5 min read

Weekend Briefing No. 18

Python programmers beware of these malicious packages stealing your sensitive data!
Weekend Briefing No. 18
Photo by Matt Roskovec / Unsplash

Good Sunday morning! Welcome to this Weekend's Briefing, a day late because I was traveling! Expect interesting data points about the countries I visited in the forthcoming briefings! Caio!

Interesting data points

  • The median age in Portugal is 44.6 years; 42.7 for males and 43.6 for females
  • The Azores are an archipelago comprising nine islands that occupy a surface area of 2,346 km2 (906 sq mi), they are active volcanically
  • The name Portugal comes from Latin and Roman meaning "Port of Gaya" and "harbor, port"
  • Portugal imports more goods ($112.413 billion - 2021 estimate) than it exports ($105.648 billion -2021 estimate)
  • Personal data point: the Sangria in Portugal was good and utilitarian but fair. I'll rate it 3 out of 5 stars

Hundreds of malicious Python packages found stealing sensitive data

Coming from the "fat finger" mistake corner, 272 Python packages were found to compromise your code if you accidentally misspelled them during a pip install or similar import command. Watch out for how you spell those packages!

Hundreds of malicious Python packages found stealing sensitive data
A malicious campaign that researchers observed growing more complex over the past half year, has been planting on open-source platforms hundreds of info-stealing packages that counted about 75,000 downloads.
The researchers warn that open-source communities and developer ecosystems continue to be susceptible to supply chain attacks, and threat actors upload malicious packages on widely used repositories and version control systems, such as GitHub, or package regitries like PyPi and NPM, daily.
Users are recommended to scrutinize the projects and package publishers they trust and be vigilant about typosquatting package names.

A full list of the malicious packages can be found on GitHub (subject to change).

Solar efficiency reaches 36.1%

A big breakthrough for solar efficiency research! Researchers in Germany have created a multijunction solar cell that can reach an efficiency of 36.1 percent! While that number sounds pretty low, it'll have a drastic effect on the levelized cost of electricity, also known as the "break even cost" of energy generation.

The only drawback, right now, is that these cells are more expensive to fabricate. Given the fact that the current cells have an efficiency of 27%, I believe that the fabrication process will be refined and become more cost effective in near future!

Multijunction solar cell reaches record 36.1% efficiency - News
Our selection of industry specific magazines cover a large range of topics.
These solar cells are currently more expensive to fabricate than conventional silicon solar cells, which reach efficiencies of up to 27 percent. However, the very high efficiency of the multijunction cell is a great benefit for applications where the available space is limited and a large amount of solar power must be generated within a small area. Applications are foreseen in solar-powered electric cars, consumer products, and drones, for example.

Considering the solar cell/panel market is expected to triple by 2028, now might be the time to install a solar energy system on your house!

How change is created

I love the r/coolguides group, there are so many great infographics. Lately I've been thinking about how to create new healthy and personal habits. I found this infographic relatable because you can't have successful outcome without an idea, plan, and execution.

From r/coolguides

Build your own OSINT tools and APIs

I've been evaluating different OSINT (open source intelligence) tools out there and various Python packages keep "popping up" in my search. I recently came across the Python OSINT package.

GitHub - qeeqbox/osint: Build custom OSINT tools and APIs (Ping, Traceroute, Scans, Archives, DNS, Scrape, Whois, Metadata & built-in database for more info) with this python package
Build custom OSINT tools and APIs (Ping, Traceroute, Scans, Archives, DNS, Scrape, Whois, Metadata & built-in database for more info) with this python package - GitHub - qeeqbox/osint: Build cu…

It let's you scan domains, whether or not a site is using SSL, and host of other intelligence extraction methods. It does rely on a several other open source packages like: scapy, tld, netifaces, dnspython, beautifulsoup4, requests pyOpenSSL, lxml, and langdetect. Also known, in my book, as the usual suspects.

Help me reach my BHAG!

Hi friends, I have a very Big and Hairy Audacious Goal (BHAG) for the end of the year, I want to reach 1000 newsletter subscribers! I'm asking for your help to get this done so if you liked this newsletter (or any of the past articles), please share it on LinkedIn, Twitter, Reddit, or Facebook.