Hanselminutes is Fresh Air for Developers. A weekly commute-time podcast that promotes fresh technology and fresh voices. Talk and Tech for Developers, Life-long Learners, and Technologists.
…
continue reading
Контент предоставлен Changelog Media. Весь контент подкастов, включая эпизоды, графику и описания подкастов, загружается и предоставляется непосредственно компанией Changelog Media или ее партнером по платформе подкастов. Если вы считаете, что кто-то использует вашу работу, защищенную авторским правом, без вашего разрешения, вы можете выполнить процедуру, описанную здесь https://ru.player.fm/legal.
Похожие на The Changelog: Software Development, Open Source
A podcast about web design and development.
…
continue reading
A weekly talk show taking a pragmatic look at the art and business of Software Development and the world of technology.
…
continue reading
It takes more than great code to be a great engineer. Soft Skills Engineering is a weekly advice podcast for software developers about the non-technical stuff that goes into being a great software developer.
…
continue reading
Thanks for visiting The Cell Phone Junkie! I will be taking the time each week to discuss my favorite topic, cell phones. Any feedback is appreciated and welcome. You can email me at: questions (AT) thecellphonejunkie (DOT) com or call: 206-203-3734 Thanks and welcome!
…
continue reading
An open show powered by community LINUX Unplugged takes the best attributes of open collaboration and turns it into a weekly show about Linux.
…
continue reading
Stay current on JavaScript, Node, and Front-End development. Learn from experts in programming, careers, and technology every week. Become a supporter of this podcast: https://www.spreaker.com/podcast/javascript-jabber--6102064/support.
…
continue reading
Python Bytes is a weekly podcast hosted by Michael Kennedy and Brian Okken. The show is a short discussion on the headlines and noteworthy news in the Python, developer, and data science space.
…
continue reading
Making artificial intelligence practical, productive & accessible to everyone. Practical AI is a show in which technology professionals, business people, students, enthusiasts, and expert guests engage in lively discussions about Artificial Intelligence and related topics (Machine Learning, Deep Learning, Neural Networks, GANs, MLOps, AIOps, LLMs & more). The focus is on productive implementations and real-world scenarios that are accessible to everyone. If you want to keep up with the lates ...
…
continue reading
1
The Ticket: Discover the Future of Customer Service, Support, and Experience, with Intercom
Intercom
1k
484
On The Ticket, you'll hear Intercom's Customer Support team in conversation with the customer service leaders, renowned customer experience thinkers, and influential authors who are shaping the field of customer support. Follow The Ticket to get the weekly episodes and sign up for our twice-monthly newsletter bursting with all the insights, trends, tips, and assets your team needs to embrace the future of customer service. https://www.intercom.com/blog/newsletter 🏠 www.intercom.com
…
continue reading
Player FM - приложение для подкастов
Работайте офлайн с приложением Player FM !
Работайте офлайн с приложением Player FM !
))
npm under siege (what to do about it) (Friends)
Manage episode 510381513 series 1282967
Контент предоставлен Changelog Media. Весь контент подкастов, включая эпизоды, графику и описания подкастов, загружается и предоставляется непосредственно компанией Changelog Media или ее партнером по платформе подкастов. Если вы считаете, что кто-то использует вашу работу, защищенную авторским правом, без вашего разрешения, вы можете выполнить процедуру, описанную здесь https://ru.player.fm/legal.
Over the past two months, we’ve seen some of the most serious supply chain attacks in npm history: phishing campaigns, maintainer account takeovers, and malware published to packages with billions of weekly downloads. What is going on?! What can we do about it? Our old friend, Feross Aboukhadijeh, joins us to help make sense of it all.
Changelog++ members save 2 minutes on this episode because they made the ads disappear. Join today!
Sponsors:
- Depot – 10x faster builds? Yes please. Build faster. Waste less time. Accelerate Docker image builds, and GitHub Actions workflows. Easily integrate with your existing CI provider and dev workflows to save hours of build time.
Featuring:
- Feross Aboukhadijeh – Website, GitHub, X
- Jerod Santo – GitHub, LinkedIn, Mastodon, X
- Adam Stacoviak – Website, GitHub, LinkedIn, Mastodon, X
Show Notes:
- Active supply chain attack: npm phishing campaign
- Npm phishing email targets developers with typosquat
- Nx npm packages compromised in supply chain attack
- Introducing socket firewall
- Changelog News Classifieds
Something missing or broken? PRs welcome!
Разделы
1. Let's talk! (00:00:00)
2. Sponsor: Depot (00:00:38)
3. Feross & Friends (00:02:49)
4. The big picture (00:04:04)
5. Why now? Why this? (00:05:50)
6. Phishing maintainers! (00:08:21)
7. Not for the lulz (00:11:51)
8. Maximal profit (00:15:28)
9. The most surprising hack (00:18:59)
10. exfiltrate and extrude (00:23:03)
11. Exploiting GitHub Actions (00:25:44)
12. It all happened so fast (00:29:56)
13. How Socket discloses (00:31:10)
14. Disclosing 0days vs malware (00:32:30)
15. Scanning GitHub Actions (00:34:49)
16. GH Actions footguns (00:36:18)
17. Socket's future GH Actions feature (00:40:04)
18. Evil genius move (00:41:48)
19. What devs can do (00:43:14)
20. Staying off the bleeding edge (00:47:30)
21. How many typosquats (00:50:21)
22. How we got here (00:52:58)
23. Was it worth it? (00:54:33)
24. GitHub's responsibility (00:57:09)
25. GitHub's roadmap (00:58:37)
26. Why doesn't npm do this (01:03:54)
27. A package vetting period (01:06:17)
28. Publisher opt-in (01:08:08)
29. We figured it out! (01:12:03)
30. Adam goes GH Karen (01:12:36)
31. Codegen everything instead (01:15:17)
32. More companies vendoring (01:20:08)
33. Proxies, mirrors, options (01:22:16)
34. New tool! sfw (01:23:22)
35. The next big thing? (01:27:37)
36. The criteria for free (01:28:50)
37. sfw is a great name (01:31:07)
38. Bye, friends (01:31:29)
39. Next week on the pod (01:32:34)
981 эпизодов
Поделиться
Manage episode 510381513 series 1282967
Контент предоставлен Changelog Media. Весь контент подкастов, включая эпизоды, графику и описания подкастов, загружается и предоставляется непосредственно компанией Changelog Media или ее партнером по платформе подкастов. Если вы считаете, что кто-то использует вашу работу, защищенную авторским правом, без вашего разрешения, вы можете выполнить процедуру, описанную здесь https://ru.player.fm/legal.
Over the past two months, we’ve seen some of the most serious supply chain attacks in npm history: phishing campaigns, maintainer account takeovers, and malware published to packages with billions of weekly downloads. What is going on?! What can we do about it? Our old friend, Feross Aboukhadijeh, joins us to help make sense of it all.
Changelog++ members save 2 minutes on this episode because they made the ads disappear. Join today!
Sponsors:
- Depot – 10x faster builds? Yes please. Build faster. Waste less time. Accelerate Docker image builds, and GitHub Actions workflows. Easily integrate with your existing CI provider and dev workflows to save hours of build time.
Featuring:
- Feross Aboukhadijeh – Website, GitHub, X
- Jerod Santo – GitHub, LinkedIn, Mastodon, X
- Adam Stacoviak – Website, GitHub, LinkedIn, Mastodon, X
Show Notes:
- Active supply chain attack: npm phishing campaign
- Npm phishing email targets developers with typosquat
- Nx npm packages compromised in supply chain attack
- Introducing socket firewall
- Changelog News Classifieds
Something missing or broken? PRs welcome!
Разделы
1. Let's talk! (00:00:00)
2. Sponsor: Depot (00:00:38)
3. Feross & Friends (00:02:49)
4. The big picture (00:04:04)
5. Why now? Why this? (00:05:50)
6. Phishing maintainers! (00:08:21)
7. Not for the lulz (00:11:51)
8. Maximal profit (00:15:28)
9. The most surprising hack (00:18:59)
10. exfiltrate and extrude (00:23:03)
11. Exploiting GitHub Actions (00:25:44)
12. It all happened so fast (00:29:56)
13. How Socket discloses (00:31:10)
14. Disclosing 0days vs malware (00:32:30)
15. Scanning GitHub Actions (00:34:49)
16. GH Actions footguns (00:36:18)
17. Socket's future GH Actions feature (00:40:04)
18. Evil genius move (00:41:48)
19. What devs can do (00:43:14)
20. Staying off the bleeding edge (00:47:30)
21. How many typosquats (00:50:21)
22. How we got here (00:52:58)
23. Was it worth it? (00:54:33)
24. GitHub's responsibility (00:57:09)
25. GitHub's roadmap (00:58:37)
26. Why doesn't npm do this (01:03:54)
27. A package vetting period (01:06:17)
28. Publisher opt-in (01:08:08)
29. We figured it out! (01:12:03)
30. Adam goes GH Karen (01:12:36)
31. Codegen everything instead (01:15:17)
32. More companies vendoring (01:20:08)
33. Proxies, mirrors, options (01:22:16)
34. New tool! sfw (01:23:22)
35. The next big thing? (01:27:37)
36. The criteria for free (01:28:50)
37. sfw is a great name (01:31:07)
38. Bye, friends (01:31:29)
39. Next week on the pod (01:32:34)
981 эпизодов
Tất cả các tập
×
Добро пожаловать в Player FM!
Player FM сканирует Интернет в поисках высококачественных подкастов, чтобы вы могли наслаждаться ими прямо сейчас. Это лучшее приложение для подкастов, которое работает на Android, iPhone и веб-странице. Зарегистрируйтесь, чтобы синхронизировать подписки на разных устройствах.
Похожие на The Changelog: Software Development, Open Source
Hanselminutes is Fresh Air for Developers. A weekly commute-time podcast that promotes fresh technology and fresh voices. Talk and Tech for Developers, Life-long Learners, and Technologists.
…
continue reading
A podcast about web design and development.
…
continue reading
A weekly talk show taking a pragmatic look at the art and business of Software Development and the world of technology.
…
continue reading
It takes more than great code to be a great engineer. Soft Skills Engineering is a weekly advice podcast for software developers about the non-technical stuff that goes into being a great software developer.
…
continue reading
Thanks for visiting The Cell Phone Junkie! I will be taking the time each week to discuss my favorite topic, cell phones. Any feedback is appreciated and welcome. You can email me at: questions (AT) thecellphonejunkie (DOT) com or call: 206-203-3734 Thanks and welcome!
…
continue reading
An open show powered by community LINUX Unplugged takes the best attributes of open collaboration and turns it into a weekly show about Linux.
…
continue reading
Stay current on JavaScript, Node, and Front-End development. Learn from experts in programming, careers, and technology every week. Become a supporter of this podcast: https://www.spreaker.com/podcast/javascript-jabber--6102064/support.
…
continue reading
Python Bytes is a weekly podcast hosted by Michael Kennedy and Brian Okken. The show is a short discussion on the headlines and noteworthy news in the Python, developer, and data science space.
…
continue reading
Making artificial intelligence practical, productive & accessible to everyone. Practical AI is a show in which technology professionals, business people, students, enthusiasts, and expert guests engage in lively discussions about Artificial Intelligence and related topics (Machine Learning, Deep Learning, Neural Networks, GANs, MLOps, AIOps, LLMs & more). The focus is on productive implementations and real-world scenarios that are accessible to everyone. If you want to keep up with the lates ...
…
continue reading
1
The Ticket: Discover the Future of Customer Service, Support, and Experience, with Intercom
Intercom
1k484
On The Ticket, you'll hear Intercom's Customer Support team in conversation with the customer service leaders, renowned customer experience thinkers, and influential authors who are shaping the field of customer support. Follow The Ticket to get the weekly episodes and sign up for our twice-monthly newsletter bursting with all the insights, trends, tips, and assets your team needs to embrace the future of customer service. https://www.intercom.com/blog/newsletter 🏠 www.intercom.com
…
continue reading
Player FM - приложение для подкастов
Работайте офлайн с приложением Player FM !
Работайте офлайн с приложением Player FM !
