How Unicode reading direction characters defeat source code inspection, and what it means for the open-source movement

from blog Kevin Boone's website, | ↗ original
↗ original
There's been a recent scare that Unicode reading direction characters could be used to conceal malicious code in open-source projects. This is undoubtedly true, but that fact doesn't make it significantly harder to ensure the security of open-source code than it already is.
This is a short summary. ↗ Open original to view full content

Related

Lesser Known Coding Fonts
Reasonable Performance | original ↗
RE: Throw Away Code? Use go, not Python or Rust!
Christian Hollinger | original ↗
Correctness in Rust: building strings
Federico's Blog | original ↗
Your Computer Isn’t Yours
Jeffrey Paul | original ↗
When the Down Arrow is not an Upside-Down Up Arrow
The Floating Continent | original ↗
Most Open-Source Projects' Codebases are Impossible for Outsiders to Read
Gus Hogg-Blake | original ↗
Eloquent JavaScript's Build System
marijnhaverbeke.nl/blog | original ↗
Cursor motion & bi-directional text
marijnhaverbeke.nl/blog | original ↗
Security means securing people where they are
ENOSUCHBLOG | original ↗
UTF-8 and the problem of over-long characters
Kevin Boone's website | original ↗

More from Kevin Boone's website

They don't make them like that any more: Sony PRS-500 e-reader
9 Dec 2024 | original ↗

In a market dominated by the Amazon Kindle, it's easy to forget that Sony, not Amazon, made the first commercially-successful e-book reader.

They don't make 'em like that any more: things you can switch off
8 Dec 2024 | original ↗

How worried should we be, that we're wasting electrical energy for no benefit?

The Argleton affair, and the Wikification of the World-Wide Web
5 Dec 2024 | original ↗

How a non-existent English village ended up on maps, and the implications this has for how we handle information.

Extending the bash 'cd' command in Linux
5 Dec 2024 | original ↗

The built-in cd command in the bash shell is not as smart as it could be; but it's a little fiddly to extend its functionality.

Using an ammo box as portable 12V power supply
5 Dec 2024 | original ↗

A military-surplus steel ammunition box makes a great housing for a high-current, outdoor 12V power supply. This article gives some ideas about how to build one.