Episode 413 - PyTorch and NPM get attacked, but it's OK

Josh and Kurt talk about an attack against PyTorch and NPM. The PyTorch attack shows the difficulty of trying to operate a large open source project. The NPM problem is one of the difficulty in trying to backdoor open source. A lot of people are watching and it only takes one person to notice a problem and we all benefit.

• Peanut Butter the dog plays Gyromite
• The Wizard movie
• PyTorch supply chain attack
• npm Package Found Delivering Sophisticated RAT
• Deceptive Deprecation: The Truth About npm Deprecated Packages
• Changing a lightbulb
• Spelunking the Bitcoin Blockchain with Josh Bressers | CypherCon 4.0
• Operation Triangulation - What You Get When Attack iPhones of Researchers
• 9th Annual State of the Software Supply Chain