Hackers will have to work a little harder to get a piece of the PyPi.

Following a flurry of malicious uploads, the Python code-sharing platform PyPi will require two-factor authentication for all publishers, according to a May post from the repository’s primary maintainer and an IT Brew conversation with Ee Durbin, the Python Software Foundation infrastructure director.

When one account takeover can lead to widespread malware in the code index, the PyPi imperative aims to protect an increasingly enticing target—open-source code and the developers contributing to it.

“We believe that individual developers are in a more vulnerable position than corporate and business users,” wrote Donald Stufft, a PyPi maintainer and operator. “While businesses are generally able to hire staff and devote resources to vetting their dependencies, individual developers generally are not, and must expend their own limited free time to do so,” he said.

PyPi payloads. Established in 2003, the Python Package Index, known as PyPi, is an open-source, mostly volunteer-run repository for maintaining developed and shared Python packages.

Attackers have seen a high bang-for-buck effort from actively injecting malicious code into an open code base with hundreds of thousands of users—PyPi has over 700,000.

Keep reading.—BH

Nope, we’re not here to talk about getting enough fruits and veggies in your diet, folks (but hey, shout-out to broccoli).

Fiber-optic cables are the key to boosting the health and well-being of your corporate data networking and telecommunications (you really can’t say the same about their copper counterparts).

The fiber-optic world can be a biiiit tricky to navigate, so Eaton put together a buying guide to help you learn:

• what a fiber-optic cable is and how to recognize key features
• important questions to ask before selecting a fiber-optic cable
• how to compare and find the right type of optical fiber cable for you

Think your biz could benefit from faster data transmission, higher bandwidth capacity, and more data security? Get free, ungated access to Eaton’s fiber-optic buying guide.

A good indication that a smart device is about to become useless, according to CrowdStrike Global CTO Elia Zaitsev, is when the company behind a shiny new product goes dark, consigning all future updates and functionality to the wind.

That can mean a serious problem under certain circumstances.

“It’s one thing if we’re dealing with a child’s toy, but for dealing with critical infrastructure, medical devices—they need to be designed and sold from a commercial operational perspective with a concept of how we operate these devices on a long-term basis,” Zaitsev told IT Brew during an interview in April at RSA 2023.

It’s not a new problem. British smart-home company Hive stopped the US and Canada sale of devices—specifically home cameras and security systems—in 2022 and will phase out services over the next few years, with the support reportedly fully ceasing in 2025.

Keep reading.—EH

Today’s top IT reads.

Stat: 5 billion. That’s the number of cell phones worldwide that are estimated to be unused and ripe for recycling. (GSMA)

Quote: ​​“I always think I’m next, which is probably true.”—Alex Townsend, director of technology for Eden Prairie Schools in Minnesota, responding to a wave of ransomware attacks targeting the education sector this school year (Axios)

Read: Most AI efforts need an “annotator”—a human being tasked with lots and lots of labeling. (The Verge)

Trust is a must: Especially when it comes to device security. Kolide’s device trust solution helps teams with Okta achieve 100% compliance with internal standards. Watch their on-demand demo to learn more.*

^{*This is sponsored advertising content.}