Hanselminutes is Fresh Air for Developers. A weekly commute-time podcast that promotes fresh technology and fresh voices. Talk and Tech for Developers, Life-long Learners, and Technologists.
…
continue reading
المحتوى المقدم من Changelog Media. يتم تحميل جميع محتويات البودكاست بما في ذلك الحلقات والرسومات وأوصاف البودكاست وتقديمها مباشرة بواسطة Changelog Media أو شريك منصة البودكاست الخاص بهم. إذا كنت تعتقد أن شخصًا ما يستخدم عملك المحمي بحقوق الطبع والنشر دون إذنك، فيمكنك اتباع العملية الموضحة هنا https://ar.player.fm/legal.
مشابه لـThe Changelog: Software Development, Open Source
It takes more than great code to be a great engineer. Soft Skills Engineering is a weekly advice podcast for software developers about the non-technical stuff that goes into being a great software developer.
…
continue reading
A weekly talk show taking a pragmatic look at the art and business of Software Development and the world of technology.
…
continue reading
1
The Ticket: Discover the Future of Customer Service, Support, and Experience, with Intercom
Intercom
1k
475
On The Ticket, you'll hear Intercom's Customer Support team in conversation with the customer service leaders, renowned customer experience thinkers, and influential authors who are shaping the field of customer support. Follow The Ticket to get the weekly episodes and sign up for our twice-monthly newsletter bursting with all the insights, trends, tips, and assets your team needs to embrace the future of customer service. https://www.intercom.com/blog/newsletter 🏠 www.intercom.com
…
continue reading
Developer Tea exists to help driven developers connect to their ultimate purpose and excel at their work so that they can positively impact the people they influence. With over 17 million downloads to date, Developer Tea is a short podcast hosted by Jonathan Cutrell, engineering leader with over 15 years of industry experience. We hope you'll take the topics from this podcast and continue the conversation, either online or in person with your peers. Email: [email protected]
…
continue reading
Thanks for visiting The Cell Phone Junkie! I will be taking the time each week to discuss my favorite topic, cell phones. Any feedback is appreciated and welcome. You can email me at: questions (AT) thecellphonejunkie (DOT) com or call: 206-203-3734 Thanks and welcome!
…
continue reading
A podcast about web design and development.
…
continue reading
Compiler gives you perspectives and insights from the tech industry—free from jargon and judgment. We’re here to help tech newbies understand what’s going on. Learn more about our show at redhat.com/en/compiler-podcast
…
continue reading
An open show powered by community LINUX Unplugged takes the best attributes of open collaboration and turns it into a weekly show about Linux.
…
continue reading
Python Bytes is a weekly podcast hosted by Michael Kennedy and Brian Okken. The show is a short discussion on the headlines and noteworthy news in the Python, developer, and data science space.
…
continue reading
Player FM - تطبيق بودكاست
انتقل إلى وضع عدم الاتصال باستخدام تطبيق Player FM !
انتقل إلى وضع عدم الاتصال باستخدام تطبيق Player FM !
))
npm under siege (what to do about it) (Friends)
Manage episode 510381513 series 1282967
المحتوى المقدم من Changelog Media. يتم تحميل جميع محتويات البودكاست بما في ذلك الحلقات والرسومات وأوصاف البودكاست وتقديمها مباشرة بواسطة Changelog Media أو شريك منصة البودكاست الخاص بهم. إذا كنت تعتقد أن شخصًا ما يستخدم عملك المحمي بحقوق الطبع والنشر دون إذنك، فيمكنك اتباع العملية الموضحة هنا https://ar.player.fm/legal.
Over the past two months, we’ve seen some of the most serious supply chain attacks in npm history: phishing campaigns, maintainer account takeovers, and malware published to packages with billions of weekly downloads. What is going on?! What can we do about it? Our old friend, Feross Aboukhadijeh, joins us to help make sense of it all.
Changelog++ members save 2 minutes on this episode because they made the ads disappear. Join today!
Sponsors:
- Depot – 10x faster builds? Yes please. Build faster. Waste less time. Accelerate Docker image builds, and GitHub Actions workflows. Easily integrate with your existing CI provider and dev workflows to save hours of build time.
Featuring:
- Feross Aboukhadijeh – Website, GitHub, X
- Jerod Santo – GitHub, LinkedIn, Mastodon, X
- Adam Stacoviak – Website, GitHub, LinkedIn, Mastodon, X
Show Notes:
- Active supply chain attack: npm phishing campaign
- Npm phishing email targets developers with typosquat
- Nx npm packages compromised in supply chain attack
- Introducing socket firewall
- Changelog News Classifieds
Something missing or broken? PRs welcome!
فصول
1. Let's talk! (00:00:00)
2. Sponsor: Depot (00:00:38)
3. Feross & Friends (00:02:49)
4. The big picture (00:04:04)
5. Why now? Why this? (00:05:50)
6. Phishing maintainers! (00:08:21)
7. Not for the lulz (00:11:51)
8. Maximal profit (00:15:28)
9. The most surprising hack (00:18:59)
10. exfiltrate and extrude (00:23:03)
11. Exploiting GitHub Actions (00:25:44)
12. It all happened so fast (00:29:56)
13. How Socket discloses (00:31:10)
14. Disclosing 0days vs malware (00:32:30)
15. Scanning GitHub Actions (00:34:49)
16. GH Actions footguns (00:36:18)
17. Socket's future GH Actions feature (00:40:04)
18. Evil genius move (00:41:48)
19. What devs can do (00:43:14)
20. Staying off the bleeding edge (00:47:30)
21. How many typosquats (00:50:21)
22. How we got here (00:52:58)
23. Was it worth it? (00:54:33)
24. GitHub's responsibility (00:57:09)
25. GitHub's roadmap (00:58:37)
26. Why doesn't npm do this (01:03:54)
27. A package vetting period (01:06:17)
28. Publisher opt-in (01:08:08)
29. We figured it out! (01:12:03)
30. Adam goes GH Karen (01:12:36)
31. Codegen everything instead (01:15:17)
32. More companies vendoring (01:20:08)
33. Proxies, mirrors, options (01:22:16)
34. New tool! sfw (01:23:22)
35. The next big thing? (01:27:37)
36. The criteria for free (01:28:50)
37. sfw is a great name (01:31:07)
38. Bye, friends (01:31:29)
39. Next week on the pod (01:32:34)
949 حلقات
مشاركة
Manage episode 510381513 series 1282967
المحتوى المقدم من Changelog Media. يتم تحميل جميع محتويات البودكاست بما في ذلك الحلقات والرسومات وأوصاف البودكاست وتقديمها مباشرة بواسطة Changelog Media أو شريك منصة البودكاست الخاص بهم. إذا كنت تعتقد أن شخصًا ما يستخدم عملك المحمي بحقوق الطبع والنشر دون إذنك، فيمكنك اتباع العملية الموضحة هنا https://ar.player.fm/legal.
Over the past two months, we’ve seen some of the most serious supply chain attacks in npm history: phishing campaigns, maintainer account takeovers, and malware published to packages with billions of weekly downloads. What is going on?! What can we do about it? Our old friend, Feross Aboukhadijeh, joins us to help make sense of it all.
Changelog++ members save 2 minutes on this episode because they made the ads disappear. Join today!
Sponsors:
- Depot – 10x faster builds? Yes please. Build faster. Waste less time. Accelerate Docker image builds, and GitHub Actions workflows. Easily integrate with your existing CI provider and dev workflows to save hours of build time.
Featuring:
- Feross Aboukhadijeh – Website, GitHub, X
- Jerod Santo – GitHub, LinkedIn, Mastodon, X
- Adam Stacoviak – Website, GitHub, LinkedIn, Mastodon, X
Show Notes:
- Active supply chain attack: npm phishing campaign
- Npm phishing email targets developers with typosquat
- Nx npm packages compromised in supply chain attack
- Introducing socket firewall
- Changelog News Classifieds
Something missing or broken? PRs welcome!
فصول
1. Let's talk! (00:00:00)
2. Sponsor: Depot (00:00:38)
3. Feross & Friends (00:02:49)
4. The big picture (00:04:04)
5. Why now? Why this? (00:05:50)
6. Phishing maintainers! (00:08:21)
7. Not for the lulz (00:11:51)
8. Maximal profit (00:15:28)
9. The most surprising hack (00:18:59)
10. exfiltrate and extrude (00:23:03)
11. Exploiting GitHub Actions (00:25:44)
12. It all happened so fast (00:29:56)
13. How Socket discloses (00:31:10)
14. Disclosing 0days vs malware (00:32:30)
15. Scanning GitHub Actions (00:34:49)
16. GH Actions footguns (00:36:18)
17. Socket's future GH Actions feature (00:40:04)
18. Evil genius move (00:41:48)
19. What devs can do (00:43:14)
20. Staying off the bleeding edge (00:47:30)
21. How many typosquats (00:50:21)
22. How we got here (00:52:58)
23. Was it worth it? (00:54:33)
24. GitHub's responsibility (00:57:09)
25. GitHub's roadmap (00:58:37)
26. Why doesn't npm do this (01:03:54)
27. A package vetting period (01:06:17)
28. Publisher opt-in (01:08:08)
29. We figured it out! (01:12:03)
30. Adam goes GH Karen (01:12:36)
31. Codegen everything instead (01:15:17)
32. More companies vendoring (01:20:08)
33. Proxies, mirrors, options (01:22:16)
34. New tool! sfw (01:23:22)
35. The next big thing? (01:27:37)
36. The criteria for free (01:28:50)
37. sfw is a great name (01:31:07)
38. Bye, friends (01:31:29)
39. Next week on the pod (01:32:34)
949 حلقات
كل الحلقات
×
مرحبًا بك في مشغل أف ام!
يقوم برنامج مشغل أف أم بمسح الويب للحصول على بودكاست عالية الجودة لتستمتع بها الآن. إنه أفضل تطبيق بودكاست ويعمل على أجهزة اندرويد والأيفون والويب. قم بالتسجيل لمزامنة الاشتراكات عبر الأجهزة.
مشابه لـThe Changelog: Software Development, Open Source
Hanselminutes is Fresh Air for Developers. A weekly commute-time podcast that promotes fresh technology and fresh voices. Talk and Tech for Developers, Life-long Learners, and Technologists.
…
continue reading
It takes more than great code to be a great engineer. Soft Skills Engineering is a weekly advice podcast for software developers about the non-technical stuff that goes into being a great software developer.
…
continue reading
A weekly talk show taking a pragmatic look at the art and business of Software Development and the world of technology.
…
continue reading
1
The Ticket: Discover the Future of Customer Service, Support, and Experience, with Intercom
Intercom
1k475
On The Ticket, you'll hear Intercom's Customer Support team in conversation with the customer service leaders, renowned customer experience thinkers, and influential authors who are shaping the field of customer support. Follow The Ticket to get the weekly episodes and sign up for our twice-monthly newsletter bursting with all the insights, trends, tips, and assets your team needs to embrace the future of customer service. https://www.intercom.com/blog/newsletter 🏠 www.intercom.com
…
continue reading
Developer Tea exists to help driven developers connect to their ultimate purpose and excel at their work so that they can positively impact the people they influence. With over 17 million downloads to date, Developer Tea is a short podcast hosted by Jonathan Cutrell, engineering leader with over 15 years of industry experience. We hope you'll take the topics from this podcast and continue the conversation, either online or in person with your peers. Email: [email protected]
…
continue reading
Thanks for visiting The Cell Phone Junkie! I will be taking the time each week to discuss my favorite topic, cell phones. Any feedback is appreciated and welcome. You can email me at: questions (AT) thecellphonejunkie (DOT) com or call: 206-203-3734 Thanks and welcome!
…
continue reading
A podcast about web design and development.
…
continue reading
Compiler gives you perspectives and insights from the tech industry—free from jargon and judgment. We’re here to help tech newbies understand what’s going on. Learn more about our show at redhat.com/en/compiler-podcast
…
continue reading
An open show powered by community LINUX Unplugged takes the best attributes of open collaboration and turns it into a weekly show about Linux.
…
continue reading
Python Bytes is a weekly podcast hosted by Michael Kennedy and Brian Okken. The show is a short discussion on the headlines and noteworthy news in the Python, developer, and data science space.
…
continue reading
Player FM - تطبيق بودكاست
انتقل إلى وضع عدم الاتصال باستخدام تطبيق Player FM !
انتقل إلى وضع عدم الاتصال باستخدام تطبيق Player FM !
