> - `curl|bash` is madness + - vulnerable to clickfix: <https://arstechnica.com/security/2025/11/clickfix-may-be-the-biggest-security-threat-your-family-has-never-heard-of/> - gosec vs govulncheck https://github.com/securego/gosec https://www.pixelstech.net/article/1667102060-Secure-Your-Go-Code-With-Vulnerability-Check-Tool @@ -669,6 +674,7 @@ <https://www.jwz.org/blog/2024/06/your-personal-information-is-very-important-to-us/> - <https://arstechnica.com/gadgets/2024/08/nova-launcher-savior-of-cruft-filled-android-phones-is-on-life-support/> - software: <https://www.lawfaremedia.org/article/the-crowdstrike-outage-and-market-driven-brittleness> +- <https://github.com/C2SP/wycheproof> ## done - add project folders |