Hanselminutes is Fresh Air for Developers. A weekly commute-time podcast that promotes fresh technology and fresh voices. Talk and Tech for Developers, Life-long Learners, and Technologists.
…
continue reading
Вміст надано Changelog Media. Весь вміст подкастів, включаючи епізоди, графіку та описи подкастів, завантажується та надається безпосередньо компанією Changelog Media або його партнером по платформі подкастів. Якщо ви вважаєте, що хтось використовує ваш захищений авторським правом твір без вашого дозволу, ви можете виконати процедуру, описану тут https://uk.player.fm/legal.
Схожі до The Changelog: Software Development, Open Source
It takes more than great code to be a great engineer. Soft Skills Engineering is a weekly advice podcast for software developers about the non-technical stuff that goes into being a great software developer.
…
continue reading
A weekly talk show taking a pragmatic look at the art and business of Software Development and the world of technology.
…
continue reading
1
The Ticket: Discover the Future of Customer Service, Support, and Experience, with Intercom
Intercom
1k
475
On The Ticket, you'll hear Intercom's Customer Support team in conversation with the customer service leaders, renowned customer experience thinkers, and influential authors who are shaping the field of customer support. Follow The Ticket to get the weekly episodes and sign up for our twice-monthly newsletter bursting with all the insights, trends, tips, and assets your team needs to embrace the future of customer service. https://www.intercom.com/blog/newsletter 🏠 www.intercom.com
…
continue reading
Developer Tea exists to help driven developers connect to their ultimate purpose and excel at their work so that they can positively impact the people they influence. With over 17 million downloads to date, Developer Tea is a short podcast hosted by Jonathan Cutrell, engineering leader with over 15 years of industry experience. We hope you'll take the topics from this podcast and continue the conversation, either online or in person with your peers. Email: [email protected]
…
continue reading
Thanks for visiting The Cell Phone Junkie! I will be taking the time each week to discuss my favorite topic, cell phones. Any feedback is appreciated and welcome. You can email me at: questions (AT) thecellphonejunkie (DOT) com or call: 206-203-3734 Thanks and welcome!
…
continue reading
A podcast about web design and development.
…
continue reading
Compiler gives you perspectives and insights from the tech industry—free from jargon and judgment. We’re here to help tech newbies understand what’s going on. Learn more about our show at redhat.com/en/compiler-podcast
…
continue reading
An open show powered by community LINUX Unplugged takes the best attributes of open collaboration and turns it into a weekly show about Linux.
…
continue reading
Python Bytes is a weekly podcast hosted by Michael Kennedy and Brian Okken. The show is a short discussion on the headlines and noteworthy news in the Python, developer, and data science space.
…
continue reading
Player FM - додаток Podcast
Переходьте в офлайн за допомогою програми Player FM !
Переходьте в офлайн за допомогою програми Player FM !
))
npm under siege (what to do about it) (Friends)
Manage episode 510381513 series 1282967
Вміст надано Changelog Media. Весь вміст подкастів, включаючи епізоди, графіку та описи подкастів, завантажується та надається безпосередньо компанією Changelog Media або його партнером по платформі подкастів. Якщо ви вважаєте, що хтось використовує ваш захищений авторським правом твір без вашого дозволу, ви можете виконати процедуру, описану тут https://uk.player.fm/legal.
Over the past two months, we’ve seen some of the most serious supply chain attacks in npm history: phishing campaigns, maintainer account takeovers, and malware published to packages with billions of weekly downloads. What is going on?! What can we do about it? Our old friend, Feross Aboukhadijeh, joins us to help make sense of it all.
Changelog++ members save 2 minutes on this episode because they made the ads disappear. Join today!
Sponsors:
- Depot – 10x faster builds? Yes please. Build faster. Waste less time. Accelerate Docker image builds, and GitHub Actions workflows. Easily integrate with your existing CI provider and dev workflows to save hours of build time.
Featuring:
- Feross Aboukhadijeh – Website, GitHub, X
- Jerod Santo – GitHub, LinkedIn, Mastodon, X
- Adam Stacoviak – Website, GitHub, LinkedIn, Mastodon, X
Show Notes:
- Active supply chain attack: npm phishing campaign
- Npm phishing email targets developers with typosquat
- Nx npm packages compromised in supply chain attack
- Introducing socket firewall
- Changelog News Classifieds
Something missing or broken? PRs welcome!
Розділи
1. Let's talk! (00:00:00)
2. Sponsor: Depot (00:00:38)
3. Feross & Friends (00:02:49)
4. The big picture (00:04:04)
5. Why now? Why this? (00:05:50)
6. Phishing maintainers! (00:08:21)
7. Not for the lulz (00:11:51)
8. Maximal profit (00:15:28)
9. The most surprising hack (00:18:59)
10. exfiltrate and extrude (00:23:03)
11. Exploiting GitHub Actions (00:25:44)
12. It all happened so fast (00:29:56)
13. How Socket discloses (00:31:10)
14. Disclosing 0days vs malware (00:32:30)
15. Scanning GitHub Actions (00:34:49)
16. GH Actions footguns (00:36:18)
17. Socket's future GH Actions feature (00:40:04)
18. Evil genius move (00:41:48)
19. What devs can do (00:43:14)
20. Staying off the bleeding edge (00:47:30)
21. How many typosquats (00:50:21)
22. How we got here (00:52:58)
23. Was it worth it? (00:54:33)
24. GitHub's responsibility (00:57:09)
25. GitHub's roadmap (00:58:37)
26. Why doesn't npm do this (01:03:54)
27. A package vetting period (01:06:17)
28. Publisher opt-in (01:08:08)
29. We figured it out! (01:12:03)
30. Adam goes GH Karen (01:12:36)
31. Codegen everything instead (01:15:17)
32. More companies vendoring (01:20:08)
33. Proxies, mirrors, options (01:22:16)
34. New tool! sfw (01:23:22)
35. The next big thing? (01:27:37)
36. The criteria for free (01:28:50)
37. sfw is a great name (01:31:07)
38. Bye, friends (01:31:29)
39. Next week on the pod (01:32:34)
950 епізодів
Поширити
Manage episode 510381513 series 1282967
Вміст надано Changelog Media. Весь вміст подкастів, включаючи епізоди, графіку та описи подкастів, завантажується та надається безпосередньо компанією Changelog Media або його партнером по платформі подкастів. Якщо ви вважаєте, що хтось використовує ваш захищений авторським правом твір без вашого дозволу, ви можете виконати процедуру, описану тут https://uk.player.fm/legal.
Over the past two months, we’ve seen some of the most serious supply chain attacks in npm history: phishing campaigns, maintainer account takeovers, and malware published to packages with billions of weekly downloads. What is going on?! What can we do about it? Our old friend, Feross Aboukhadijeh, joins us to help make sense of it all.
Changelog++ members save 2 minutes on this episode because they made the ads disappear. Join today!
Sponsors:
- Depot – 10x faster builds? Yes please. Build faster. Waste less time. Accelerate Docker image builds, and GitHub Actions workflows. Easily integrate with your existing CI provider and dev workflows to save hours of build time.
Featuring:
- Feross Aboukhadijeh – Website, GitHub, X
- Jerod Santo – GitHub, LinkedIn, Mastodon, X
- Adam Stacoviak – Website, GitHub, LinkedIn, Mastodon, X
Show Notes:
- Active supply chain attack: npm phishing campaign
- Npm phishing email targets developers with typosquat
- Nx npm packages compromised in supply chain attack
- Introducing socket firewall
- Changelog News Classifieds
Something missing or broken? PRs welcome!
Розділи
1. Let's talk! (00:00:00)
2. Sponsor: Depot (00:00:38)
3. Feross & Friends (00:02:49)
4. The big picture (00:04:04)
5. Why now? Why this? (00:05:50)
6. Phishing maintainers! (00:08:21)
7. Not for the lulz (00:11:51)
8. Maximal profit (00:15:28)
9. The most surprising hack (00:18:59)
10. exfiltrate and extrude (00:23:03)
11. Exploiting GitHub Actions (00:25:44)
12. It all happened so fast (00:29:56)
13. How Socket discloses (00:31:10)
14. Disclosing 0days vs malware (00:32:30)
15. Scanning GitHub Actions (00:34:49)
16. GH Actions footguns (00:36:18)
17. Socket's future GH Actions feature (00:40:04)
18. Evil genius move (00:41:48)
19. What devs can do (00:43:14)
20. Staying off the bleeding edge (00:47:30)
21. How many typosquats (00:50:21)
22. How we got here (00:52:58)
23. Was it worth it? (00:54:33)
24. GitHub's responsibility (00:57:09)
25. GitHub's roadmap (00:58:37)
26. Why doesn't npm do this (01:03:54)
27. A package vetting period (01:06:17)
28. Publisher opt-in (01:08:08)
29. We figured it out! (01:12:03)
30. Adam goes GH Karen (01:12:36)
31. Codegen everything instead (01:15:17)
32. More companies vendoring (01:20:08)
33. Proxies, mirrors, options (01:22:16)
34. New tool! sfw (01:23:22)
35. The next big thing? (01:27:37)
36. The criteria for free (01:28:50)
37. sfw is a great name (01:31:07)
38. Bye, friends (01:31:29)
39. Next week on the pod (01:32:34)
950 епізодів
All episodes
×
Ласкаво просимо до Player FM!
Player FM сканує Інтернет для отримання високоякісних подкастів, щоб ви могли насолоджуватися ними зараз. Це найкращий додаток для подкастів, який працює на Android, iPhone і веб-сторінці. Реєстрація для синхронізації підписок між пристроями.
Схожі до The Changelog: Software Development, Open Source
Hanselminutes is Fresh Air for Developers. A weekly commute-time podcast that promotes fresh technology and fresh voices. Talk and Tech for Developers, Life-long Learners, and Technologists.
…
continue reading
It takes more than great code to be a great engineer. Soft Skills Engineering is a weekly advice podcast for software developers about the non-technical stuff that goes into being a great software developer.
…
continue reading
A weekly talk show taking a pragmatic look at the art and business of Software Development and the world of technology.
…
continue reading
1
The Ticket: Discover the Future of Customer Service, Support, and Experience, with Intercom
Intercom
1k475
On The Ticket, you'll hear Intercom's Customer Support team in conversation with the customer service leaders, renowned customer experience thinkers, and influential authors who are shaping the field of customer support. Follow The Ticket to get the weekly episodes and sign up for our twice-monthly newsletter bursting with all the insights, trends, tips, and assets your team needs to embrace the future of customer service. https://www.intercom.com/blog/newsletter 🏠 www.intercom.com
…
continue reading
Developer Tea exists to help driven developers connect to their ultimate purpose and excel at their work so that they can positively impact the people they influence. With over 17 million downloads to date, Developer Tea is a short podcast hosted by Jonathan Cutrell, engineering leader with over 15 years of industry experience. We hope you'll take the topics from this podcast and continue the conversation, either online or in person with your peers. Email: [email protected]
…
continue reading
Thanks for visiting The Cell Phone Junkie! I will be taking the time each week to discuss my favorite topic, cell phones. Any feedback is appreciated and welcome. You can email me at: questions (AT) thecellphonejunkie (DOT) com or call: 206-203-3734 Thanks and welcome!
…
continue reading
A podcast about web design and development.
…
continue reading
Compiler gives you perspectives and insights from the tech industry—free from jargon and judgment. We’re here to help tech newbies understand what’s going on. Learn more about our show at redhat.com/en/compiler-podcast
…
continue reading
An open show powered by community LINUX Unplugged takes the best attributes of open collaboration and turns it into a weekly show about Linux.
…
continue reading
Python Bytes is a weekly podcast hosted by Michael Kennedy and Brian Okken. The show is a short discussion on the headlines and noteworthy news in the Python, developer, and data science space.
…
continue reading
Player FM - додаток Podcast
Переходьте в офлайн за допомогою програми Player FM !
Переходьте в офлайн за допомогою програми Player FM !
