Published on: 2025-06-04 05:02:08
wellesenterprises/Getty Images Long before Linux was introduced, I worked as a Unix system administrator. In those days, I downloaded the source code, unpacked the tarball archive it arrived in, compiled it, and installed it whenever I needed to update my system or install a new package. It was a real pain in the rump. With the arrival of Unix System V Release 4 (SVR4) in 1989, things got better with the first package manager system: pkgadd, pkgrm, and pkginfo. Companies such as IBM, with its
Keywords: hat immutable linux package red
Find related items on AmazonPublished on: 2025-06-15 20:56:15
The modern developer tooling ecosystem has exploded with choices, leading to frustrating scenarios where some piece of code builds perfectly on someone’s system, runs flawlessly in production, but mysteriously fails to build for you and you have absolutely no idea why. You’re left debugging with no clear direction—perhaps it’s a missing system dependency, a subtly different library version, or some environment variable that exists somewhere in the void, and nowhere else. If this sounds familiar
Keywords: build environment nix package store
Find related items on AmazonPublished on: 2025-06-17 17:37:41
60 packages have been discovered in the NPM index that attempt to collect sensitive host and network data and send it to a Discord webhook controlled by the threat actor. According to Socket’s Threat Research team, the packages were uploaded to the NPM repository starting May 12 from three publisher accounts. Each of the malicious packages contains a post-install script that automatically executes during ‘npm install’ and collects the following information: Hostname Internal IP address User
Keywords: data npm packages socket threat
Find related items on AmazonPublished on: 2025-06-19 17:15:27
Researchers have found malicious software that received more than 6,000 downloads from the NPM repository over a two-year span, in yet another discovery showing the hidden threats users of such open source archives face. Eight packages using names that closely mimicked those of widely used legitimate packages contained destructive payloads designed to corrupt or delete important data and crash systems, Kush Pandya, a researcher at security firm Socket, reported Thursday. The packages have been
Keywords: attack data diversity downloads packages
Find related items on AmazonPublished on: 2025-06-21 06:50:28
When I wrote Why is Debian the way it is?, a year and a half ago, I was asked to also cover why Debian changes the software it packages. Here’s a brief list of examples of why that happens: Software in Debian needs to follow certain policies as set by Debian over the years, and documented in the Debian Policy Manual. These are mostly mundane things like system wide configuration being in /etc , documentation in /usr/share/doc , and so on. Some of this is more intricate, like when names of execu
Keywords: debian free manual packages software
Find related items on AmazonPublished on: 2025-06-21 21:00:10
DirecTV's base streaming package costs more than all the other platforms on this list and its stiffest competition is still Hulu Plus Live TV and YouTube TV. With its channel selection, it's ideal for sports fans who want to watch local or national games. The service does have its pluses, though -- for example, it includes the flipper-friendly ability to swipe left and right to change channels. Additionally, it includes some channels some other services can't, including nearly 250 PBS stations
Keywords: channels directv package sports tv
Find related items on AmazonPublished on: 2025-06-22 04:20:30
When we talk about LlamaIndex, we’re actually referring to an ecosystem consisting of more than 650 Python packages, mostly Integrations and Packs. All these packages share a single GitHub repository, what engineers fondly call a “monorepo”. In this article, we’re going to introduce LlamaDev , our new tool for managing monorepos at scale, and explain the challenges we ran into with existing tooling to get us to this point. The challenge: 650+ dependency trees Each Python package in the monorep
Keywords: package packages pants python uv
Find related items on AmazonPublished on: 2025-06-30 04:42:31
Published May 13, 2025 Last week, the CPython developers rolled out CPython 3.14.0b1. This week, PyCon 2025 kicks off in Pittsburgh, PA. Both events mark a significant milestone for the effort to ship and stabilize free-threaded Python. This is the story of the first year of that effort and how our team at Quansight played a key role in enabling experimental use of the free-threaded build with real production workflows that depend on a complex set of dependencies. Introduction: Why are we wor
Keywords: build free packages python threaded
Find related items on AmazonPublished on: 2025-07-02 01:31:47
A malicious package in the Node Package Manager index uses invisible Unicode characters to hide malicious code and Google Calendar links to host the URL for the command-and-control location. The package, named os-info-checker-es6, appears as an information utility and has been downloaded more than 1,000 times since the beginning of the month. Researchers at Veracode, a code security assessment company, found that the first version of the package was added to the Node Package Manager (NPM) inde
Keywords: final npm package payload veracode
Find related items on AmazonPublished on: 2025-07-03 20:38:16
As car sales plunge and its brand image goes up in flames, Tesla's board has formed a special committee of exactly two people to review CEO Elon Musk's compensation — including potentially offering him a brand new pay package in stock options, the Financial Times reports. The two committee members are Tesla's chair, Robyn Denholm, and Kathleen Wilson-Thompson. Its existence was disclosed with just a single sentence in a filing last month, causing major investors to reach out to the board to gau
Keywords: board company musk package tesla
Find related items on AmazonPublished on: 2025-07-08 13:48:00
Vicki Jauron, Babylon and Beyond Photography/Getty Images Linux runs very well on all types of systems. It's built for speed and proves to me, on a daily basis, how superior it is in terms of speed and reliability. That doesn't mean it's perfect. Things happen (albeit rarely) that can add to a system slowdown. One such issue can be internal storage that has been used up. I remember, a few years ago, I was working on a Linux server that had become almost unresponsive. Turns out a rogue applicat
Keywords: cache command files package use
Find related items on AmazonPublished on: 2025-07-09 11:00:17
ZDNET's key takeaways The Eufy Security Video Doorbell E340 is normally available for $180 but is currently on sale. This doorbell features two cameras to give you complete visibility of the person at your door and any packages left on your porch, all with no monthly fees. Although the doorbell comes with 8GB of built-in local storage (enough for up to 60 days of event recordings), you need to add a Eufy Security HomeBase to get the most out of it. $149.99 at B&H Photo-Video $149.99 at Crutchf
Keywords: camera door doorbell package video
Find related items on AmazonPublished on: 2025-07-12 04:03:24
An npm package named 'rand-user-agent' has been compromised in a supply chain attack to inject obfuscated code that activates a remote access trojan (RAT) on the user's system. The 'rand-user-agent' package is a tool that generates randomized user-agent strings, which is helpful in web scraping, automated testing, and security research. Although the package has been deprecated, it remains fairly popular, averaging 45,000 downloads weekly. However, according to researchers at Aikido, threat ac
Keywords: agent code directory package user
Find related items on AmazonPublished on: 2025-07-12 13:51:14
A malicious Python package targeting Discord developers with remote access trojan (RAT) malware was spotted on the Python Package Index (PyPI) after more than three years. Named "discordpydebug," the package was masquerading as an error logger utility for developers working on Discord bots and was downloaded over 11,000 times since it was uploaded on March 21, 2022, even though it has no description or documentation. Cybersecurity company Socket, which first spotted it, says the malware could
Keywords: code developers discord malware package
Find related items on AmazonPublished on: 2025-07-18 21:05:32
For most of the 20th century, U.S. mailboxes looked like this: They hewed to the principle of good design and form follows function. As with the USPS' blue mail deposit boxes, the top is rounded to shed water. The classic mailbox is made of galvanized steel, which was once inexpensive to produce. The carrier signal flag is a nice touch; if the postal delivery driver has no mail to deliver to you that day and the flag is down, they know there's no need for them to stop. That design dates back
Keywords: day mail mailbox packages usps
Find related items on AmazonPublished on: 2025-07-22 22:06:21
Shein and Temu prices rise as Trump closes postage loophole 8 hours ago Share Save Peter Hoskins Business reporter Share Save Getty Images A duty-free loophole for low-value packages has been closed by President Donald Trump, pushing up prices for US customers of firms like Shein and Temu. The Chinese online retail giants relied on the so-called "de minimis" exemption to sell and ship low-value items directly to the US without having to pay duties or import taxes. Supporters of the loophole,
Keywords: exemption loophole packages said trump
Find related items on AmazonPublished on: 2025-07-24 01:04:58
A tool to manage versioning and changelogs with a focus on multi-package repositories The changesets workflow is designed to help when people are making changes, all the way through to publishing. It lets contributors declare how their changes should be released, then we automate updating package versions, and changelogs, and publishing new versions of packages based on the provided information. Changesets has a focus on solving these problems for multi-package repositories, and keeps package
Keywords: changes changeset changesets package packages
Find related items on AmazonPublished on: 2025-07-24 05:25:36
Seven malicious PyPi packages were found using Gmail's SMTP servers and WebSockets for data exfiltration and remote command execution. The packages were discovered by Socket's threat research team, who reported their findings to the PyPI, resulting in the removal of the packages. However, some of these packages were on PyPI for over four years, and based on third-party download counters, one was downloaded over 18,000 times. Here's the complete list shared by Socket: Coffin-Codes-Pro (9,000
Keywords: coffin downloads gmail package packages
Find related items on AmazonPublished on: 2025-07-26 01:08:33
AI-generated computer code is rife with references to non-existent third-party libraries, creating a golden opportunity for supply-chain attacks that poison legitimate programs with malicious packages that can steal data, plant backdoors, and carry out other nefarious actions, newly published research shows. The study, which used 16 of the most widely used large language models to generate 576,000 code samples, found that 440,000 of the package dependencies they contained were “hallucinated,” m
Keywords: code hallucinations malicious package software
Find related items on AmazonPublished on: 2025-07-29 22:15:43
AI-generated computer code is rife with references to non-existent third-party libraries, creating a golden opportunity for supply-chain attacks that poison legitimate programs with malicious packages that can steal data, plant backdoors, and carry out other nefarious actions, newly published research shows. The study, which used 16 of the most widely used large language models to generate 576,000 code samples, found that 440,000 of the package dependencies they contained were “hallucinated,” m
Keywords: code existent malicious package software
Find related items on AmazonPublished on: 2025-07-30 13:50:19
is a news writer fond of the electric vehicle lifestyle and things that plug in via USB-C. He spent over 15 years in IT support before joining The Verge. DHL Express is resuming shipments of packages valued over $800 that are bound for consumers in the US, Reuters reports. The international shipping company had suspended the shipments last week due to “a surge in formal customs clearances” amidst the Trump administration’s sweeping tariffs on international goods. Effective today, business-to-c
Keywords: 800 company dhl packages shipments
Find related items on AmazonPublished on: 2025-07-31 13:35:00
ZDNET's key takeaways The Eufy Security Video Doorbell E340 is normally available for $180 but is currently on sale. This doorbell features two cameras to give you complete visibility of the person at your door and any packages left on your porch, all with no monthly fees. Although the doorbell comes with 8GB of built-in local storage (enough for up to 60 days of event recordings), you need to add a Eufy Security HomeBase to get the most out of it. $149.99 at Amazon $119.99 at B&H Photo-Video
Keywords: camera door doorbell package video
Find related items on AmazonPublished on: 2025-08-01 00:45:00
Mike Hill/Getty Images In the decades since I started using Linux, I've experienced just about every distribution ever created, some of which were user-friendly and some of which were not. In some cases, I was determined to use them just for the bragging rights that I'd installed and used one of the most challenging operating systems on the planet. Other times, I just needed something to work out of the box. Also: 5 ways to use the Linux terminal on your Android phone - including my favorite
Keywords: app distributions linux nixos package
Find related items on AmazonPublished on: 2025-08-08 11:25:59
Elyse Betters Picaro / ZDNET In the decades since I started using Linux, I've experienced just about every distribution ever created, some of which were user-friendly and some of which were not. In some cases, I was determined to use them just for the bragging rights that I'd installed and used one of the most challenging operating systems on the planet. Other times, I just needed something to work out of the box. Also: Miss old-school Linux? This distro will take you back to the early 2000s
Keywords: app distributions linux nixos package
Find related items on AmazonPublished on: 2025-08-09 01:53:34
parcom - Parser Combinators parcom is a consise Parser Combinator library in the style of Haskell’s parsec and Rust’s nom . ( in-package :parcom ) (parse (*> ( string " Tempus " ) #' space ( string " fugit " )) " Tempus fugit. " ) fugit parcom operates strictly on strings, not streamed byte data, but is otherwise “zero copy” in that extracted substrings of the original input are not reallocated. parcom has no dependencies. Table of Contents Compatibility Compiler Status SBCL ✅ ECL ✅ Clas
Keywords: package parcom parse parser string
Find related items on AmazonPublished on: 2025-08-12 05:58:17
This post will describe how I design my programs in Go. I needed this for work, and while I searched for a link, nothing quite fits my coding practices out there. The word “Layered” can pull up some fairly close descriptions, but I want to lay out what I do. Deriving Some Requirements Go has a rule that I believe is underappreciated in its utility and whose implications are often not fully grasped, which is: Packages may not circularly reference each other. It is strictly forbidden. A compile
Keywords: circular code just package packages
Find related items on AmazonPublished on: 2025-08-13 13:00:06
DirecTV's base streaming package costs more than all the other platforms on this list and its stiffest competition is still Hulu Plus Live TV and YouTube TV. With its channel selection, it's ideal for sports fans who want to watch local or national games. The service does have its pluses, though -- for example, it includes the flipper-friendly ability to swipe left and right to change channels. Additionally, it includes some channels some other services can't, including nearly 250 PBS stations
Keywords: channels directv package sports tv
Find related items on AmazonPublished on: 2025-08-23 12:19:29
A new class of supply chain attacks named 'slopsquatting' has emerged from the increased use of generative AI tools for coding and the model's tendency to "hallucinate" non-existent package names. The term slopsquatting was coined by security researcher Seth Larson as a spin on typosquatting, an attack method that tricks developers into installing malicious packages by using names that closely resemble popular libraries. Unlike typosquatting, slopsquatting doesn't rely on misspellings. Instead
Keywords: ai hallucinated names package packages
Find related items on AmazonPublished on: 2025-08-23 10:22:35
The rise of AI-powered code generation tools is reshaping how developers write software - and introducing new risks to the software supply chain in the process. AI coding assistants, like large language models in general, have a habit of hallucinating. They suggest code that incorporates software packages that don't exist. As we noted in March and September last year, security and academic researchers have found that AI code assistants invent package names. In a recent study, researchers found
Keywords: ai code hallucinated package packages
Find related items on AmazonPublished on: 2025-08-25 04:40:26
Fedora change aims for 99% package reproducibility Ready to give LWN a try? With a subscription to LWN, you can stay current with what is happening in the Linux and free-software community and take advantage of subscriber-only site features. We are pleased to offer you a free trial subscription, no credit card required, so that you can see for yourself. Please, join us! The effort to ensure that open-source software is reproducible has been gathering steam over the years, and gaining traction
Keywords: build fedora package packages reproducible
Find related items on AmazonGo K’awiil is a project by nerdhub.co that curates technology news from a variety of trusted sources. We built this site because, although news aggregation is incredibly useful, many platforms are cluttered with intrusive ads and heavy JavaScript that can make mobile browsing a hassle. By hand-selecting our favorite tech news outlets, we’ve created a cleaner, more mobile-friendly experience.
Your privacy is important to us. Go K’awiil does not use analytics tools such as Facebook Pixel or Google Analytics. The only tracking occurs through affiliate links to amazon.com, which are tagged with our Amazon affiliate code, helping us earn a small commission.
We are not currently offering ad space. However, if you’re interested in advertising with us, please get in touch at [email protected] and we’ll be happy to review your submission.