Explains dependency cooldowns, a strategy to reduce supply chain attack risk by delaying automatic dependency updates.
A detailed timeline of the multi-year social engineering attack that led to a backdoor in the xz compression library, a major open source supply chain incident.
Article critiques modern package managers (npm, Cargo, PyPI) for supply-chain attacks and advocates for distribution-based package management.
A developer shares a list of their recent tech conference talks on topics like Kubernetes security, WebAssembly, and Docker.
A developer's predictions for the future of computing, covering WASM, Rust, Kubernetes rivals, serverless, AI, and programming language trends.
