Zenable.io

Thank you to everyone who came out to the sign language crash course yesterday at Cloud Native Computing Foundation (CNCF) KubeCon ?? We had so many people we couldn't fit them all in! Great job by the organizers and D/HH members Rob Koch Sandeep Kanabar Destiny O'Connor Jay Jackson Milad V. Andrew Davis Hazel Weakly Travis Johnson Alfonso Balderas Torres Steven Copley Victor Prechtel And thank you to everyone who joined the prior session to ask questions and see how we can all work together to make open source more accessible; really incredible conversation Keep posted for another session ?? in London #accessibility #deaf #hardofhearing

HUGE kudos to JFrog for saving the entire Python Software Foundation ecosystem from a massive compromise. They found "a GitHub PAT that provided access to the entire Python infrastructure" What was the mistake that caused this? From the blog: It seems that the original author – 1. Briefly added the authorization token to their source code 2. Ran the source code (Python script), which got compiled into a .pyc binary with the auth token 3. Removed the authorization token from the source code, but didn’t clean the .pyc 4. Pushed both the clean source code and the unclean .pyc binary into the docker image Let's take it a step further - how can you prevent this? 1. Don't copy .pyc files into your docker container. You can do this with a .dockerignore file which contains *.pyc, so even if you do write a COPY statement, the .pyc files are automatically excluded. 2. Set the env var PYTHONDONTWRITEBYTECODE=1 . This will ensure that .pyc files aren't created in the first place. This can be done both on hosts and in containers. Of course, there are other approaches to detect - like JFrog describes in their post, they have a secret scanning / static analysis solution, as do many other vendors in the space. #python #docker #supplychainsecurity

When AI tools give me a really good answer, I have this urge to thank them just like I would thank a teammate. I've done similar things with voice-activated assistants like Google Home or Alexa. In fact, I wish there was a 'manners' mode which required it. Otherwise, I'm concerned we may slowly erode our capacity for kindness towards each other (AIs and humans alike). Random thought: Is this the new Turing test? ?? Either way, thank you Perplexity, ChatGPT, and LLaMA. You have been very helpful to me this week.