CoinBLAS VS thegreatsuspender

When you consider that a graph and a matrix are isomorphic, doing vector matrix multiplication takes a vector with a set value, say row 4, and multiplies it by a matrix where row 4 has values present that represent edges to the nodes that are adjacent to it (ie "adjacency" matrix). The result is a vector with the next "step" in a BFS across the graph, do that in a loop and you step across the whole graph.

A cool result of this is, for example, taking an adjacency matrix and squaring it is the "Friend of a Friend" graph. It takes every node/row and multiplies it by itself, returning a matrix that are adjacent to the adjacencies of each node, ie, the friends (adjacencies of the adjacencies) of friends (adjacencies) of the nodes.

Deeper traversal are just higher nodes, a matrix cubed are the friends of the friends of the friends.

A picture is worth a thousand words, see figure 7 of this paper:

https://arxiv.org/pdf/1606.05790.pdf

Also check out figure 8, this shows how incidence matrices can work to represent hyper and multi graphs. An pair of incidence matrices reprsent two graphs, one from nodes to edges and the other from edges to nodes, these are n by m and m by n. When you multiply them, you get a square adjacency matrix that "projects" the incidence into an adjacency. This can be used to collapse hypergraphs into simple graphs that use different semirings to combine the multiple edges.

For some pretty pictures of this kind of stuff, check out CoinBLAS (note I am not a crypto-bro, it was just a very handy extremely large multi-graph that I could easily download in chunks to play with):

https://github.com/Graphegon/CoinBLAS/

Python wrapper around The GraphBLAS API:

https://github.com/michelp/pygraphblas

For an upcoming paper we've open sourced using pygraphblas to analyse the bitcoin graph using the GAP benchmarks on a server with 1TB of RAM:

https://github.com/Graphegon/CoinBLAS

Happened in (2021)[https://github.com/greatsuspender/thegreatsuspender/issues/1...], and then a few others have forked the extension and tried to revive it, only to eventually sell to nefarious owners or sell user data themselves

I went to github and downloaded the last known "good version, installed it manually."

You want someone to die for disabling a potentially malicious extension that is unmantained since 2020?

Also if you want to read up on the removal of the app and the malware issues this post goes over it as well as other recovery options

Similar code projects have had issues like this before, like the open source Great Suspender.

What can happen after a project changes hands - https://github.com/greatsuspender/thegreatsuspender/issues/1263

Better link https://github.com/greatsuspender/thegreatsuspender/issues/1...

> TLDR: The old maintainer appears to have sold the extension to parties unknown, who have malicious intent to exploit the users of this extension in advertising fraud, tracking, and more. In v7.1.8 of the extension (published to the web store but NOT to GitHub), arbitrary code was executed from a remote server, which appeared to be used to commit a variety of tracking and fraud actions. After Microsoft removed it from Edge for malware, v7.1.9 was created without this code: that has been the code distributed by the web store since November, and it does not appear to load the compromised script. However, the malicious maintainer remains in control, however, and can introduce an update at any time. It further appears that, while v7.1.9 was what was listed on the store, those who had the hostile v7.1.8 installed did NOT automatically receive the malware-removing update, and continued running the hostile code until Google force-disabled the extension.

For what it is worth, you may have heard of the Great Suspender incident (https://github.com/greatsuspender/thegreatsuspender/issues/1263). It was used by millions, and was also open source on GitHub, but it could still end up becoming malicious.

Long ass comment: That is not true for the most part. While the increased amount of individuals working of an OSS project may lead to better vulnerability detection according to both parties of the closed-source/proprietary debate, it doesn't lead to a massively more secure software overall. Not all reviewers have the similar experience or expertise and, because of it, not everyone will be able to review, identify or patch any flaws or vulnerability of a specific software since it may require other skills beyond just basic programming skills such as network or cryptographic skills. [1] Some even suggested that the large number of users contributing to the project can lead people "into a false sense of security." [2] Overall, some papers conclude that being an open source software or a proprietary software isn't an important factor for security and suggest considering other factors, such as the particular vendor/maintainer that controls the entire process. [3] After all, what if the maintainer decides to sabotage their own code? What if the project was sold to another maintainer for its own shaddy needs?

If you're referring to The Great Suspender, that extension was bought by an advertising company earlier this year. I'm using the last good version (github) though.