
Refer to the CHANGELOG for all info. --------- Co-authored-by: Wouter van Wageningen <wouter.vdub@yahoo.com> Co-authored-by: Josh Munic <jpmunic@gmail.com> Co-authored-by: Jonathan Haas <haasjona@gmail.com>
52 lines
2.2 KiB
Text
52 lines
2.2 KiB
Text
---
|
|
authors: 1
|
|
caption: 'Your login background for December'
|
|
date: '2018-11-30'
|
|
intro: 'Monthly roundup - November 2018: New showcases and a (false) security alarm'
|
|
title: 'Monthly roundup - November 2018: New showcases and a (false) security alarm'
|
|
---
|
|
|
|
This is your monthly roundup of the freesewing news of the last four weeks,
|
|
and a look at what lies ahead in the next month.
|
|
|
|
<!-- truncate -->
|
|
|
|
## Looking back at November
|
|
|
|
I have been very busy this month, but more about that in our roundup post for
|
|
the year which you can expect on December 10th.
|
|
|
|
Because I've been busy, a few showcase posts had fallen through the cracks.
|
|
I've cleared the backlog in my inbox now, and as a result we have [a new Bruce
|
|
showcase by Felix](/showcase/bruce-three-pack) and [a new Sandy showcase by
|
|
Karin](/showcase/sandy-by-karin).
|
|
|
|
If you've made one of our patterns, make sure to send in your pictures so we
|
|
can add them too. I mean, even if it takes a while, I do eventually get around
|
|
to it :)
|
|
|
|
Earlier this week, I woke to the unsettling news that a popular package on NPM
|
|
[had been hijacked by malicious
|
|
actors](https://arstechnica.com/information-technology/2018/11/hacker-backdoors-widely-used-open-source-software-to-steal-bitcoin/).
|
|
|
|
That's obviously shitty behaviour, but the fact that this package is a
|
|
dependency of our backend (as in, we use it) made for a rude awakening. Our
|
|
backend was patched by the time I got to work (yay for trains), but as more
|
|
information came to light, it turned out it was never a problem in the first
|
|
place.
|
|
|
|
For one thing, the dependency was a so-called development dependency. Code that
|
|
is included while developing, but not included in the production build.
|
|
|
|
Furthermore, the malicious actors were targetting a very specific set of people
|
|
in order to make off with their bitcoin, so there was never an issue.
|
|
|
|
As the story was developing, we [posted updates on
|
|
Twitter](https://twitter.com/freesewing_org/status/1067312509672177664) so if
|
|
you want to make sure you want to hear all the latest news, make sure to follow
|
|
[@freesewing_org](https://twitter.com/freesewing_org) on Twitter.
|
|
|
|
## Looking ahead to December
|
|
|
|
In early December we traditionally do our yearly roundup, so more on that soon
|
|
:)
|