Console

The Economist, Traitor, and Serenity

Sponsorship

Data Science Prep

Get exceptionally good at data science interviews by getting real interview questions in your inbox every week at https://datascienceprep.com - join 5000+ folks who are working or interested in data science and machine learning!


Not subscribed to Console yet? Subscribe now to get a list of new open-source projects curated by an Amazon engineer in your email every week.

Already subscribed? Refer 10 friends to Console and we’ll donate $100 to an open-source project of your choice!


Projects

serenity

SerenityOS is a graphical Unix-like operating system for x86 computers.

language: C++, stars: 13600, watchers: 286, forks: 1297, issues: 529

last commit: June 19, 2021, first commit: October 10, 2018

https://twitter.com/awesomekling

traitor

Traitor is a tool to automatically exploit low-hanging fruit to pop a root shell.

language: Go, stars: 3180, watchers: 87, forks: 176, issues: 9

last commit: June 17, 2021, first commit: January 24, 2021

https://twitter.com/liam_galvin

covid-19-the-economist-global-excess-deaths-model

This repo contains The Economist’s model to estimate excess deaths to the Covid-19 pandemic.

language: R, stars: 201, watchers: 14, forks: 27, issues: 1

last commit: June 03, 2021, first commit: May 12, 2021

https://twitter.com/sondreus

splashgen

SplashGen lets you rapidly build simple landing pages as easily as you can build a simple command-line application.

language: Python, stars: 182, watchers: 6, forks: 8, issues: 3

last commit: June 16, 2021, first commit: May 17, 2021

https://twitter.com/traviskaufman


An Interview With Liam Galvin of Traitor (and many many others)

Hey Liam! Thanks for joining us! Let’s start with your background. Where have you worked in the past, where are you from, how did you learn how to program, what languages or frameworks do you prefer, etc?

In my early teens I was messing around with QBasic on my dad’s old 386 (GORILLA.BAS anyone?) without realising what I was doing was programming. At the time I had no internet access and very few resources, it was a different world! I remember creating a dodgy program with VB6 that would mimic the Windows 2000 login screen to harvest passwords in an early IT class. After university I worked for a small hybrid web dev/security outfit before going freelance. I was introduced to Go around 6-7 years ago and loved it. I’ve been building microservices and security tooling with it ever since, most recently at FORM3.

Who or what are your biggest influences as a developer?

My biggest influences have always been the people I've been lucky enough to find myself working alongside. Over the years I’ve been privileged to work with some amazing people who probably don’t know how big an effect they’ve had on me. 

What's an opinion you have that most people don't agree with?

Imposter syndrome can be useful. I’ve realised I’m always going to feel it when I surround myself with smart people, but doing exactly that is what I love as it ensures I'm constantly learning new things and challenging myself. If I don’t feel like an imposter any more, it’s an excellent sign that it’s probably time to move on...

What’s your most controversial programming opinion?

You can never have too much ASCII art.

If you had to suggest 1 person developers should follow, who would it be?

Probably @tomnomnom, he’s built some awesome tooling.

What are you currently learning?

Electronics. I’ve accumulated a crazy number of Raspberry Pis and components that it’d be great to make use of. I’m also brushing up on my pen-testing skills.

How do you separate good project ideas from bad ones?

I don’t - I build them both! I generally build tools that I need, but sometimes it’s fun to write code and see what comes of it. For every successful project I have on GitHub, there are hundreds of unsuccessful or plain stupid ones I’ve left by the wayside (see docker run -it liamg/thisisfine), most of which don’t even make it into version control.

Why was Traitor started?

I was too lazy to manually look for “easy” privilege escalation routes via GTFOBins during CTFs, and it looked like it would be fun and effective to automate.

Is Traitor intended to eventually be monetized if it isn’t monetized already?

Nope, it was built for fun and primarily my own use, but I’m open to ideas!

Are there any other projects besides Traitor that you’re working on?

tfsec, gitjacker and aminal are the main ones that have done well, though I've rewritten aminal on a private fork and will be merging it back soon as I've learned a lot from when it was first put together. There's a random bunch of other stuff on my GitHub profile here: https://github.com/liamg

You’re maintaining all those repos?! How do you balance your work on open-source with your day job and other responsibilities?

I generally consider work on my open source contributions to be “leisure” time, so it’s often how I relax in the evenings once my son is in bed.

Where do you see Traitor heading next?

I'd love to be able to add more exploits for common Linux privesc CVEs. This week I've added an exploit for the recent polkit CVE (CVE-2021-3560) and I'm always excited to receive PRs for similar exploits!

What motivates you to continue contributing to Traitor?

I’m really motivated when people start using my projects. It’s been really rewarding to see projects like Traitor and tfsec rise in popularity!

Do you have any suggestions for someone trying to make their first contribution to an open-source project?

Go for it! You don’t have to fix a super complex bug or add a huge feature. Find something that irritates you and improve it.