1 00:00:00,000 --> 00:00:05,910 Right, 2 00:00:02,830 --> 00:00:05,910 [Music] 3 00:00:10,719 --> 00:00:17,520 welcome back everyone. It is my great 4 00:00:13,599 --> 00:00:20,320 pleasure to introduce Tim and Nikki who 5 00:00:17,520 --> 00:00:22,640 will be talking to us about myths about 6 00:00:20,320 --> 00:00:24,240 open source security that developers 7 00:00:22,640 --> 00:00:28,359 believe. 8 00:00:24,240 --> 00:00:28,359 For now, a warm welcome. 9 00:00:32,320 --> 00:00:37,280 Good day everyone. Welcome to our talk 10 00:00:34,559 --> 00:00:39,520 about a few myths, just a few that open 11 00:00:37,280 --> 00:00:41,760 source developers believe brackets for 12 00:00:39,520 --> 00:00:42,399 now. I'm Nikki. I'm a product manager at 13 00:00:41,760 --> 00:00:43,920 Google. 14 00:00:42,399 --> 00:00:44,320 I'm Tim. I'm a software engineer at 15 00:00:43,920 --> 00:00:46,239 Google. 16 00:00:44,320 --> 00:00:50,879 And we work on open source dependency 17 00:00:46,239 --> 00:00:52,800 analysis in the coolest team, uh, Ghost, 18 00:00:50,879 --> 00:00:54,239 the Google open source security team. 19 00:00:52,800 --> 00:00:56,160 And yes, we have stickers. Come get us 20 00:00:54,239 --> 00:00:58,320 later. Um, so we're going to run through 21 00:00:56,160 --> 00:01:01,359 a bunch of myths. uh that we have 22 00:00:58,320 --> 00:01:02,879 ourselves previously held uh and that 23 00:01:01,359 --> 00:01:05,280 when we're chatting to folks about uh 24 00:01:02,879 --> 00:01:07,680 about open source um that they might 25 00:01:05,280 --> 00:01:10,479 think that's right where the 26 00:01:07,680 --> 00:01:13,439 ghostbusters ghost myth bust. Yeah, I'm 27 00:01:10,479 --> 00:01:16,640 sorry. Okay. Um so myth number one, 28 00:01:13,439 --> 00:01:18,720 installing Python packages is easy and 29 00:01:16,640 --> 00:01:21,360 safe. All right, let's start with the 30 00:01:18,720 --> 00:01:23,280 easy X I You're in the right room. Uh 31 00:01:21,360 --> 00:01:25,920 the easy part. Okay, look. Yeah, that 32 00:01:23,280 --> 00:01:27,920 Okay, that I think easy is correct. Nice 33 00:01:25,920 --> 00:01:30,560 work, US. We're halfway there, at least 34 00:01:27,920 --> 00:01:33,759 in Python. Um, but actually, it's pretty 35 00:01:30,560 --> 00:01:36,240 true of most ecosystems. We're good 36 00:01:33,759 --> 00:01:40,079 here. All right. How about the safe part 37 00:01:36,240 --> 00:01:42,240 of our hypothesis? Like so many things 38 00:01:40,079 --> 00:01:46,159 uh with dependencies, the answer is, of 39 00:01:42,240 --> 00:01:48,720 course, it depends. Um, it depends on 40 00:01:46,159 --> 00:01:51,520 what that thing that we just installed 41 00:01:48,720 --> 00:01:54,320 was and what it contained. uh what you 42 00:01:51,520 --> 00:01:56,560 ended up installing as a free fun bonus 43 00:01:54,320 --> 00:01:59,280 thrown in those transitive dependency 44 00:01:56,560 --> 00:02:02,159 steak knives. 45 00:01:59,280 --> 00:02:04,399 We interrupt this talk for a brief 46 00:02:02,159 --> 00:02:06,960 public safety reminder. It's a beautiful 47 00:02:04,399 --> 00:02:08,720 autumn day. You're in the office. You've 48 00:02:06,960 --> 00:02:11,760 just returned from a meeting when you 49 00:02:08,720 --> 00:02:14,800 notice a USB stick abandoned on the 50 00:02:11,760 --> 00:02:16,640 floor. You look at it. You look at your 51 00:02:14,800 --> 00:02:18,959 laptop. 52 00:02:16,640 --> 00:02:22,640 You leave it untouched. some mysteries 53 00:02:18,959 --> 00:02:25,200 you think weren't meant to be answered. 54 00:02:22,640 --> 00:02:27,280 Okay, pop quiz. Um, what's the 55 00:02:25,200 --> 00:02:29,120 difference between these two things? One 56 00:02:27,280 --> 00:02:31,520 is plugging in a mystery USB stick and 57 00:02:29,120 --> 00:02:33,840 the other is running npm install on a 58 00:02:31,520 --> 00:02:37,920 package. Well, they do have a few 59 00:02:33,840 --> 00:02:41,040 similarities, but actually npm install 60 00:02:37,920 --> 00:02:43,519 gets run potentially as root in your 61 00:02:41,040 --> 00:02:47,360 data center whereas a thumb drive is 62 00:02:43,519 --> 00:02:50,160 just on one developer machine. 63 00:02:47,360 --> 00:02:53,040 Okay, so there have been a few bigname 64 00:02:50,160 --> 00:02:56,319 supply chain attacks over the last few 65 00:02:53,040 --> 00:03:00,720 years uh and lots more that you might 66 00:02:56,319 --> 00:03:03,680 not have heard about. Um in fact just so 67 00:03:00,720 --> 00:03:06,239 so in a few days ago I felt compelled to 68 00:03:03,680 --> 00:03:10,159 update these slides uh with another 69 00:03:06,239 --> 00:03:13,040 headline and another clarification. 70 00:03:10,159 --> 00:03:16,319 Um so 71 00:03:13,040 --> 00:03:18,080 so how risky is it? Um, you can think of 72 00:03:16,319 --> 00:03:20,239 risk in two different dimensions. There 73 00:03:18,080 --> 00:03:22,800 there's the risk of the package itself, 74 00:03:20,239 --> 00:03:24,800 but also how many packages there are. 75 00:03:22,800 --> 00:03:29,120 So, first off, how many? Well, there's 76 00:03:24,800 --> 00:03:31,599 somewhere between zero and a lot. Uh, 77 00:03:29,120 --> 00:03:34,720 how many free as in puppies, transitive 78 00:03:31,599 --> 00:03:36,080 dependencies are we getting? Well, I 79 00:03:34,720 --> 00:03:37,920 don't know. It's hard to say, but on 80 00:03:36,080 --> 00:03:40,560 average, well, there are lots of 81 00:03:37,920 --> 00:03:43,519 different ways to measure average. And 82 00:03:40,560 --> 00:03:46,480 honestly, all of the ways that we tried 83 00:03:43,519 --> 00:03:49,200 for average ended up with the answer, it 84 00:03:46,480 --> 00:03:53,040 depends, but kind of a lot in some 85 00:03:49,200 --> 00:03:55,200 ecosystems more than others. Um, okay. 86 00:03:53,040 --> 00:03:59,760 So, how risky is that dependency? And 87 00:03:55,200 --> 00:04:01,519 again, it depends. One aspect of risk, I 88 00:03:59,760 --> 00:04:04,480 should take this moment to say most of 89 00:04:01,519 --> 00:04:05,840 these images are from emoji kitchen. I I 90 00:04:04,480 --> 00:04:07,200 I was going to mention that at the end 91 00:04:05,840 --> 00:04:09,680 of the talk because now we just lost our 92 00:04:07,200 --> 00:04:12,080 audience. That's fine. But um how how 93 00:04:09,680 --> 00:04:14,560 risky is this package? What is the 94 00:04:12,080 --> 00:04:16,239 impact? If the risk occurred, what's the 95 00:04:14,560 --> 00:04:17,919 probability of it happening? And what's 96 00:04:16,239 --> 00:04:20,239 the impact of it happening? And there 97 00:04:17,919 --> 00:04:22,960 are lots of dimensions to this risk. Is 98 00:04:20,239 --> 00:04:24,720 it malware? Sure. But also, do the 99 00:04:22,960 --> 00:04:26,160 maintainers follow best security 100 00:04:24,720 --> 00:04:27,680 practice or are they burnt out and 101 00:04:26,160 --> 00:04:30,320 susceptible to sock puppet social 102 00:04:27,680 --> 00:04:32,560 engineering attacks? If there are bugs, 103 00:04:30,320 --> 00:04:35,280 are they or security concerns, are they 104 00:04:32,560 --> 00:04:37,759 apt and ideally remediated or is the 105 00:04:35,280 --> 00:04:40,080 package abandoned? Is the package just 106 00:04:37,759 --> 00:04:42,160 new? No one really knows. Maybe it's a 107 00:04:40,080 --> 00:04:43,919 typo squatting attempt. Is it a package 108 00:04:42,160 --> 00:04:46,080 with a solid history, but also with 109 00:04:43,919 --> 00:04:48,880 leaked or fished credentials? The 110 00:04:46,080 --> 00:04:51,120 package is available right now, but will 111 00:04:48,880 --> 00:04:52,960 it be next week? And is there an 112 00:04:51,120 --> 00:04:55,360 attestation available so you can be sure 113 00:04:52,960 --> 00:04:58,240 it's the same package that you think 114 00:04:55,360 --> 00:05:01,440 that it really should be. Some of these 115 00:04:58,240 --> 00:05:04,320 risks change based on the ecosystem. 116 00:05:01,440 --> 00:05:06,240 Packages. Package managers here uh can 117 00:05:04,320 --> 00:05:07,840 be a great help. Shout out to Pippi for 118 00:05:06,240 --> 00:05:11,039 being absolutely on the ball with some 119 00:05:07,840 --> 00:05:14,240 great security features and some others 120 00:05:11,039 --> 00:05:18,479 you can protect against yourself when 121 00:05:14,240 --> 00:05:21,120 those risks matter to you somewhat. 122 00:05:18,479 --> 00:05:23,120 Okay, myth number two. There's only one 123 00:05:21,120 --> 00:05:26,160 dependency graph. You may remember me 124 00:05:23,120 --> 00:05:28,240 from such pyons as 2024. uh we 125 00:05:26,160 --> 00:05:31,840 calculated approximately 126 00:05:28,240 --> 00:05:34,800 this number on the order of 10 to the 81 127 00:05:31,840 --> 00:05:37,840 valid dependency graphs for a single 128 00:05:34,800 --> 00:05:39,199 dependency for D3. Um okay so that's 129 00:05:37,840 --> 00:05:41,759 almost the number of atoms in the 130 00:05:39,199 --> 00:05:43,280 universe. Uh but good news that number's 131 00:05:41,759 --> 00:05:45,440 gone up since then. That was a whole 132 00:05:43,280 --> 00:05:47,840 year ago. 133 00:05:45,440 --> 00:05:49,759 But why? Well there are just more 134 00:05:47,840 --> 00:05:52,479 packages available now which generally 135 00:05:49,759 --> 00:05:54,560 means a lot more options when satisfying 136 00:05:52,479 --> 00:05:56,160 requirements. And what do I mean by 137 00:05:54,560 --> 00:05:57,919 satisfying requirements? Well, you have 138 00:05:56,160 --> 00:05:59,840 a project. Say you want to use Express. 139 00:05:57,919 --> 00:06:01,600 It's a minimalist web framework. It's a 140 00:05:59,840 --> 00:06:03,600 node. But actually, so we've got these 141 00:06:01,600 --> 00:06:05,600 requirements on that package. Maybe you 142 00:06:03,600 --> 00:06:07,120 need it to be version five or above for 143 00:06:05,600 --> 00:06:08,560 those shiny new features. So it turns 144 00:06:07,120 --> 00:06:10,400 out there are three versions that could 145 00:06:08,560 --> 00:06:13,280 satisfy that constraint. Here's our 146 00:06:10,400 --> 00:06:15,600 situation. Your package depends on 147 00:06:13,280 --> 00:06:17,039 Express. It has three valid versions to 148 00:06:15,600 --> 00:06:18,720 pick from. That's not so bad. Three. 149 00:06:17,039 --> 00:06:20,319 Great. I can count that high. But 150 00:06:18,720 --> 00:06:21,919 Express has its own dependencies. For 151 00:06:20,319 --> 00:06:23,280 example, it depends on body paser. And 152 00:06:21,919 --> 00:06:25,039 there are currently around five versions 153 00:06:23,280 --> 00:06:26,240 that would satisfy that constraint. And 154 00:06:25,039 --> 00:06:28,000 that's a very small part of the 155 00:06:26,240 --> 00:06:30,160 dependency tree. So, so there are more 156 00:06:28,000 --> 00:06:31,759 layers and each dependency on each of 157 00:06:30,160 --> 00:06:33,520 those layers on each of those versions 158 00:06:31,759 --> 00:06:36,880 of each of those layers and it stops 159 00:06:33,520 --> 00:06:38,160 becoming a tree. And very quickly, yeah, 160 00:06:36,880 --> 00:06:40,800 it's a mess. And if you were going to 161 00:06:38,160 --> 00:06:43,759 run npm install say a month later, it's 162 00:06:40,800 --> 00:06:45,600 entirely reasonable and expected that a 163 00:06:43,759 --> 00:06:48,720 huge part of this graph is thrown into 164 00:06:45,600 --> 00:06:51,360 chaos and a wildly different one emerges 165 00:06:48,720 --> 00:06:52,800 because which version actually ends up 166 00:06:51,360 --> 00:06:54,479 in your dependency graph depends on a 167 00:06:52,800 --> 00:06:55,600 lot of different things. The build tools 168 00:06:54,479 --> 00:06:57,840 compute the dependency graphs by 169 00:06:55,600 --> 00:06:59,759 evaluating constraints created by 170 00:06:57,840 --> 00:07:02,000 dependency requirements. I prefer 171 00:06:59,759 --> 00:07:03,680 version three or greater. Environmental 172 00:07:02,000 --> 00:07:06,240 constraints. This is a build for 173 00:07:03,680 --> 00:07:08,400 Windows. what kind of build it is. Build 174 00:07:06,240 --> 00:07:10,960 the tests as well as the software and 175 00:07:08,400 --> 00:07:13,440 perhaps build specific considerations. 176 00:07:10,960 --> 00:07:16,000 The binary must be minified. So a new 177 00:07:13,440 --> 00:07:18,160 version showing up can change the graph. 178 00:07:16,000 --> 00:07:19,919 A version being deleted that changes the 179 00:07:18,160 --> 00:07:22,080 graph. Different tooling using UV 180 00:07:19,919 --> 00:07:24,560 instead of pip or yarn instead of npm or 181 00:07:22,080 --> 00:07:27,440 even just a different version of npm. 182 00:07:24,560 --> 00:07:29,440 One quirk I quite like at least with npm 183 00:07:27,440 --> 00:07:33,440 if you rename a package you're 184 00:07:29,440 --> 00:07:36,160 installing think import fu as blah or 185 00:07:33,440 --> 00:07:37,840 arvark that can change your dependency 186 00:07:36,160 --> 00:07:39,840 graph because some implementations of 187 00:07:37,840 --> 00:07:42,639 npm resolve the dependencies in lexical 188 00:07:39,840 --> 00:07:45,840 graphical order which can cause 189 00:07:42,639 --> 00:07:47,680 requirement yeah 190 00:07:45,840 --> 00:07:49,680 requirement conflicts to resolve 191 00:07:47,680 --> 00:07:51,919 differently depending on which one gets 192 00:07:49,680 --> 00:07:53,759 evaluated first. 193 00:07:51,919 --> 00:07:57,199 So 194 00:07:53,759 --> 00:08:00,080 where does that leave us? There is never 195 00:07:57,199 --> 00:08:02,479 the dependency graph. There is only ever 196 00:08:00,080 --> 00:08:05,120 a dependency graph on your particular 197 00:08:02,479 --> 00:08:08,240 machine and at your specific point in 198 00:08:05,120 --> 00:08:12,639 time using this specific package manager 199 00:08:08,240 --> 00:08:14,800 and so on. Okay. Myth number three, 200 00:08:12,639 --> 00:08:16,800 names are unique. Okay. So you've 201 00:08:14,800 --> 00:08:18,479 decided on a dependency, you know you 202 00:08:16,800 --> 00:08:20,400 want to use it. Great. And and you know 203 00:08:18,479 --> 00:08:22,879 its name and what the version that you 204 00:08:20,400 --> 00:08:25,599 want to use is. Go for it. Except what 205 00:08:22,879 --> 00:08:27,280 was it called again? Packages by any 206 00:08:25,599 --> 00:08:29,919 other name might smell as sweet, but 207 00:08:27,280 --> 00:08:34,000 name confusion can certainly be a 208 00:08:29,919 --> 00:08:35,919 thorny. I'm so sorry. Okay. So, um, 209 00:08:34,000 --> 00:08:38,159 names are not unique. Not across 210 00:08:35,919 --> 00:08:39,599 ecosystems. Fair enough. Maybe each 211 00:08:38,159 --> 00:08:41,200 ecosystem really does need a Babel 212 00:08:39,599 --> 00:08:43,599 package, but also names might not be 213 00:08:41,200 --> 00:08:45,040 unique across registries and namespaces. 214 00:08:43,599 --> 00:08:47,040 There could be quite a few reasons for 215 00:08:45,040 --> 00:08:50,000 this, and some of those reasons are more 216 00:08:47,040 --> 00:08:51,839 problematic than others. Name squatting 217 00:08:50,000 --> 00:08:54,320 is essentially when someone comes along 218 00:08:51,839 --> 00:08:56,480 and registers a bunch of common names to 219 00:08:54,320 --> 00:08:59,760 sell later. It's really common with 220 00:08:56,480 --> 00:09:02,240 domains, uh, social media and also 221 00:08:59,760 --> 00:09:03,680 happens with package registries. Uh, I'm 222 00:09:02,240 --> 00:09:05,200 not sure how lucrative it is in case 223 00:09:03,680 --> 00:09:06,880 you're looking for a career change, but 224 00:09:05,200 --> 00:09:09,440 um, you can think of name squatting as a 225 00:09:06,880 --> 00:09:11,600 specific type of typo squatting. The 226 00:09:09,440 --> 00:09:13,519 broader concept here is that some minor 227 00:09:11,600 --> 00:09:15,040 mistake when you're typing the package 228 00:09:13,519 --> 00:09:17,200 means that the user doesn't end up with 229 00:09:15,040 --> 00:09:20,080 a package that they expect. they end up 230 00:09:17,200 --> 00:09:22,320 with your package instead. That mistake 231 00:09:20,080 --> 00:09:24,399 might be a genuine typo, typos targeting 232 00:09:22,320 --> 00:09:26,240 a specific package, or it might be 233 00:09:24,399 --> 00:09:28,560 reusing the names of packages that are 234 00:09:26,240 --> 00:09:31,200 popular in other ecosystems, or it might 235 00:09:28,560 --> 00:09:33,519 just sound right, like these VS Code 236 00:09:31,200 --> 00:09:35,200 extensions that were all uploaded by the 237 00:09:33,519 --> 00:09:37,760 same malicious account and found in 238 00:09:35,200 --> 00:09:41,200 April this year. And of course, that's 239 00:09:37,760 --> 00:09:45,519 the challenge. What is legit? What seems 240 00:09:41,200 --> 00:09:46,959 legit? And what's safe? Two of these are 241 00:09:45,519 --> 00:09:50,160 legitimate offiscation tools that 242 00:09:46,959 --> 00:09:51,839 developers could use. But which two? 243 00:09:50,160 --> 00:09:54,560 It's these ones. But you have no way of 244 00:09:51,839 --> 00:09:58,320 knowing unless you actually know. Um, so 245 00:09:54,560 --> 00:10:00,640 what's a dev to do? Well, uh, maybe Tim 246 00:09:58,320 --> 00:10:03,040 can find some answers. 247 00:10:00,640 --> 00:10:05,120 Maybe. 248 00:10:03,040 --> 00:10:08,480 Be prepared for speaking rate to tone 249 00:10:05,120 --> 00:10:10,000 down to like five. 250 00:10:08,480 --> 00:10:12,240 Yeah. Just just Yeah. If you were 251 00:10:10,000 --> 00:10:15,040 listening to this at 2x uh Well, at 252 00:10:12,240 --> 00:10:16,959 four. Yeah. No. Yeah. 253 00:10:15,040 --> 00:10:19,519 So myth number four, popular things are 254 00:10:16,959 --> 00:10:21,680 more secure. 255 00:10:19,519 --> 00:10:24,399 So you probably know a core tenant of 256 00:10:21,680 --> 00:10:27,680 open source is Linus' law where given 257 00:10:24,399 --> 00:10:30,320 enough eyeballs or bugs are shallow, 258 00:10:27,680 --> 00:10:33,839 which is to roughly say that popular 259 00:10:30,320 --> 00:10:35,920 open source things are safer, right? 260 00:10:33,839 --> 00:10:38,399 Unexpected uh expectedly it's more 261 00:10:35,920 --> 00:10:41,200 complicated than that. Firstly, popular 262 00:10:38,399 --> 00:10:43,440 things tend to be more complex. 263 00:10:41,200 --> 00:10:45,760 Most often, if you're writing Python 264 00:10:43,440 --> 00:10:47,680 packages that are popular, you're likely 265 00:10:45,760 --> 00:10:49,839 to be writing solutions that cater to 266 00:10:47,680 --> 00:10:53,120 thousands or if not millions of distinct 267 00:10:49,839 --> 00:10:54,959 users and use cases. 268 00:10:53,120 --> 00:10:56,880 And it happens that popular things tend 269 00:10:54,959 --> 00:10:59,839 to have more features, more nuanced 270 00:10:56,880 --> 00:11:01,839 optimizations, etc. 271 00:10:59,839 --> 00:11:04,240 Of course, complexity tends to mean 272 00:11:01,839 --> 00:11:06,079 greater attack surface. And this is sort 273 00:11:04,240 --> 00:11:08,640 of the inherent trade-off of using 274 00:11:06,079 --> 00:11:10,640 popular open source software. you get 275 00:11:08,640 --> 00:11:13,440 comprehensive battle tested solutions, 276 00:11:10,640 --> 00:11:15,440 but they're often much more complex and 277 00:11:13,440 --> 00:11:17,519 therefore greater tendency for potential 278 00:11:15,440 --> 00:11:19,120 vulnerabilities. 279 00:11:17,519 --> 00:11:20,640 Secondly, 280 00:11:19,120 --> 00:11:23,519 popular things are often the only thing 281 00:11:20,640 --> 00:11:25,519 that people even care to attack. 282 00:11:23,519 --> 00:11:27,120 So, a tangent. 283 00:11:25,519 --> 00:11:29,360 When I was growing up, I thought there 284 00:11:27,120 --> 00:11:32,720 were only ever two operating systems in 285 00:11:29,360 --> 00:11:34,720 this world, Windows, Mac OS. And then 286 00:11:32,720 --> 00:11:37,680 some day in high school a tragedy 287 00:11:34,720 --> 00:11:39,839 occurred and I heard about Linux for the 288 00:11:37,680 --> 00:11:41,920 first time. 289 00:11:39,839 --> 00:11:44,720 Uh and I genuinely heard this being 290 00:11:41,920 --> 00:11:47,519 lorded as like one of the reasons why a 291 00:11:44,720 --> 00:11:50,959 person ought to consider using Linux 292 00:11:47,519 --> 00:11:53,040 because supposedly it's virus free. And 293 00:11:50,959 --> 00:11:55,200 I recall this was genuinely like a 294 00:11:53,040 --> 00:11:58,240 frequently quoted benefit of using Linux 295 00:11:55,200 --> 00:11:59,600 for personal computing. 296 00:11:58,240 --> 00:12:01,760 As we all know, the statement is 297 00:11:59,600 --> 00:12:04,399 obviously false, but there is some truth 298 00:12:01,760 --> 00:12:06,720 around this idea because Linux 299 00:12:04,399 --> 00:12:09,279 unfortunately never really took off as a 300 00:12:06,720 --> 00:12:11,600 popular operating system for desktop 301 00:12:09,279 --> 00:12:14,079 computing. Uh, in terms of market share, 302 00:12:11,600 --> 00:12:18,399 we're currently sitting at around 2% 303 00:12:14,079 --> 00:12:19,920 roughly. This is 2024 data. 304 00:12:18,399 --> 00:12:21,360 So, if you were an attacker and you 305 00:12:19,920 --> 00:12:23,120 wanted to distribute malicious 306 00:12:21,360 --> 00:12:24,720 executables, 307 00:12:23,120 --> 00:12:26,800 you would probably not be targeting 308 00:12:24,720 --> 00:12:29,920 Linux. And that that happens to be a 309 00:12:26,800 --> 00:12:32,959 huge reason why Linux was just the more 310 00:12:29,920 --> 00:12:35,760 secure choice. 311 00:12:32,959 --> 00:12:38,320 Likewise here, I would not need to tell 312 00:12:35,760 --> 00:12:41,200 you which package would be more likely 313 00:12:38,320 --> 00:12:43,440 uh to be valuable to attack. 314 00:12:41,200 --> 00:12:44,880 Pyramid here, by the way, is another web 315 00:12:43,440 --> 00:12:47,200 server framework that you probably 316 00:12:44,880 --> 00:12:49,440 haven't heard about. It does fewer 317 00:12:47,200 --> 00:12:52,160 things and is expectedly less popular 318 00:12:49,440 --> 00:12:53,519 than Django. And so it just happens 319 00:12:52,160 --> 00:12:56,880 fewer people are going to care to 320 00:12:53,519 --> 00:12:56,880 compromise pyramids. 321 00:12:57,200 --> 00:13:01,360 Okay, here's some really recent news. 322 00:12:59,440 --> 00:13:03,920 This landed like earlier, literally just 323 00:13:01,360 --> 00:13:06,079 this week. Uh, what you're looking at 324 00:13:03,920 --> 00:13:07,600 here is a sample of a few JavaScript 325 00:13:06,079 --> 00:13:11,120 packages that have been released 326 00:13:07,600 --> 00:13:13,200 recently with a malicious change. 327 00:13:11,120 --> 00:13:15,839 That change, by the way, is going to 328 00:13:13,200 --> 00:13:17,680 drain your crypto wallet. 329 00:13:15,839 --> 00:13:20,079 Uh, and here are the weekly downloads 330 00:13:17,680 --> 00:13:23,040 for some of those packages. We're 331 00:13:20,079 --> 00:13:25,120 talking in the ballpark of uh billions 332 00:13:23,040 --> 00:13:29,160 of downloads. And this is in just a 333 00:13:25,120 --> 00:13:29,160 single oneweek period. 334 00:13:29,839 --> 00:13:34,320 So in addition to you as a developer 335 00:13:31,600 --> 00:13:35,920 needing to be security aware, the 336 00:13:34,320 --> 00:13:38,240 ecosystem as a whole has a 337 00:13:35,920 --> 00:13:39,839 responsibility to adopt strong security 338 00:13:38,240 --> 00:13:42,160 practices. 339 00:13:39,839 --> 00:13:44,320 Uh at at a minimum think things like 340 00:13:42,160 --> 00:13:47,440 multiffactor authentication, 341 00:13:44,320 --> 00:13:49,920 package signing, etc. 342 00:13:47,440 --> 00:13:51,839 uh sort of amusingly between ecosystems 343 00:13:49,920 --> 00:13:53,440 there's actually a surprising spectrum 344 00:13:51,839 --> 00:13:56,480 as to how strong their security 345 00:13:53,440 --> 00:13:59,519 practices are. For instance, consider 346 00:13:56,480 --> 00:14:02,639 this. How long is it going to take for 347 00:13:59,519 --> 00:14:05,199 90% of reported malicious packages to be 348 00:14:02,639 --> 00:14:08,320 taken down? In other words, like you 349 00:14:05,199 --> 00:14:09,920 report 100 packages as being malicious. 350 00:14:08,320 --> 00:14:13,279 How long does it take for 90 of them 351 00:14:09,920 --> 00:14:15,839 roughly to be taken down? 352 00:14:13,279 --> 00:14:17,839 For Pippi, the answer is roughly 24 to 353 00:14:15,839 --> 00:14:19,920 36 hours. 354 00:14:17,839 --> 00:14:22,480 And for npm, that figure is like an 355 00:14:19,920 --> 00:14:25,120 order of magnitude higher. 356 00:14:22,480 --> 00:14:27,120 Yeah. And so this is where we give a 357 00:14:25,120 --> 00:14:28,959 special shout out to Pipi for actually 358 00:14:27,120 --> 00:14:32,120 being an outlier with how responsive 359 00:14:28,959 --> 00:14:32,120 they are. 360 00:14:32,560 --> 00:14:38,000 Uh but even though like Pippi tends to 361 00:14:35,040 --> 00:14:40,480 act particularly fast here, things get 362 00:14:38,000 --> 00:14:42,480 downloaded at such a huge scale that we 363 00:14:40,480 --> 00:14:44,959 are still talking about like hundreds of 364 00:14:42,480 --> 00:14:48,639 thousands of downloads for one package 365 00:14:44,959 --> 00:14:51,680 in a single 24-hour period. And that's 366 00:14:48,639 --> 00:14:54,680 still enough to potentially produce huge 367 00:14:51,680 --> 00:14:54,680 impact. 368 00:14:54,959 --> 00:14:59,680 So the lesson here is 369 00:14:57,760 --> 00:15:01,519 the takeaway here is not to stay away 370 00:14:59,680 --> 00:15:04,320 from popular things. Often you don't 371 00:15:01,519 --> 00:15:06,079 have a choice. Um for instance, you 372 00:15:04,320 --> 00:15:10,320 should not be swearing off Python today 373 00:15:06,079 --> 00:15:12,880 and rewriting all your things in Cobalt. 374 00:15:10,320 --> 00:15:15,360 The lesson is just to not blindly use 375 00:15:12,880 --> 00:15:18,240 popular technology expecting that it'll 376 00:15:15,360 --> 00:15:20,480 be more secure. 377 00:15:18,240 --> 00:15:22,160 There are many good good angles to this. 378 00:15:20,480 --> 00:15:23,760 However, like the good thing is if you 379 00:15:22,160 --> 00:15:25,760 do opt to use something secure uh 380 00:15:23,760 --> 00:15:28,000 popular, like generally speaking, if 381 00:15:25,760 --> 00:15:29,440 something bad were to happen, uh you 382 00:15:28,000 --> 00:15:32,800 know, many people care and they're going 383 00:15:29,440 --> 00:15:35,279 to act quickly and remediations tend to 384 00:15:32,800 --> 00:15:37,040 come about quicker. 385 00:15:35,279 --> 00:15:39,760 And as you saw just then with these 386 00:15:37,040 --> 00:15:41,760 malicious JavaScript packages, uh people 387 00:15:39,760 --> 00:15:43,120 noticed it really quickly, they reported 388 00:15:41,760 --> 00:15:46,639 it quickly, and now it's being 389 00:15:43,120 --> 00:15:50,079 remediated quickly. 390 00:15:46,639 --> 00:15:51,759 If you're curious, uh, for actual stats, 391 00:15:50,079 --> 00:15:53,360 it could have been much worse, but, uh, 392 00:15:51,759 --> 00:15:55,199 it turns out those malicious packages 393 00:15:53,360 --> 00:15:57,600 were downloaded roughly on the order of 394 00:15:55,199 --> 00:15:59,279 hundreds of thousands of times before 395 00:15:57,600 --> 00:16:01,360 takedown. 396 00:15:59,279 --> 00:16:03,040 Uh, how disastrous did this end up 397 00:16:01,360 --> 00:16:05,279 being? 398 00:16:03,040 --> 00:16:07,759 Remember, these malicious packages would 399 00:16:05,279 --> 00:16:11,199 drain your crypto wallet. So, how much 400 00:16:07,759 --> 00:16:13,279 did they actually managed to steal? 401 00:16:11,199 --> 00:16:15,360 Uh, current analysis shows that the 402 00:16:13,279 --> 00:16:17,440 attacker actually made off with a 403 00:16:15,360 --> 00:16:20,680 jaw-dropping 404 00:16:17,440 --> 00:16:20,680 $5 US. 405 00:16:21,040 --> 00:16:26,720 Uh, plus plus a bit more in um various 406 00:16:23,360 --> 00:16:29,519 NFTts and meme coins and whatnot. 407 00:16:26,720 --> 00:16:31,360 Anyway, like we were very lucky here, 408 00:16:29,519 --> 00:16:34,160 but this is just another reason why 409 00:16:31,360 --> 00:16:38,600 popular packages get targeted. Like you 410 00:16:34,160 --> 00:16:38,600 need huge volume for huge impact. 411 00:16:39,199 --> 00:16:44,240 onto a different myth. Open source is 412 00:16:41,440 --> 00:16:46,079 immutable. 413 00:16:44,240 --> 00:16:48,000 The packages you install today are going 414 00:16:46,079 --> 00:16:51,120 to be the same as the packages you 415 00:16:48,000 --> 00:16:53,839 install tomorrow, right? 416 00:16:51,120 --> 00:16:55,920 Not necessarily, because unlike other 417 00:16:53,839 --> 00:16:57,839 package managers in other ecosystems, 418 00:16:55,920 --> 00:17:00,560 pip doesn't actually make integrity 419 00:16:57,839 --> 00:17:02,720 checks by default. And by integrity 420 00:17:00,560 --> 00:17:04,640 checks, we just mean pip does not take 421 00:17:02,720 --> 00:17:07,120 the hash of the packages you download 422 00:17:04,640 --> 00:17:10,160 and uh check that in future times you 423 00:17:07,120 --> 00:17:11,520 run pip install it remains the same. 424 00:17:10,160 --> 00:17:14,160 If you want that sort of thing, you 425 00:17:11,520 --> 00:17:17,839 should be running this command instead 426 00:17:14,160 --> 00:17:21,360 with the uh require hashes flag. 427 00:17:17,839 --> 00:17:23,039 And so unless you specifically opt into 428 00:17:21,360 --> 00:17:24,640 doing something like this, you actually 429 00:17:23,039 --> 00:17:26,160 just don't have a real practical 430 00:17:24,640 --> 00:17:28,640 guarantee you're getting the same 431 00:17:26,160 --> 00:17:31,640 contents as the last time you ran pip 432 00:17:28,640 --> 00:17:31,640 install. 433 00:17:31,919 --> 00:17:36,480 And here's another myth. Git tags are 434 00:17:34,240 --> 00:17:39,200 immutable. 435 00:17:36,480 --> 00:17:41,360 To remind you, git tags are very simple. 436 00:17:39,200 --> 00:17:42,880 They're just like aliases for a commit. 437 00:17:41,360 --> 00:17:44,880 That's pretty much it. We use them as a 438 00:17:42,880 --> 00:17:46,799 sort of human readable bookmark for a 439 00:17:44,880 --> 00:17:49,039 specific commit. 440 00:17:46,799 --> 00:17:51,280 The convention 441 00:17:49,039 --> 00:17:53,280 for Python packages as well as packages 442 00:17:51,280 --> 00:17:56,400 in other ecosystems is we tend to use 443 00:17:53,280 --> 00:17:59,360 git tags to point to the specific commit 444 00:17:56,400 --> 00:18:00,799 that a version was built at. Something 445 00:17:59,360 --> 00:18:03,200 that looks like what you're seeing on 446 00:18:00,799 --> 00:18:05,840 the slides here. 447 00:18:03,200 --> 00:18:08,400 Anyway, a big distinction between git 448 00:18:05,840 --> 00:18:10,240 branches and git tags is that tags are 449 00:18:08,400 --> 00:18:12,640 not meant to be reassigned after you 450 00:18:10,240 --> 00:18:15,120 created them. 451 00:18:12,640 --> 00:18:17,360 In other words, by design, or at least 452 00:18:15,120 --> 00:18:19,679 by intention, they're meant to be 453 00:18:17,360 --> 00:18:23,120 immutable. 454 00:18:19,679 --> 00:18:24,720 Except no, you can just do this. Uh 455 00:18:23,120 --> 00:18:26,640 there's no magic here. You really can 456 00:18:24,720 --> 00:18:28,320 just drop and recreate a tag on a 457 00:18:26,640 --> 00:18:31,200 different commit and then push it 458 00:18:28,320 --> 00:18:32,960 upstream. And it feels really trivial to 459 00:18:31,200 --> 00:18:35,600 stand here and point out that you can do 460 00:18:32,960 --> 00:18:37,760 this, but the fact that you can actually 461 00:18:35,600 --> 00:18:41,840 has some very interesting slash dire 462 00:18:37,760 --> 00:18:44,240 consequences to open source security. 463 00:18:41,840 --> 00:18:46,960 Let's put our black hats on. You have a 464 00:18:44,240 --> 00:18:50,640 malicious package fu version 1.0.0 that 465 00:18:46,960 --> 00:18:52,880 you want to publish to users on Pippi. 466 00:18:50,640 --> 00:18:54,480 You can upload this to Pippi with no 467 00:18:52,880 --> 00:18:56,240 issues. Uh but we have an obvious 468 00:18:54,480 --> 00:18:58,480 problem. Anyone who is suspicious of our 469 00:18:56,240 --> 00:18:59,760 malicious uh package can inspect our 470 00:18:58,480 --> 00:19:01,120 source code and they can see our 471 00:18:59,760 --> 00:19:03,520 wrongdoing because it's all in plain 472 00:19:01,120 --> 00:19:06,080 sight. So here's a trick to actually 473 00:19:03,520 --> 00:19:08,400 conceal our malicious code. Suppose we 474 00:19:06,080 --> 00:19:12,240 built and published FU version 1.0.0 475 00:19:08,400 --> 00:19:13,840 zero at the bad commit DF456 476 00:19:12,240 --> 00:19:16,000 and suppose we have a good commit right 477 00:19:13,840 --> 00:19:18,160 after this one's completely innocent the 478 00:19:16,000 --> 00:19:22,240 trick is we can move the version tag 479 00:19:18,160 --> 00:19:23,919 v1.0.0 from bad to good 480 00:19:22,240 --> 00:19:26,080 and the clever thing here is we've moved 481 00:19:23,919 --> 00:19:28,720 the tag from bad to good but Pipi is 482 00:19:26,080 --> 00:19:30,080 actually still publishing the bad one 483 00:19:28,720 --> 00:19:31,760 and this is great because now you can 484 00:19:30,080 --> 00:19:34,160 shake off suspicion very easily like 485 00:19:31,760 --> 00:19:36,799 anyone who suspects foul play they can 486 00:19:34,160 --> 00:19:40,160 just audit your project at version 1.0.0 487 00:19:36,799 --> 00:19:41,840 Z and they'll find nothing wrong. 488 00:19:40,160 --> 00:19:43,440 And it's it really is that easy. And 489 00:19:41,840 --> 00:19:45,600 people really do pull off this kind of 490 00:19:43,440 --> 00:19:48,000 exploit. If you're curious, search up 491 00:19:45,600 --> 00:19:50,240 the Bolt DB incident. People did this 492 00:19:48,000 --> 00:19:52,640 for a package and they actually had 493 00:19:50,240 --> 00:19:56,080 potential remote code execution over 494 00:19:52,640 --> 00:20:00,400 three years before people found out. 495 00:19:56,080 --> 00:20:02,640 Yep. Myth six, Python is dead. Python 2 496 00:20:00,400 --> 00:20:04,160 is dead. 497 00:20:02,640 --> 00:20:05,840 Yeah. Like so far in this conference, 498 00:20:04,160 --> 00:20:06,960 it's been AI this, AI that. I don't 499 00:20:05,840 --> 00:20:09,280 think I've heard a single mention of 500 00:20:06,960 --> 00:20:11,600 Python 2, so probably safe to say it's 501 00:20:09,280 --> 00:20:13,360 dead. 502 00:20:11,600 --> 00:20:16,320 Some background first. Python 2 was 503 00:20:13,360 --> 00:20:19,280 first released in October 2000. 504 00:20:16,320 --> 00:20:22,799 After 20 long years, we finally mark the 505 00:20:19,280 --> 00:20:24,799 end of life of Python 2 in April 2020. 506 00:20:22,799 --> 00:20:26,880 So, it's been a good 5 years since 2020. 507 00:20:24,799 --> 00:20:30,320 Is it dead? 508 00:20:26,880 --> 00:20:32,000 Nah, Python 2 is not dead yet. It has 509 00:20:30,320 --> 00:20:34,480 been 5 years, but people are definitely 510 00:20:32,000 --> 00:20:36,559 still using it. Much less actively for 511 00:20:34,480 --> 00:20:39,360 sure, but definitely still in use. In 512 00:20:36,559 --> 00:20:41,120 fact, the percentage of people 513 00:20:39,360 --> 00:20:43,840 reportedly using Python 2 actually 514 00:20:41,120 --> 00:20:47,360 hasn't changed that much since 2020. It 515 00:20:43,840 --> 00:20:50,640 was sitting at around 6% then and a year 516 00:20:47,360 --> 00:20:53,280 ago was sitting at around 4%. 517 00:20:50,640 --> 00:20:55,120 Anyway, let's look at something more 518 00:20:53,280 --> 00:20:57,919 concrete maybe. Let's look at the actual 519 00:20:55,120 --> 00:21:00,400 download stats from Pippi. This is a 520 00:20:57,919 --> 00:21:02,080 rough count of the number of packages 521 00:21:00,400 --> 00:21:04,799 downloaded in the last 12 months. And 522 00:21:02,080 --> 00:21:08,400 good news, looks like Python 2 is dead. 523 00:21:04,799 --> 00:21:10,640 But uh stretching out the y-axis a bit 524 00:21:08,400 --> 00:21:12,559 more, you can see there is a small but 525 00:21:10,640 --> 00:21:15,520 still persistent sliver remaining for 526 00:21:12,559 --> 00:21:18,159 Python 2. But like in relative terms, 527 00:21:15,520 --> 00:21:20,240 this looks okay, right? Uh the problem 528 00:21:18,159 --> 00:21:22,000 is Python is the world's most popular 529 00:21:20,240 --> 00:21:24,320 programming language at the moment. And 530 00:21:22,000 --> 00:21:26,559 that tiny sliver is actually three 531 00:21:24,320 --> 00:21:29,559 billion package downloads in the past 12 532 00:21:26,559 --> 00:21:29,559 months, 533 00:21:29,840 --> 00:21:35,520 which is to say that nearly 20 million 534 00:21:33,280 --> 00:21:39,360 packages have been downloaded since PyCon 535 00:21:35,520 --> 00:21:41,440 started this Friday at 9:00 a.m. 536 00:21:39,360 --> 00:21:43,919 And in the time it took to deliver that 537 00:21:41,440 --> 00:21:46,400 sentence, another 800 or so were 538 00:21:43,919 --> 00:21:48,720 downloaded. 539 00:21:46,400 --> 00:21:51,840 Yeah. So, Python 2 is not quite dead, 540 00:21:48,720 --> 00:21:53,200 but who cares? in general like why does 541 00:21:51,840 --> 00:21:55,440 it matter that people are using end of 542 00:21:53,200 --> 00:21:56,640 life things? 543 00:21:55,440 --> 00:21:58,400 It matters because when something 544 00:21:56,640 --> 00:22:00,400 becomes end of life it means you no 545 00:21:58,400 --> 00:22:02,400 longer get security patches on that 546 00:22:00,400 --> 00:22:04,000 thing or at least you don't reliably get 547 00:22:02,400 --> 00:22:06,000 them. 548 00:22:04,000 --> 00:22:08,320 In this case it's been like 5 years. 549 00:22:06,000 --> 00:22:10,159 Python 2 and its main libraries have had 550 00:22:08,320 --> 00:22:12,000 ample time for many vulnerabilities to 551 00:22:10,159 --> 00:22:15,440 be discovered and there's only ever 552 00:22:12,000 --> 00:22:17,280 going to be more over time. 553 00:22:15,440 --> 00:22:19,200 So what you're looking at here is just a 554 00:22:17,280 --> 00:22:21,280 very small sample of a few 555 00:22:19,200 --> 00:22:23,440 vulnerabilities affecting the Python 2 556 00:22:21,280 --> 00:22:25,440 standard library and also some 557 00:22:23,440 --> 00:22:28,400 cornerstone libraries like NumPy, 558 00:22:25,440 --> 00:22:30,799 Pillow, Django, etc. 559 00:22:28,400 --> 00:22:32,720 So if something gets marked end of life 560 00:22:30,799 --> 00:22:34,960 and that something actually matters to 561 00:22:32,720 --> 00:22:37,039 you and your organization, 562 00:22:34,960 --> 00:22:39,120 it really is best that you do something 563 00:22:37,039 --> 00:22:41,360 about it. 564 00:22:39,120 --> 00:22:43,520 And gosh, like if only there was some 565 00:22:41,360 --> 00:22:45,120 kind of new industry changing, emerging 566 00:22:43,520 --> 00:22:48,000 technology that could solve all this 567 00:22:45,120 --> 00:22:50,240 without human intervention. Nikki, 568 00:22:48,000 --> 00:22:52,159 surely something along those lines would 569 00:22:50,240 --> 00:22:54,240 come and save us. 570 00:22:52,159 --> 00:22:57,039 Interesting theory. If only we had Oh, 571 00:22:54,240 --> 00:23:01,280 we have a myth for that. Okay, our last 572 00:22:57,039 --> 00:23:03,360 myth. AI will save us. Yay. Um, but 573 00:23:01,280 --> 00:23:05,600 first, nostalgia story time with Nikki. 574 00:23:03,360 --> 00:23:10,000 And so at university I learned that 575 00:23:05,600 --> 00:23:12,080 computers are very very fast. Very dumb 576 00:23:10,000 --> 00:23:14,400 but very very very very fast. So that 577 00:23:12,080 --> 00:23:17,440 means they will do exactly what you tell 578 00:23:14,400 --> 00:23:19,360 them to and not necessarily what you 579 00:23:17,440 --> 00:23:21,760 want them to and they'll do it very 580 00:23:19,360 --> 00:23:24,000 quickly. So now one of those things is 581 00:23:21,760 --> 00:23:28,400 no longer a limiting factor. They no 582 00:23:24,000 --> 00:23:30,320 longer do exactly what you tell them to 583 00:23:28,400 --> 00:23:33,679 but rather they just kind of follow the 584 00:23:30,320 --> 00:23:35,200 vibe of it. LLMs can accelerate the 585 00:23:33,679 --> 00:23:37,360 generation of code. They can automate 586 00:23:35,200 --> 00:23:39,280 the creation of boilerplate. That's a 587 00:23:37,360 --> 00:23:41,039 great thing that they can do. LLMs can 588 00:23:39,280 --> 00:23:43,440 significantly lower the barrier to 589 00:23:41,039 --> 00:23:45,600 entry, maybe help onboard junior 590 00:23:43,440 --> 00:23:48,159 developers or even complete noviceses 591 00:23:45,600 --> 00:23:49,919 much, much faster. And that means that a 592 00:23:48,159 --> 00:23:52,640 lot of the tasks that traditionally 593 00:23:49,919 --> 00:23:56,240 might have required some 594 00:23:52,640 --> 00:23:59,200 critical thought no longer do. That's 595 00:23:56,240 --> 00:24:01,520 great. Like installing dependencies. Oh. 596 00:23:59,200 --> 00:24:04,799 Um, well, okay. So if we're moving from 597 00:24:01,520 --> 00:24:07,200 author to auditor, how closely are folks 598 00:24:04,799 --> 00:24:10,080 actually validating things and do they 599 00:24:07,200 --> 00:24:12,720 understand it? If you are looking, if 600 00:24:10,080 --> 00:24:16,720 they are looking, are they just checking 601 00:24:12,720 --> 00:24:18,880 to see that the vibes seem right? Um 602 00:24:16,720 --> 00:24:21,200 because AI does not solve our open 603 00:24:18,880 --> 00:24:24,559 source problems. It automates and 604 00:24:21,200 --> 00:24:28,480 accelerates human endeavors and human 605 00:24:24,559 --> 00:24:30,559 mistakes at industrial scale. Uh, and 606 00:24:28,480 --> 00:24:32,720 one of those mistakes that we've seen 607 00:24:30,559 --> 00:24:34,799 with our eyes on your dependencies is 608 00:24:32,720 --> 00:24:36,720 slop squatting. Think typos squatting, 609 00:24:34,799 --> 00:24:39,120 but specifically targeting AI generated 610 00:24:36,720 --> 00:24:41,919 code. So, specifically, an LLM model 611 00:24:39,120 --> 00:24:43,760 tendencies to hallucinate a non-existing 612 00:24:41,919 --> 00:24:46,159 package name because it turns out that 613 00:24:43,760 --> 00:24:48,559 LLMs don't know what packages actually 614 00:24:46,159 --> 00:24:52,799 exist. They just go by the vibes and 615 00:24:48,559 --> 00:24:55,679 what seems right. So, LLM make stuff up. 616 00:24:52,799 --> 00:24:57,760 That's what a generative model is. And 617 00:24:55,679 --> 00:24:59,600 according to this linked study, roughly 618 00:24:57,760 --> 00:25:02,080 20% of generated code samples had at 619 00:24:59,600 --> 00:25:05,279 least one recommended package that 620 00:25:02,080 --> 00:25:08,400 didn't exist. And crucially, more than 621 00:25:05,279 --> 00:25:10,960 half of hallucinated packages reappeared 622 00:25:08,400 --> 00:25:13,279 in multiple runs. So a malicious actor 623 00:25:10,960 --> 00:25:15,520 could pretty easily just run an LLM, 624 00:25:13,279 --> 00:25:18,000 find those packages that don't exist, 625 00:25:15,520 --> 00:25:21,679 find register those package names, and 626 00:25:18,000 --> 00:25:25,279 upload some malicious code. Ah, and if 627 00:25:21,679 --> 00:25:26,640 the developers aren't paying a lot of 628 00:25:25,279 --> 00:25:28,159 attention to what they're actually 629 00:25:26,640 --> 00:25:32,480 importing, because remember that those 630 00:25:28,159 --> 00:25:34,960 packages look totally plausible. Well, 631 00:25:32,480 --> 00:25:37,120 that's a bit scary. And there are other 632 00:25:34,960 --> 00:25:38,799 scary potential futures, too. Are LLM's 633 00:25:37,120 --> 00:25:40,960 actually going to be great at finding 634 00:25:38,799 --> 00:25:42,880 zero days in our source code? And how 635 00:25:40,960 --> 00:25:45,440 might we, as a community meet that 636 00:25:42,880 --> 00:25:47,200 challenge? Many maintainers are already 637 00:25:45,440 --> 00:25:49,360 pretty burnt out. They're already 638 00:25:47,200 --> 00:25:50,799 inundated with generated PRs and 639 00:25:49,360 --> 00:25:53,919 security reports generated by 640 00:25:50,799 --> 00:25:56,559 well-meaning people. Does the future 641 00:25:53,919 --> 00:25:59,840 actually look like reducing our reliance 642 00:25:56,559 --> 00:26:01,679 on open source? How long until some CEO 643 00:25:59,840 --> 00:26:03,760 says just vibe that up the whole thing? 644 00:26:01,679 --> 00:26:06,799 Then we won't be relying on that one dev 645 00:26:03,760 --> 00:26:09,120 in Nebraska and our code won't be open 646 00:26:06,799 --> 00:26:11,039 source. So we'll be protected, scare 647 00:26:09,120 --> 00:26:12,559 quotes intended, from those LLMs who are 648 00:26:11,039 --> 00:26:16,960 out there hunting for zero days trying 649 00:26:12,559 --> 00:26:19,840 to hack us. But do we want that future? 650 00:26:16,960 --> 00:26:23,679 Do we want Vibes source instead of open 651 00:26:19,840 --> 00:26:26,400 source? Your being here in this room 652 00:26:23,679 --> 00:26:28,880 demonstrates that you believe in the 653 00:26:26,400 --> 00:26:32,159 value of open source. We know the value 654 00:26:28,880 --> 00:26:34,320 of Eyes on the Code and the myriad other 655 00:26:32,159 --> 00:26:36,640 benefits that come from being part of an 656 00:26:34,320 --> 00:26:38,960 open source community. 657 00:26:36,640 --> 00:26:41,039 Well, no matter which path we go down, 658 00:26:38,960 --> 00:26:43,440 and I'd personally really like to avoid 659 00:26:41,039 --> 00:26:46,320 Vibe Source as a default, 660 00:26:43,440 --> 00:26:48,159 but hey, uh, no matter what future, 661 00:26:46,320 --> 00:26:51,440 scary or not, we end up in, it looks 662 00:26:48,159 --> 00:26:53,039 like there'll be jobs in security. 663 00:26:51,440 --> 00:26:53,679 Uh, so I'm Nikki. 664 00:26:53,039 --> 00:26:55,679 I'm Tim. 665 00:26:53,679 --> 00:26:56,960 And those were some myths about open 666 00:26:55,679 --> 00:26:58,310 source that we hope you no longer 667 00:26:56,960 --> 00:27:08,559 believe. 668 00:26:58,310 --> 00:27:10,799 [Applause] 669 00:27:08,559 --> 00:27:14,400 Thank you uh Nikki and Tim for the very 670 00:27:10,799 --> 00:27:15,120 riveting talk. I 671 00:27:14,400 --> 00:27:16,799 Scary. 672 00:27:15,120 --> 00:27:17,120 Scary. Very scary. 673 00:27:16,799 --> 00:27:18,720 Um 674 00:27:17,120 --> 00:27:20,240 but a little optimistic. 675 00:27:18,720 --> 00:27:21,840 Just a tiny bit. 676 00:27:20,240 --> 00:27:24,559 And you you can all go and check out um 677 00:27:21,840 --> 00:27:28,799 Emoji Kitchen now. 678 00:27:24,559 --> 00:27:31,919 Um please accept these uh speaker gifts 679 00:27:28,799 --> 00:27:35,840 on behalf of the conference. Um, 680 00:27:31,919 --> 00:27:39,320 do we have any questions? We have one 681 00:27:35,840 --> 00:27:39,320 question over there. 682 00:27:47,440 --> 00:27:52,080 Do you have any commentary on the case 683 00:27:49,039 --> 00:27:54,880 of um releasing on Pippi with an SIS and 684 00:27:52,080 --> 00:28:00,080 then at a later point in time adding a 685 00:27:54,880 --> 00:28:01,520 malicious uh wheel to the release? So, 686 00:28:00,080 --> 00:28:04,880 you know, you reinstall the same version 687 00:28:01,520 --> 00:28:06,320 of the package, but now it contains a, 688 00:28:04,880 --> 00:28:07,440 you know, a platform wheel that is 689 00:28:06,320 --> 00:28:11,360 malicious. 690 00:28:07,440 --> 00:28:12,799 Yeah, that seems bad. Um, uh, uh, I I'm 691 00:28:11,360 --> 00:28:16,720 looking at Caleb in the front row 692 00:28:12,799 --> 00:28:20,159 saying, "Yes, we have comments." Um, uh, 693 00:28:16,720 --> 00:28:24,480 come grab us afterwards. Yeah. 694 00:28:20,159 --> 00:28:27,520 Might have time for one short question. 695 00:28:24,480 --> 00:28:29,679 Um, you said that PIP does not grab 696 00:28:27,520 --> 00:28:33,679 hashes by default. Do you know off the 697 00:28:29,679 --> 00:28:35,840 top of your head if UV does? 698 00:28:33,679 --> 00:28:38,320 Yes, it does. Someone knows and they say 699 00:28:35,840 --> 00:28:39,360 yes, it does. 700 00:28:38,320 --> 00:28:41,039 Great. 701 00:28:39,360 --> 00:28:41,760 Any of the ones that use a lock by 702 00:28:41,039 --> 00:28:43,600 default. 703 00:28:41,760 --> 00:28:45,919 Any of the ones that use a lock file by 704 00:28:43,600 --> 00:28:48,720 default to do. 705 00:28:45,919 --> 00:28:53,020 Uh please join me again in thanking 706 00:28:48,720 --> 00:28:57,660 Nikki and Tim for the excellent talk. 707 00:28:53,020 --> 00:28:57,660 [Applause]