Repo Roundup Welcome again to Repo Roundup, in which The Reg trawls online code repositories to let you know about the fun, the useful or the inexplicable.
This week, let's start with DevSkim from Microsoft, which quietly landed in public preview in mid-December.
DevSkim's aim is to help developers spot code errors that could be a security problem. It flags “potentially dangerous calls”, and “gives in-context advice” about how to fix them.
For example, if a developer defined MD5 as a hash, DevSkim would show a pop-up telling the user they're making a critical error, and suggest they change SHA-256 or SHA-512.
Microsoft's also been crafting plug-ins to add DevSkim to various development environments. Since DevSkim first landed, it's dropped repos for Visual Studio 2015 (on Windows 7 or later), Sublime Text (Windows, Mac OS and Linux), and VS Code (Windows, Mac OS and Linux).
A penguin as your PA
Of course you want to run a nothing-like-Siri personal assistant from the Linux command line, right? Right. So if you want to type “restaurants near me” at the CLI rather than in Google – and have the CLI open a suitable Google Maps page for you – Jarvis is here.
The video below tells all you need to know, and in the interests of authenticity, developer Sukeesh even retains his typos.
Protect your USB
In the best traditions of CIA-style up-close-and-personal human intelligence, some of the hacks pushed out in Wikileaks' latest press release depended on physical access: to make 'em work you needed to get at the USB port, for example.
Robert Fisk has a contribution to the problem. While his “firewall for USB” won't help if you're being hit with a spanner, it could save you from a device that's got malware on it while it's still bubble-wrapped.
The project's called "USG" and is simple enough: a USB device plugs into and gets scanned for stuff like BadUSB. If you don't want to buy Fisk's hardware (NZ$80, US$60 or AU$74), there are DIY instructions for working with Olimex development boards.
As he notes in the technical discussion here, some of his functionality is still under active development. ®