Hanselminutes is Fresh Air for Developers. A weekly commute-time podcast that promotes fresh technology and fresh voices. Talk and Tech for Developers, Life-long Learners, and Technologists.
…
continue reading
A tartalmat a Changelog Media biztosítja. Az összes podcast-tartalmat, beleértve az epizódokat, grafikákat és podcast-leírásokat, közvetlenül a Changelog Media vagy a podcast platform partnere tölti fel és biztosítja. Ha úgy gondolja, hogy valaki az Ön engedélye nélkül használja fel a szerzői joggal védett művét, kövesse az itt leírt folyamatot https://hu.player.fm/legal.
Hasonló a(z) The Changelog: Software Development, Open Source sorozathoz
The award-winning WIRED UK Podcast with James Temperton and the rest of the team. Listen every week for the an informed and entertaining rundown of latest technology, science, business and culture news. New episodes every Friday.
…
continue reading
A weekly talk show taking a pragmatic look at the art and business of Software Development and the world of technology.
…
continue reading
It takes more than great code to be a great engineer. Soft Skills Engineering is a weekly advice podcast for software developers about the non-technical stuff that goes into being a great software developer.
…
continue reading
Thanks for visiting The Cell Phone Junkie! I will be taking the time each week to discuss my favorite topic, cell phones. Any feedback is appreciated and welcome. You can email me at: questions (AT) thecellphonejunkie (DOT) com or call: 206-203-3734 Thanks and welcome!
…
continue reading
A podcast about web design and development.
…
continue reading
Developer Tea exists to help driven developers connect to their ultimate purpose and excel at their work so that they can positively impact the people they influence. With over 17 million downloads to date, Developer Tea is a short podcast hosted by Jonathan Cutrell, engineering leader with over 15 years of industry experience. We hope you'll take the topics from this podcast and continue the conversation, either online or in person with your peers. Email: [email protected]
…
continue reading
Python Bytes is a weekly podcast hosted by Michael Kennedy and Brian Okken. The show is a short discussion on the headlines and noteworthy news in the Python, developer, and data science space.
…
continue reading
An open show powered by community LINUX Unplugged takes the best attributes of open collaboration and turns it into a weekly show about Linux.
…
continue reading
1
The Ticket: Discover the Future of Customer Service, Support, and Experience, with Intercom
Intercom
1k
479
On The Ticket, you'll hear Intercom's Customer Support team in conversation with the customer service leaders, renowned customer experience thinkers, and influential authors who are shaping the field of customer support. Follow The Ticket to get the weekly episodes and sign up for our twice-monthly newsletter bursting with all the insights, trends, tips, and assets your team needs to embrace the future of customer service. https://www.intercom.com/blog/newsletter 🏠 www.intercom.com
…
continue reading
Player FM - Podcast alkalmazás
Lépjen offline állapotba az Player FM alkalmazással!
Lépjen offline állapotba az Player FM alkalmazással!
))
npm under siege (what to do about it) (Friends)
Manage episode 510381513 series 1282967
A tartalmat a Changelog Media biztosítja. Az összes podcast-tartalmat, beleértve az epizódokat, grafikákat és podcast-leírásokat, közvetlenül a Changelog Media vagy a podcast platform partnere tölti fel és biztosítja. Ha úgy gondolja, hogy valaki az Ön engedélye nélkül használja fel a szerzői joggal védett művét, kövesse az itt leírt folyamatot https://hu.player.fm/legal.
Over the past two months, we’ve seen some of the most serious supply chain attacks in npm history: phishing campaigns, maintainer account takeovers, and malware published to packages with billions of weekly downloads. What is going on?! What can we do about it? Our old friend, Feross Aboukhadijeh, joins us to help make sense of it all.
Changelog++ members save 2 minutes on this episode because they made the ads disappear. Join today!
Sponsors:
- Depot – 10x faster builds? Yes please. Build faster. Waste less time. Accelerate Docker image builds, and GitHub Actions workflows. Easily integrate with your existing CI provider and dev workflows to save hours of build time.
Featuring:
- Feross Aboukhadijeh – Website, GitHub, X
- Jerod Santo – GitHub, LinkedIn, Mastodon, X
- Adam Stacoviak – Website, GitHub, LinkedIn, Mastodon, X
Show Notes:
- Active supply chain attack: npm phishing campaign
- Npm phishing email targets developers with typosquat
- Nx npm packages compromised in supply chain attack
- Introducing socket firewall
- Changelog News Classifieds
Something missing or broken? PRs welcome!
Fejezetek
1. Let's talk! (00:00:00)
2. Sponsor: Depot (00:00:38)
3. Feross & Friends (00:02:49)
4. The big picture (00:04:04)
5. Why now? Why this? (00:05:50)
6. Phishing maintainers! (00:08:21)
7. Not for the lulz (00:11:51)
8. Maximal profit (00:15:28)
9. The most surprising hack (00:18:59)
10. exfiltrate and extrude (00:23:03)
11. Exploiting GitHub Actions (00:25:44)
12. It all happened so fast (00:29:56)
13. How Socket discloses (00:31:10)
14. Disclosing 0days vs malware (00:32:30)
15. Scanning GitHub Actions (00:34:49)
16. GH Actions footguns (00:36:18)
17. Socket's future GH Actions feature (00:40:04)
18. Evil genius move (00:41:48)
19. What devs can do (00:43:14)
20. Staying off the bleeding edge (00:47:30)
21. How many typosquats (00:50:21)
22. How we got here (00:52:58)
23. Was it worth it? (00:54:33)
24. GitHub's responsibility (00:57:09)
25. GitHub's roadmap (00:58:37)
26. Why doesn't npm do this (01:03:54)
27. A package vetting period (01:06:17)
28. Publisher opt-in (01:08:08)
29. We figured it out! (01:12:03)
30. Adam goes GH Karen (01:12:36)
31. Codegen everything instead (01:15:17)
32. More companies vendoring (01:20:08)
33. Proxies, mirrors, options (01:22:16)
34. New tool! sfw (01:23:22)
35. The next big thing? (01:27:37)
36. The criteria for free (01:28:50)
37. sfw is a great name (01:31:07)
38. Bye, friends (01:31:29)
39. Next week on the pod (01:32:34)
958 epizódok
Megosztás
Manage episode 510381513 series 1282967
A tartalmat a Changelog Media biztosítja. Az összes podcast-tartalmat, beleértve az epizódokat, grafikákat és podcast-leírásokat, közvetlenül a Changelog Media vagy a podcast platform partnere tölti fel és biztosítja. Ha úgy gondolja, hogy valaki az Ön engedélye nélkül használja fel a szerzői joggal védett művét, kövesse az itt leírt folyamatot https://hu.player.fm/legal.
Over the past two months, we’ve seen some of the most serious supply chain attacks in npm history: phishing campaigns, maintainer account takeovers, and malware published to packages with billions of weekly downloads. What is going on?! What can we do about it? Our old friend, Feross Aboukhadijeh, joins us to help make sense of it all.
Changelog++ members save 2 minutes on this episode because they made the ads disappear. Join today!
Sponsors:
- Depot – 10x faster builds? Yes please. Build faster. Waste less time. Accelerate Docker image builds, and GitHub Actions workflows. Easily integrate with your existing CI provider and dev workflows to save hours of build time.
Featuring:
- Feross Aboukhadijeh – Website, GitHub, X
- Jerod Santo – GitHub, LinkedIn, Mastodon, X
- Adam Stacoviak – Website, GitHub, LinkedIn, Mastodon, X
Show Notes:
- Active supply chain attack: npm phishing campaign
- Npm phishing email targets developers with typosquat
- Nx npm packages compromised in supply chain attack
- Introducing socket firewall
- Changelog News Classifieds
Something missing or broken? PRs welcome!
Fejezetek
1. Let's talk! (00:00:00)
2. Sponsor: Depot (00:00:38)
3. Feross & Friends (00:02:49)
4. The big picture (00:04:04)
5. Why now? Why this? (00:05:50)
6. Phishing maintainers! (00:08:21)
7. Not for the lulz (00:11:51)
8. Maximal profit (00:15:28)
9. The most surprising hack (00:18:59)
10. exfiltrate and extrude (00:23:03)
11. Exploiting GitHub Actions (00:25:44)
12. It all happened so fast (00:29:56)
13. How Socket discloses (00:31:10)
14. Disclosing 0days vs malware (00:32:30)
15. Scanning GitHub Actions (00:34:49)
16. GH Actions footguns (00:36:18)
17. Socket's future GH Actions feature (00:40:04)
18. Evil genius move (00:41:48)
19. What devs can do (00:43:14)
20. Staying off the bleeding edge (00:47:30)
21. How many typosquats (00:50:21)
22. How we got here (00:52:58)
23. Was it worth it? (00:54:33)
24. GitHub's responsibility (00:57:09)
25. GitHub's roadmap (00:58:37)
26. Why doesn't npm do this (01:03:54)
27. A package vetting period (01:06:17)
28. Publisher opt-in (01:08:08)
29. We figured it out! (01:12:03)
30. Adam goes GH Karen (01:12:36)
31. Codegen everything instead (01:15:17)
32. More companies vendoring (01:20:08)
33. Proxies, mirrors, options (01:22:16)
34. New tool! sfw (01:23:22)
35. The next big thing? (01:27:37)
36. The criteria for free (01:28:50)
37. sfw is a great name (01:31:07)
38. Bye, friends (01:31:29)
39. Next week on the pod (01:32:34)
958 epizódok
सभी एपिसोड
×
Üdvözlünk a Player FM-nél!
A Player FM lejátszó az internetet böngészi a kiváló minőségű podcastok után, hogy ön élvezhesse azokat. Ez a legjobb podcast-alkalmazás, Androidon, iPhone-on és a weben is működik. Jelentkezzen be az feliratkozások szinkronizálásához az eszközök között.
Hasonló a(z) The Changelog: Software Development, Open Source sorozathoz
Hanselminutes is Fresh Air for Developers. A weekly commute-time podcast that promotes fresh technology and fresh voices. Talk and Tech for Developers, Life-long Learners, and Technologists.
…
continue reading
The award-winning WIRED UK Podcast with James Temperton and the rest of the team. Listen every week for the an informed and entertaining rundown of latest technology, science, business and culture news. New episodes every Friday.
…
continue reading
A weekly talk show taking a pragmatic look at the art and business of Software Development and the world of technology.
…
continue reading
It takes more than great code to be a great engineer. Soft Skills Engineering is a weekly advice podcast for software developers about the non-technical stuff that goes into being a great software developer.
…
continue reading
Thanks for visiting The Cell Phone Junkie! I will be taking the time each week to discuss my favorite topic, cell phones. Any feedback is appreciated and welcome. You can email me at: questions (AT) thecellphonejunkie (DOT) com or call: 206-203-3734 Thanks and welcome!
…
continue reading
A podcast about web design and development.
…
continue reading
Developer Tea exists to help driven developers connect to their ultimate purpose and excel at their work so that they can positively impact the people they influence. With over 17 million downloads to date, Developer Tea is a short podcast hosted by Jonathan Cutrell, engineering leader with over 15 years of industry experience. We hope you'll take the topics from this podcast and continue the conversation, either online or in person with your peers. Email: [email protected]
…
continue reading
Python Bytes is a weekly podcast hosted by Michael Kennedy and Brian Okken. The show is a short discussion on the headlines and noteworthy news in the Python, developer, and data science space.
…
continue reading
An open show powered by community LINUX Unplugged takes the best attributes of open collaboration and turns it into a weekly show about Linux.
…
continue reading
1
The Ticket: Discover the Future of Customer Service, Support, and Experience, with Intercom
Intercom
1k479
On The Ticket, you'll hear Intercom's Customer Support team in conversation with the customer service leaders, renowned customer experience thinkers, and influential authors who are shaping the field of customer support. Follow The Ticket to get the weekly episodes and sign up for our twice-monthly newsletter bursting with all the insights, trends, tips, and assets your team needs to embrace the future of customer service. https://www.intercom.com/blog/newsletter 🏠 www.intercom.com
…
continue reading
Player FM - Podcast alkalmazás
Lépjen offline állapotba az Player FM alkalmazással!
Lépjen offline állapotba az Player FM alkalmazással!
