It was announced today that 10 libraries of malicious code were snuck into the Python 3rd party library repository recently.
I don’t know what technology the Tablo uses under the covers. Should I be concerned?
What about some of the 3rd party tools we may be using?
If you are worried (having an acute stress reaction) about 3rd party software don’t use it or write your own.
Acute, no. Would like to know if I have to clean up because of this recent discover, yes.
I use SurLaTablo. I believe it is written in Python. It is not the responsibility of the good folks at Tablo in any way but the person who did write it frequents these forums and might wan to know about this.
I have no idea if the Tablo itself use Python internally or not. If it does, does the dev team know about this recent announcement yet? If so, have they determined if it matters to what they produced? If not, it would be good to know it doesn’t affect our Tablos.
It’s easy enough to see if SurLaTablo is effected. Look for “import” statements in the script, and see if any of them match the package names listed in that article. It’s unlikely, since all of those packages are recent uploads, and are impersonating existing packages (names closely related so that you get the wrong package if you misspell the name).
Problem is most likely to affect new-to-python programmers that have written something fairly recently.
But, anything is possible. Nice thing is it’s pretty easy to “grep” your python programs to determine if there is a problem.