Python Bytes is a weekly podcast hosted by Michael Kennedy and Brian Okken. The show is a short discussion on the headlines and noteworthy news in the Python, developer, and data science space.
#309 When Malware PoC's are Themselves Malware
November 09, 2022
00:35:01
30.09 MB
Downloads: 0
Watch the live stream:
Watch on YouTubeAbout the show
Sponsored by Microsoft for Startups Founders Hub.
Michael: #0: Python Bytes is 6 years old this week. Thank you! 🎉
Michael #1: Malicious proof-of-concepts are exposing GitHub users to malware and more
- The paper
- They found that of the 47,313 GitHub repositories they had downloaded and checked, 4,893 (10.3%) were malicious.
- In some the attackers were trying to plant malware on users’ machines, while in others, they tried to open backdoors using CobaltStrike, for example
- Ignoring this problem can cause damage that ranges from infecting yourself as [a] user, to infecting your company and likely your customers as well if it’s a more sophisticated attack,” El Yadmani warned.
- Languages
- Ruby 379
- Go 400
- JavaScript 548
- Shell 652
- C++ 962
- Java 1071
- C 1686
- Python 8305
- Undetected 31858
- Example Python exfile script included in the paper
Brian #2: The great Mastodon experiment
- Context should be obvious re Twitter news.
- A lot of Python people have kept in touch via Twitter.
- A lot are now experimenting with Mastadon,
- What I did
- asked Twitter people which server to use, then just picked fosstodon.org, but there are many servers
- This is me: @brianokken@fosstodon.org
- Michael got in too: https://fosstodon.org/@mkennedy
- just started using it, following people, trying iOS clients, etc.
- Now I’m ready for some tutorials, and here’s a list that looks decent:
- An Increasingly Less-Brief Guide to Mastodon
- Everything I know about Mastodon
- A hastily written guide for data science folks trying to navigate the fediverse.
- Mastodon is just blogs - Simon Willison is running his own server.
- Eight Mastodon apps for iPhone - I’m currently trying like 4, but you can also just log into your sever and do everything there.
- Fedi.Tips and their Beginners Start Here page
Michael #3: Gitpod and the traveling dev
- Gitpod is an open-source Kubernetes application for ready-to-code developer environments that spins up fresh, automated dev environments for each task, in the cloud, in seconds.
- Gitpod is paid, but there are decent free tiers
- Features
- Run a desktop or browser based version of VS Code or any JetBrains IDE and customise it to your individual needs - from themes to extensions, you have full control.
Brian #4: Color in the terminal
- pytest-check currently doesn’t use color
- but a little red for failures would be good (and was requested via an issue)
- I could use rich, but maybe that’s a slightly larger hammer than I need for this job
- Maybe raw escape sequences like
print('\033[31m' + 'some red text')
- kinda gross
- won’t work out of the box on Windows.
- But colorama can fix Windows.
- It just recently added
just_fix_windows_console()
, which apparently works better thaninit()
in that it can be called multiple times without blowing up. - Includes easier to read codes for some basic colors, so this works:
from colorama import just_fix_windows_console from colorama import Fore, Style just_fix_windows_console() print(Fore.RED + 'some red text') print(Style.RESET_ALL) print('back to normal now')
- It just recently added
Extras
Brian:
- Simon Willison wrote What to blog about, which includes
- TIL (today I learned) posts that don’t need to be full tutorials
- Projects you’ve built
- I’d like to include
- Projects in progress
- Bug fixes or feature additions where you needed to learn a bit of something beforehand
- Example: I should write up “Adding red to pytest-check”
Michael:
- Beanie reorg: There is no sync version here more. Please use Bunnet instead
- https://twitter.com/nicholdav/status/1589643652598759424 ?
- PyCon Days Breakdown
- Been playing with GeForce now, really impressive. Meanwhile, why is google still selling stadia?
- New video: A Walrus Meets a Python - What is the := Walrus Operator?
- New video: Python GC Settings - Change This and Go 20% Faster!
Joke:
- Relaxation
- Relax to it on YouTube: youtube.com