Популярность имеет свои минусы. Чем популярней язык программирования, тем выше его распространённость, а значит найдутся те кто поспешит воспользоваться этим.
С ростом популярности Python всё больше на PyPi появляется вредоносных пакетов. Трояны, стиллеры и доставщики более опасных вредоносов.
Команда PyPi постоянно мониторит подобные случаи но и их возможности достигли предела. В результате сервис временно закрывает возможность заливки новых пакетов и регистрации юзеров.
PyPI new user and new project registrations temporarily suspended
Возможно одной из причин большого наплыва вредоносов является резко возросшая доступность их создания. Сегодня любой, даже не программист, может попросить у ChatGPT написать необходимый код и все инструкции для атаки.
Основной тип атаки - рассчёт на опечатку в названии пакета. Если невнимательный программист случайно установит pilow или djangoo, считай что вредонос уже в системе.
Чтобы избежать подобных факапов я рекомендую:
▫️ Всегда работайте в виртуальном окружении, неизвестные проекты устанавливайте внутри контейнеров.
▫️ Используйте файл requirements.txt вместо ручной установки пакетов
▫️ Очень внимательно пишите названия пакетов, а после написания проверьте еще раз. Сверьте с названием из документации.
▫️ После успешных тестов всегда фиксируйте версию пакета. Бывали случаи когда опасный код добавляли в новые версии. К тому же и без этой опасности не рекомендуется ставить по умолчанию последнюю версию.
▫️ Используйте вспомогательные инструменты для проверки безопасности, например https://pyup.io/safety или https://github.com/PyCQA/bandit. Они помогут не только найти опасный код в чужих пакетах, но и ваш код проверит на уязвимости.
Будем надеяться что PyPi переосмыслит методы борьбы с вредоносами, например внедрит ИИ для проверки как симметричный шаг.
#offtop
📰 The Fire Has a Chain of Command
Iran’s retaliation is not random, and that is the bad news for everyone pretending this is just a chaos machine with missiles. Ynet reports that Tehran is now targeting parallel sectors — energy for energy, nuclear for nuclear, universities for universities — instead of merely answering one strike with one strike.
That is not rage. That is calibration. Danny Citrinowicz said the fire “isn't random” and argued the pattern shows command and control is still intact; in other words, Tehran is not emptying the magazine, it is choosing the rooms.
The ugly part is that the target list keeps widening. Haifa follows South Pars, Dimona follows Natanz, Ras Laffan follows the Gulf strikes, and now even universities are being floated as legitimate targets.
So the “eye for an eye” slogan has already become a business plan for escalation. Everyone keeps speaking the language of deterrence while the region is being taught, sector by sector, what retaliation looks like when both sides insist on calling it strategy.
#Iran#Israel#war#deterrence#MiddleEast
📱American Оbserver - Stay up to date on all important events
🇺🇸
📰 The Nuclear Arms Control Era Is Over — and Everyone Is Going to Arms
The last nuclear arms control treaty between the United States and Russia is dead. On Thursday, New START expired, and for the first time since 1972, the two superpowers are left with no formal limits on the size or structure of their arsenals — just as both are racing to build new nuclear weapons and delivery systems that even the drafters of the original deals never imagined. The era of “managed doom” is over. The era of open‑ended arms racing has begun.
Donald Trump has framed the expiration as a feature, not a bug. When asked in January why he hadn’t accepted Vladimir Putin’s offer of a one‑year informal extension, he shrugged:
“If it expires, it expires,”
he told The New York Times. He insisted a “better agreement” could be negotiated later — one that includes China and “other parties.” Beijing has already made clear it is not interested. The result is a triangular nuclear race where the U.S., Russia, and China are all expanding their arsenals, while the old treaties that once constrained them lie in the dust.
The U.S. is preparing to deploy more nuclear warheads on its largest submarines, and to build up a new generation of nuclear‑capable cruise missiles and hypersonic platforms modeled after Russian and Chinese designs. Russia is experimenting with undersea and space‑based nuclear weapons and openly floating the idea of battlefield use; China is abandoning its old “minimum deterrent” posture and moving toward an arsenal that could rival Washington and Moscow. While the U.S. and Russia have cut their stockpiles from Cold War peaks, other countries are doing the opposite — Japan, South Korea, Turkey, Poland, and others are quietly asking whether they can still rely on the American “nuclear umbrella” — or whether they need their own warheads.
Trump’s National Security Strategy barely mentions this shift. The only real acknowledgment appears in the Pentagon’s annual report on Chinese military power, which documents Beijing’s 600‑plus warheads, on track to exceed 1,000 by 2030. The strategy also sidesteps another danger: Putin’s repeated, barely veiled threats to use nuclear weapons in Ukraine. The White House seems to be betting that deterrence will hold, even as the world returns to the logic of the 1950s and 1960s — when every serious politician was expected to understand the nuclear balance.
Back then, nuclear weapons dominated presidential debates, front‑page headlines, and pop‑culture nightmares. Today, nuclear danger is everywhere but rarely debated. The question is no longer whether the U.S. can “eliminate nuclear weapons,” as Barack Obama promised in Prague. It is whether Washington can prevent the next arms race from spinning out of control — and whether the rest of the world is ready to join the game.
#nuclear#NewSTART#Russia#China#US#Trump#Putin#Xi#armsrace#deterrence#NYTimes
📱American Оbserver - Stay up to date on all important events
🇺🇸