Podcasts about polyfills

Michael Chan discusses the latest updates in React 19. He talks new features like React server components, the shift towards TypeScript, deprecations of older APIs, and the adoption of Testing Library as the preferred testing tool. Links https://www.linkedin.com/in/chantastic https://chan.dev https://www.youtube.com/@chantastic https://x.com/chantastic https://github.com/chantastic https://react.dev The Web and Design Systems with Michael Chan (https://www.youtube.com/watch?v=liHmU3iII0Q) Moving Tech Forward Through Kindness with Michael Chan, Developer Experience Engineer at Chromatic (https://www.youtube.com/watch?v=y2Y_o0RZwDo) We want to hear from you! How did you find us? Did you see us on Twitter? In a newsletter? Or maybe we were recommended by a friend? Let us know by sending an email to our producer, Emily, at emily.kochanek@logrocket.com (mailto:emily.kochanek@logrocket.com), or tweet at us at PodRocketPod (https://twitter.com/PodRocketpod). Follow us. Get free stickers. Follow us on Apple Podcasts, fill out this form (https://podrocket.logrocket.com/get-podrocket-stickers), and we'll send you free PodRocket stickers! What does LogRocket do? LogRocket provides AI-first session replay and analytics that surfaces the UX and technical issues impacting user experiences. Start understand where your users are struggling by trying it for free at [LogRocket.com]. Try LogRocket for free today.(https://logrocket.com/signup/?pdr) Special Guest: Michael Chan.

Simon Wijckmans, founder of c/side -- a company that focuses on monitoring, securing, and optimizing third-party JavaScript -- joins SE Radio host Kanchan Shringi for a conversation about the security risks posed by third-party browser scripts. Through real-world examples and insights drawn from his work in web security, Simon highlights the dangers, including malicious attacks such as the recent Polyfill.io incident. He emphasizes the need for vigilant monitoring, as these third-party scripts remain essential for website functionalities like analytics, chatbots, and ads, despite their potential vulnerabilities. Simon explores the use of self-hosting solutions and content security policies (CSPs) to minimize risks, but he stresses that these measures alone are insufficient to fully safeguard websites.  As the discussion continues, they delve into the importance of layering security approaches. Simon advocates for combining techniques like CSPs, real-time monitoring, and AI-driven analysis, which his company c/side employs to detect and block malicious scripts. He also touches on the complexities of securing single-page applications (SPAs), which allow scripts to persist across pages without full reloads, increasing the attack surface for third-party vulnerabilities. Brought to you by IEEE Computer Society and IEEE Software magazine.

Cellebrite unlocks Trump's would-be assassin's phone. Cisco reported on a CVSS of 10.0 Entrust drops the other shoe Google gives up on removing 3rd-party cookies Miscellany Snowflake and data warehouse applications CDK auto dealership outage Polyfill.io and resource hashes MITM Blocking Copilot Blocking incoming connections via IP CrowdStruck Show Notes - https://www.grc.com/sn/SN-984-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: panoptica.app canary.tools/twit - use code: TWIT vanta.com/SECURITYNOW bigid.com/securitynow

Cellebrite unlocks Trump's would-be assassin's phone. Cisco reported on a CVSS of 10.0 Entrust drops the other shoe Google gives up on removing 3rd-party cookies Miscellany Snowflake and data warehouse applications CDK auto dealership outage Polyfill.io and resource hashes MITM Blocking Copilot Blocking incoming connections via IP CrowdStruck Show Notes - https://www.grc.com/sn/SN-984-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: panoptica.app canary.tools/twit - use code: TWIT vanta.com/SECURITYNOW bigid.com/securitynow

Cellebrite unlocks Trump's would-be assassin's phone. Cisco reported on a CVSS of 10.0 Entrust drops the other shoe Google gives up on removing 3rd-party cookies Miscellany Snowflake and data warehouse applications CDK auto dealership outage Polyfill.io and resource hashes MITM Blocking Copilot Blocking incoming connections via IP CrowdStruck Show Notes - https://www.grc.com/sn/SN-984-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: panoptica.app canary.tools/twit - use code: TWIT vanta.com/SECURITYNOW bigid.com/securitynow

Cellebrite unlocks Trump's would-be assassin's phone. Cisco reported on a CVSS of 10.0 Entrust drops the other shoe Google gives up on removing 3rd-party cookies Miscellany Snowflake and data warehouse applications CDK auto dealership outage Polyfill.io and resource hashes MITM Blocking Copilot Blocking incoming connections via IP CrowdStruck Show Notes - https://www.grc.com/sn/SN-984-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: panoptica.app canary.tools/twit - use code: TWIT vanta.com/SECURITYNOW bigid.com/securitynow

Cellebrite unlocks Trump's would-be assassin's phone. Cisco reported on a CVSS of 10.0 Entrust drops the other shoe Google gives up on removing 3rd-party cookies Miscellany Snowflake and data warehouse applications CDK auto dealership outage Polyfill.io and resource hashes MITM Blocking Copilot Blocking incoming connections via IP CrowdStruck Show Notes - https://www.grc.com/sn/SN-984-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: panoptica.app canary.tools/twit - use code: TWIT vanta.com/SECURITYNOW bigid.com/securitynow

Cellebrite unlocks Trump's would-be assassin's phone. Cisco reported on a CVSS of 10.0 Entrust drops the other shoe Google gives up on removing 3rd-party cookies Miscellany Snowflake and data warehouse applications CDK auto dealership outage Polyfill.io and resource hashes MITM Blocking Copilot Blocking incoming connections via IP CrowdStruck Show Notes - https://www.grc.com/sn/SN-984-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: panoptica.app canary.tools/twit - use code: TWIT vanta.com/SECURITYNOW bigid.com/securitynow

Cellebrite unlocks Trump's would-be assassin's phone. Cisco reported on a CVSS of 10.0 Entrust drops the other shoe Google gives up on removing 3rd-party cookies Miscellany Snowflake and data warehouse applications CDK auto dealership outage Polyfill.io and resource hashes MITM Blocking Copilot Blocking incoming connections via IP CrowdStruck Show Notes - https://www.grc.com/sn/SN-984-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: panoptica.app canary.tools/twit - use code: TWIT vanta.com/SECURITYNOW bigid.com/securitynow

Cellebrite unlocks Trump's would-be assassin's phone. Cisco reported on a CVSS of 10.0 Entrust drops the other shoe Google gives up on removing 3rd-party cookies Miscellany Snowflake and data warehouse applications CDK auto dealership outage Polyfill.io and resource hashes MITM Blocking Copilot Blocking incoming connections via IP CrowdStruck Show Notes - https://www.grc.com/sn/SN-984-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: panoptica.app canary.tools/twit - use code: TWIT vanta.com/SECURITYNOW bigid.com/securitynow

In Folge 6 von "Passwort" befassen Sylvester und Christopher sich mit aktuellen Geschehnissen der vergangenen Wochen. So verteilte die Domain für eine Javascript-Bibliothek plötzlich Malware, Kaspersky sieht sich mit einem umfassenden Vertriebsverbot in den USA konfrontiert und auch für die Zertifizierungsstelle Entrust läuft es nicht gut. Dass Unbekannte auf der Suche nach Internet-Ruhm mittlerweile den Linux-Kernel mißbrauchen, um Reputation zu farmen, besprechen die Hosts ebenso wie neue Bedenken gegen Telegram. Der im Podcast erwähnte International Obfuscated C Contest ist hier zu finden. https://www.ioccc.org/

On episode 272 of the Defensive Security Podcast, hosts Jerry Bell and Andrew Kalat discuss a variety of pressing cybersecurity topics. These include the responsibilities of CISOs in avoiding legal repercussions following data breaches, highlighted by the case of Uber's former CISO, Joe Sullivan. The hosts also delve into the impact of the recent U.S. Supreme Court decision overturning the Chevron deference doctrine on cybersecurity regulations, the risk of dynamic loading of JavaScript libraries, and the wide-reaching implications of the OpenSSH regression vulnerability. Throughout, practical advice and insightful commentary are provided on maintaining security in an ever-evolving threat landscape. 00:00 Introduction and Episode Overview 01:08 CISO's Guide to Avoiding Jail After a Breach 03:29 Challenges and Complexities of the CISO Role 13:35 US Supreme Court Ruling and Its Impact on Cyber Regulation 20:51 Polyfill.io Issue: A Modern Supply Chain Attack? 28:54 Understanding Polyfill Confusion and Risks 29:23 Maintaining Open Source Software Health 30:04 The Need for Open Source Health Ratings 30:41 Challenges with Third-Party Code and Security 34:08 Vendor Questionnaires and False Urgency 39:50 The Regression Vulnerability in OpenSSH 41:18 Cloud Security Best Practices 48:29 Final Thoughts and Recommendations 49:52 Conclusion and Farewell

Entrust Responds Other major Certificate Authorities respond Passkey Redaction Attacks Syncing passkeys Port Knocking Fail2Ban The Polyfill.io Attack Show Notes - https://www.grc.com/sn/SN-982-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: lookout.com vanta.com/SECURITYNOW bitwarden.com/twit panoptica.app

Entrust Responds Other major Certificate Authorities respond Passkey Redaction Attacks Syncing passkeys Port Knocking Fail2Ban The Polyfill.io Attack Show Notes - https://www.grc.com/sn/SN-982-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: lookout.com vanta.com/SECURITYNOW bitwarden.com/twit panoptica.app

Entrust Responds Other major Certificate Authorities respond Passkey Redaction Attacks Syncing passkeys Port Knocking Fail2Ban The Polyfill.io Attack Show Notes - https://www.grc.com/sn/SN-982-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: lookout.com vanta.com/SECURITYNOW bitwarden.com/twit panoptica.app

Entrust Responds Other major Certificate Authorities respond Passkey Redaction Attacks Syncing passkeys Port Knocking Fail2Ban The Polyfill.io Attack Show Notes - https://www.grc.com/sn/SN-982-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: lookout.com vanta.com/SECURITYNOW bitwarden.com/twit panoptica.app

Entrust Responds Other major Certificate Authorities respond Passkey Redaction Attacks Syncing passkeys Port Knocking Fail2Ban The Polyfill.io Attack Show Notes - https://www.grc.com/sn/SN-982-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: lookout.com vanta.com/SECURITYNOW bitwarden.com/twit panoptica.app

Entrust Responds Other major Certificate Authorities respond Passkey Redaction Attacks Syncing passkeys Port Knocking Fail2Ban The Polyfill.io Attack Show Notes - https://www.grc.com/sn/SN-982-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: lookout.com vanta.com/SECURITYNOW bitwarden.com/twit panoptica.app

Entrust Responds Other major Certificate Authorities respond Passkey Redaction Attacks Syncing passkeys Port Knocking Fail2Ban The Polyfill.io Attack Show Notes - https://www.grc.com/sn/SN-982-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: lookout.com vanta.com/SECURITYNOW bitwarden.com/twit panoptica.app

Entrust Responds Other major Certificate Authorities respond Passkey Redaction Attacks Syncing passkeys Port Knocking Fail2Ban The Polyfill.io Attack Show Notes - https://www.grc.com/sn/SN-982-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: lookout.com vanta.com/SECURITYNOW bitwarden.com/twit panoptica.app

In this episode, Jay and Joao discuss several recent cybersecurity news stories, including Polyfill - which is another example of why supply chain attacks are something everyone should be paying attention to.

Polyfill loses trust after CDN misuse, an OpenSSH flaw reappears, how to talk about secure design from some old CocoaPods vulns, using LLMs to find bugs, Burp Proxy gets more investment, and more! Show Notes: https://securityweekly.com/asw-290

Eric Meyer and Brian Kardell chat about the history and evolution of polyfills and somehow related efforts in the wake of recent events surrounding the transfer of ownership of the polyfill.io domain

Polyfill loses trust after CDN misuse, an OpenSSH flaw reappears, how to talk about secure design from some old CocoaPods vulns, using LLMs to find bugs, Burp Proxy gets more investment, and more! Show Notes: https://securityweekly.com/asw-290

Adam & Jerod discuss the news! But first, we discuss how you can keep up with the software world (good question, Tyler Boyd!) On the docket: Developer job postings trend, the Ladybird Browser Initiative, the Polyfill.js supply chain attack & is the future self-hosted?

Adam & Jerod discuss the news! But first, we discuss how you can keep up with the software world (good question, Tyler Boyd!) On the docket: Developer job postings trend, the Ladybird Browser Initiative, the Polyfill.js supply chain attack & is the future self-hosted?

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.A high-severity security vulnerability in Progress Software's MOVEit Transfer software could allow cyberattackers to get around the platform's authentication mechanisms — and it's been spotted being actively exploited in the wild just hours after it was made public.A new version of the P2P worm, P2PInfect, that targets Redis servers running on both Linux and Windows systems, which is aimed at deploying both ransomware and cryptocurrency mining payloads, is out in the wild.The polyfill.io domain, used for providing backward compatibility for older browsers, has been shut down amid accusations of malicious activity after recently being acquired by Chinese firm Funnull, and was allegedly redirecting users to malicious sites and employing evasion techniques. The Germany-based company behind the world-famous remote desktop software TeamViewer has confirmed that in 2016 TeamViewer software was compromised.

On this week's show, Patrick Gray and Adam Boileau discuss the week's security news, including: Widely used polyfill javascript gets hijacked by its new owners MacOS supply chain disaster bullet dodged That OpenSSH remote code exec OH MY

Topics covered in this episode: Joining Strings in Python: A "Huh" Moment 10 hard-to-swallow truths they won't tell you about software engineer job My thoughts on Python in Excel Extra, extra, extra Extras Joke Watch on YouTube About the show Sponsored by ScoutAPM: pythonbytes.fm/scout Connect with the hosts Michael: @mkennedy@fosstodon.org Brian: @brianokken@fosstodon.org Show: @pythonbytes@fosstodon.org Join us on YouTube at pythonbytes.fm/live to be part of the audience. Usually Tuesdays at 10am PT. Older video versions available there too. Finally, if you want an artisanal, hand-crafted digest of every week of the show notes in email form? Add your name and email to our friends of the show list, we'll never share it. Brian #1: Joining Strings in Python: A "Huh" Moment Veronica Berglyd Olsen Standard solution to “read lines from a file, do some filtering, create a multiline string”: f = open("input_file.txt") filtered_text = "n".join(x for x in f if not x.startswith("#")) This uses a generator, file reading, and passes the generator to join. Another approach is to add brackets and pass that generator to a list comprehension: f = open("input_file.txt") filtered_text = "n".join([x for x in f if not x.startswith("#")]) At first glance, this seems to just be extra typing, but it's actually faster by 16% on CPython due to the implementation of .join() doing 2 passes on input if passed a generator. From Trey Hunner: “I do know that it's not possible to do 2 passes over a generator (since it'd be exhausted after the first pass) so from my understanding, the generator version requires an extra step of storing all the items in a list first.” Michael #2: 10 hard-to-swallow truths they won't tell you about software engineer job College will not prepare you for the job You will rarely get greenfield projects Nobody gives a BLANK about your clean code You will sometimes work with incompetent people Get used to being in meetings for hours They will ask you for estimates a lot of times Bugs will be your arch-enemy for life Uncertainty will be your toxic friend It will be almost impossible to disconnect from your job You will profit more from good soft skills than from good technical skills Brian #3: My thoughts on Python in Excel Felix Zumstein Interesting take on one person's experience with trying Python in Excel. “We wanted an alternative to VBA, but got an alternative to the Excel formula language” “Python runs in the cloud on Azure Container Instances and not inside Excel.” “DataFrames are great, but so are NumPy arrays and lists.” … lots of other interesting takaways. Michael #4: Extra, extra, extra Code in a castle - Michael's Python Zero to Hero course in Tuscany Polyfill.io JavaScript supply chain attack impacts over 100K sites Now required reading: Reasons to avoid Javascript CDNs Mac users served info-stealer malware through Google ads HTMX for the win! ssh to run remote commands > ssh user@server "command_to_run --arg1 --arg2" Extras Brian: A fun reaction to AI - I will not be showing the link on our live stream, due to colorful language. Michael: Coding in a Castle Developer Education Event Polyfill.io JavaScript supply chain attack impacts over 100K sites See Reasons to avoid Javascript CDNs Joke: HTML Hacker

Seth and Ken are back on the podcast this week without a guest for the first time in a month and start out with an in-depth discussion on startup life based on a recent article from TLDR;Sec. This is followed by thoughts on the recent influx of cash for Portswigger and how it will affect work and the testing space over the next few years. Finally, opinions on the recent polyfill[.io] malware attack and supply chain issues. Join the newsletter at news.absoluteappsec.com for further analysis or pick up some new podcast swag at merch.absoluteappsec.com

Josh and Kurt talk about the latest polyfill.io mess. Apparently someone took over a very popular project and started to serve malware. First XZ, now this. What does it mean for open source? We don't have any answers, and it's hard to even talk about this problem because it's so big. The thing is though, even if we can't fix open source, it's here to stay. Show Notes Polyfill supply chain attack hits 100K+ sites OpenSSF Scorecard

The 'Three Buddy Problem' Podcast Episode 2: Ryan Naraine, Costin Raiu and Juan Andres Guerrero-Saade go all-in on the discussion around Google Project Zero disrupting counter-terrorism malware operations. A deep dive on disruption vs exposure, the effects of US government sanctions on private mercenary hacking companies, hypocricy and the tricky relationship between malware researchers are the intelligence community, and the lack of 'success stories' from so-called benevolent malware. We also discuss the implications of the TeamViewer breach by a skilled Russian APT, new Microsoft notifications to Midnight Blizzard victims and share thoughts on the Polyfill.io supply chain compromise.

We've made a slight tweak to the news format, only focusing on the most interesting funding and acquisition stories. As always, you can go check out Mike Privette's Return on Security newsletter for the full list of funded and acquired companies every week. This week, we discuss two $100M+ rounds, from Huntress and Semperis. We also discuss NetSPI's acquisition of Hubble, and the future of the CAASM market. We focus on the important of detection engineering, echoing some of Martin Roesch's thoughts from our interview with him just before the news. One story is from the excellent DFIR report, a website and newsletter you should absolutely be subscribed to if detection engineering is important to you. The other story is from Thinkst, and showcases their ability to create file share honeypots with file listings that can now be tailored to specific industries. We discuss the results of some polls that RSnake ran on Twitter, to get feedback from folks on what they think about these models where CISOs are reportedly getting kickbacks for buying products from companies they advise. We also discuss the latest whistleblower insights about Microsoft and the state of security there, and the recent Polyfill.io incident that targeted over 100k websites with malware. Finally, we spend the rest of the news segment discussing the current state of Generative AI, from our own perspectives, but also through the lens of Bruce Schneier's latest blog post, a year old post from Marc Andreesen, and a rage-fueled rant from an angry Aussie. Don't miss the squirrel story - we highly recommend sending it to all your PhD friends (or not, if they're easily insulted and/or likely to hold a grudge). Show Notes: https://securityweekly.com/esw-366

We've made a slight tweak to the news format, only focusing on the most interesting funding and acquisition stories. As always, you can go check out Mike Privette's Return on Security newsletter for the full list of funded and acquired companies every week. This week, we discuss two $100M+ rounds, from Huntress and Semperis. We also discuss NetSPI's acquisition of Hubble, and the future of the CAASM market. We focus on the important of detection engineering, echoing some of Martin Roesch's thoughts from our interview with him just before the news. One story is from the excellent DFIR report, a website and newsletter you should absolutely be subscribed to if detection engineering is important to you. The other story is from Thinkst, and showcases their ability to create file share honeypots with file listings that can now be tailored to specific industries. We discuss the results of some polls that RSnake ran on Twitter, to get feedback from folks on what they think about these models where CISOs are reportedly getting kickbacks for buying products from companies they advise. We also discuss the latest whistleblower insights about Microsoft and the state of security there, and the recent Polyfill.io incident that targeted over 100k websites with malware. Finally, we spend the rest of the news segment discussing the current state of Generative AI, from our own perspectives, but also through the lens of Bruce Schneier's latest blog post, a year old post from Marc Andreesen, and a rage-fueled rant from an angry Aussie. Don't miss the squirrel story - we highly recommend sending it to all your PhD friends (or not, if they're easily insulted and/or likely to hold a grudge). Show Notes: https://securityweekly.com/esw-366

TeamViewer tackles APT29 intrusion. Microsoft widens email breach alerts. Uncovering a malware epidemic. Google's distrust on Entrust. Safeguarding critical systems. FTC vs. MGM. Don't forget to backup your data. Polyfill's accidental exposé. Our guest is Caitlyn Shim, Director of AWS Cloud Governance, and she recently joined N2K's Rick Howard at AWS re:Inforce event. They're discussing  cloud governance, the growth and development of AWS, and diversity. And a telecom titan becomes telecom terror. Our 2024 N2K CyberWire Audience Survey is underway, make your voice heard and get in the running for a $100 Amazon gift card. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Guest Caitlyn Shim, Director of AWS Cloud Governance, joined N2K's Rick Howard at AWS re:Inforce event recently in Philadelphia, PA. They spoke about cloud governance, the growth and development of AWS, and diversity. Caitlyn was part of the Women of Amazon Security Panel at the event. You can read more about Caitlyn and her colleagues as they discuss their diverse paths into security and offer advice for those looking to enter the field  here.  Selected Reading TeamViewer investigating intrusion of corporate IT environment (The Record) Microsoft reveals further emails compromised by Russian hack (Engadget) Chicago Children's Hospital Says 791,000 Impacted by Ransomware Attack (SecurityWeek) Unfurling Hemlock: New threat group uses cluster bomb campaign to distribute malware (Outpost 24) Google to block sites using Entrust certificates in bombshell move (The Stack)  US House Subcommittee examines critical infrastructure vulnerabilities, role of cyber insurance in resilience efforts (Industrial Cyber)  FTC Defends Investigation Into Cyberattack on MGM as Casino Giant Seeks to Block Probe (The National Law Journal) This is why you need backups: A cyber attack on an Indonesian data center caused havoc for public services – and its forcing a national rethink on data security (ITPro) Polyfill.io, BootCDN, Bootcss, Staticfile attack traced to 1 operator (Bleeping Computer)  ISP Sends Malware to Thousands of Customers to Stop Using File-Sharing Services (Cybersecurity News)   Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

We all might be a little worn out on this topic, but there's no escaping it. Executives want to adopt GenAI and it is being embedded into nearly every software product we use in both our professional and personal lives. In this interview, Anurag joins us to discuss how his company evaluated and ultimately integrated AI-based technologies into their products. We discuss: What to be aware of when deploying GenAI Key use cases and successes organizations are having with GenAI Some of the risks to be aware of How to prepare employees for GenAI Best practices to prepare for evolving threats For decades, security teams have been focused on preventing and detecting threats, only to find themselves buried so deep in alerts, they can't detect anything at all! We clearly need a different approach, which will be the topic of our conversation today with Marty. We'll be discussing a shift in philosophy and tactics. We'll discuss whether SecOps has a hoarding problem, and possible paths out of the current situation preventing today's teams from successfully detecting attacks. Finally, we'll discuss the impact AI has on all this (if any). Segment Resources: Why It's Time to Evolve from Threat-centric to Compromise-centric Security Evolve from Threat-Centric to Compromise-Centric Security How to Close the Visibility Gaps Across Your Multi-Cloud Environment Defend HPC Data Centers with Frictionless Security & Observability We've made a slight tweak to the news format, only focusing on the most interesting funding and acquisition stories. As always, you can go check out Mike Privette's Return on Security newsletter for the full list of funded and acquired companies every week. This week, we discuss two $100M+ rounds, from Huntress and Semperis. We also discuss NetSPI's acquisition of Hubble, and the future of the CAASM market. We focus on the important of detection engineering, echoing some of Martin Roesch's thoughts from our interview with him just before the news. One story is from the excellent DFIR report, a website and newsletter you should absolutely be subscribed to if detection engineering is important to you. The other story is from Thinkst, and showcases their ability to create file share honeypots with file listings that can now be tailored to specific industries. We discuss the results of some polls that RSnake ran on Twitter, to get feedback from folks on what they think about these models where CISOs are reportedly getting kickbacks for buying products from companies they advise. We also discuss the latest whistleblower insights about Microsoft and the state of security there, and the recent Polyfill.io incident that targeted over 100k websites with malware. Finally, we spend the rest of the news segment discussing the current state of Generative AI, from our own perspectives, but also through the lens of Bruce Schneier's latest blog post, a year old post from Marc Andreesen, and a rage-fueled rant from an angry Aussie. Don't miss the squirrel story - we highly recommend sending it to all your PhD friends (or not, if they're easily insulted and/or likely to hold a grudge). Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-366

This week, we discuss the 5 key trends from Bessemer's State of the Cloud 2024 report. Plus, Matt makes a stock pick for the next 10 years! Runner-up Titles Is it named after Hootie and the Blowfish? Prepaying for your bad behavior You have a thought piece, we're gonna think about it The Footloose Soundtrack Rundown Amazon Hits $2 Trillion Market Value as AI Frenzy Fuels Rally (https://www.bloomberg.com/news/articles/2024-06-26/amazon-amzn-hits-2-trillion-market-value-as-ai-frenzy-fuels-rally) State of the Cloud 2024 (https://www.bvp.com/atlas/state-of-the-cloud-2024) The Real Reason Why Music Is Getting Worse (https://youtu.be/1bZ0OSEViyo?si=F_Yy7c1RYkXh-Iqd) Relevant to your Interests The short, happy reign of CD-ROM (https://www.fastcompany.com/91128052/history-of-cd-roms-encarta-myst) 1Password is simplifying setup on new devices and adding 'Recovery codes' (https://9to5google.com/2024/06/20/1password-recovery-code-sign-in-beta/) Apple is winning in financial services (https://www.axios.com/2024/06/20/apple-winning-finance-bnpl) Anthropic's latest model, Claude 3.5 Sonnet, just released on Amazon Bedrock (https://www.threads.net/@ajassy/post/C8ccbgRiEeY) What it Takes to Be Valued at >10x Rev (https://cloudedjudgement.substack.com/p/clouded-judgement-62124-what-it-takes?utm_source=post-email-title&publication_id=56878&post_id=145617522&utm_campaign=email-post-title&isFreemail=true&r=2l9&triedRedirect=true&utm_medium=email) Microsoft makes Copilot less useful on new Copilot Plus PCs (https://www.theverge.com/2024/6/21/24182979/microsoft-copilot-key-keyboard-shortcut-pwa) Exclusive: Amazon mulls $5 to $10 monthly price tag for unprofitable Alexa service, AI revamp (https://www.reuters.com/technology/amazon-mulls-5-10-monthly-price-tag-unprofitable-alexa-service-ai-revamp-2024-06-21/) Amazon's new AI-powered Alexa might cost up to $10 per month (https://www.theverge.com/2024/6/21/24183013/amazon-alexa-ai-subscription) Is Your Driving Being Secretly Scored? (https://www.nytimes.com/2024/06/09/technology/driver-scores-insurance-data-apps.html) AI Tools Are Secretly Training on Real Images of Children (https://www.wired.com/story/ai-tools-are-secretly-training-on-real-childrens-faces/) Nvidia Is No Cisco, but It Is Getting Expensive (https://www.wsj.com/finance/investing/nvidia-is-no-cisco-but-it-is-getting-expensive-1938fcc0) Microsoft shelves its underwater data center (https://www.tomshardware.com/desktops/servers/microsoft-shelves-its-underwater-data-center) With Pen and Paper in Hand, Car Dealers Improvise as Cyber Outage Persists (https://www.wsj.com/business/autos/with-pen-and-paper-in-hand-car-dealers-improvise-as-cyber-outage-persists-2642ebb7) Nvidia Insiders Cash In on Rally as Share Sales Top $700 Million (https://www.bloomberg.com/news/articles/2024-06-18/nvidia-nvda-insiders-cash-in-on-rally-as-share-sales-top-700-million) We've got to talk about the environment when we talk about AI (https://thehustle.co/news/we-ve-got-to-talk-about-the-environment-when-we-talk-about-ai) Gmail's Gemini AI sidebar and email summaries are rolling out now (https://www.theverge.com/2024/6/24/24185277/google-gmail-gemini-ai-sidebar) Google is bringing Gemini access to teens using their school accounts (https://techcrunch.com/2024/06/24/google-is-bringing-gemini-access-to-teens-using-their-school-accounts/) Managing Your Mac Menu Bar: A Roundup of My Favorite Bartender Alternatives (https://feed.feedburster.com/macstoriesnet/redirect?url=https://www.macstories.net/roundups/managing-your-mac-menu-bar-a-roundup-of-my-favorite-bartender-alternatives/) Report: Amazon developing AI chatbot that would compete with ChatGPT and others (https://www.geekwire.com/2024/report-amazon-developing-ai-chatbot-that-would-compete-with-chatgpt-and-others/) How to escape VMware's pricey clutches with Virt-v2v (https://www.theregister.com/2024/06/21/virtv2v_helps_you_move_vms/) Figma's new Slides app focuses on design, fun, and (oh, yeah!) AI (https://www.fastcompany.com/91145153/figma-slides-presentations-config-2024) Powering the AI Revolution: The PyTorch Documentary (https://pytorch.org/blog/pytorch-documentary/) Polyfill supply chain attack hits 100K+ sites (https://sansec.io/research/polyfill-supply-chain-attack) Some CIOs say getting full value out of AI tools like Copilot for Microsoft 365 requires heavy lifting, as enterprise data isn't always accurate and up-to-date (http://www.techmeme.com/240626/p6#a240626p6) ****## Nonsense Cybertruck: The Embarrassing beginning of Teslas Demise (https://youtu.be/MoYXhcxngxI?si=Rxg48DLqAtyAE-Ck) The Buc-ee's Statue Got A New Look, And Fans Have Thoughts (https://www.southernliving.com/buc-ees-luling-statue-8665734) Delta's most exclusive airport lounge opens. Here's what's inside (https://www.cnbc.com/2024/06/25/delta-one-jfk-airport-lounge.html) Explaining Software Development Methods By Flying to Mars [Comic] (https://toggl.com/blog/mars-software-development) Sponsors Check out www.apilayer.com (https://apilayer.com/?utm_source=SoftwareDefinedTalkPodcast&utm_medium=Leads%20Acquisition&utm_campaign=PodcastDescription)! From scraping, finance to weather data, apilayer offers reliable and easy-to-integrate APIs for all your needs. Trusted by developers at companies worldwide. Use the code SDT2024 for an exclusive discount - 50% for 3 months on 100 API plans. Code is valid until Sep 30, 2024 Conferences DevOpsDays Birmingham (https://devopsdays.org/events/2024-birmingham-al/welcome/), August 19–21, 2024 DevOpsDays Antwerp (https://devopsdays.org/events/2024-antwerp/welcome/), 15th anniversary, Sep 4th-5th. SpringOne (https://springone.io/?utm_source=cote&utm_campaign=devrel&utm_medium=newsletter&utm_content=newsletterUpcoming)/VMware Explore US (https://blogs.vmware.com/explore/2024/04/23/want-to-attend-vmware-explore-convince-your-manager-with-these/?utm_source=cote&utm_campaign=devrel&utm_medium=newsletter&utm_content=newsletterUpcoming), August 26–29, 2024 SREday London 2024 (https://sreday.com/2024-london/), September 19th to 20th, Coté speaking. 20% off with the code SRE20DAY (https://sreday.com/2024-london/#tickets) SDT news & hype Join us in Slack (http://www.softwaredefinedtalk.com/slack). Get a SDT Sticker! Send your postal address to stickers@softwaredefinedtalk.com (mailto:stickers@softwaredefinedtalk.com) and we will send you free laptop stickers! Follow us: Twitch (https://www.twitch.tv/sdtpodcast), Twitter (https://twitter.com/softwaredeftalk), Instagram (https://www.instagram.com/softwaredefinedtalk/), Mastodon (https://hachyderm.io/@softwaredefinedtalk), BlueSky (https://bsky.app/profile/softwaredefinedtalk.com), LinkedIn (https://www.linkedin.com/company/software-defined-talk/), TikTok (https://www.tiktok.com/@softwaredefinedtalk), Threads (https://www.threads.net/@softwaredefinedtalk) and YouTube (https://www.youtube.com/channel/UCi3OJPV6h9tp-hbsGBLGsDQ/featured). Use the code SDT to get $20 off Coté's book, Digital WTF (https://leanpub.com/digitalwtf/c/sdt), so $5 total. Become a sponsor of Software Defined Talk (https://www.softwaredefinedtalk.com/ads)! Recommendations Brandon: Pause your YouTube TV Subscription (https://support.google.com/youtubetv/answer/7129668?hl=en&co=GENIE.Platform%3DAndroid#zippy=%2Chow-to-pause-your-membership) Matt: Anti-pick: NBN Broadband Photo Credits Header (https://unsplash.com/photos/two-linemen-on-cherry-pickers-fHLdXfURDhA) Artwork (https://unsplash.com/photos/a-yellow-arrow-is-surrounded-by-red-arrows-SWJPQQkuFWA)

We all might be a little worn out on this topic, but there's no escaping it. Executives want to adopt GenAI and it is being embedded into nearly every software product we use in both our professional and personal lives. In this interview, Anurag joins us to discuss how his company evaluated and ultimately integrated AI-based technologies into their products. We discuss: What to be aware of when deploying GenAI Key use cases and successes organizations are having with GenAI Some of the risks to be aware of How to prepare employees for GenAI Best practices to prepare for evolving threats For decades, security teams have been focused on preventing and detecting threats, only to find themselves buried so deep in alerts, they can't detect anything at all! We clearly need a different approach, which will be the topic of our conversation today with Marty. We'll be discussing a shift in philosophy and tactics. We'll discuss whether SecOps has a hoarding problem, and possible paths out of the current situation preventing today's teams from successfully detecting attacks. Finally, we'll discuss the impact AI has on all this (if any). Segment Resources: Why It's Time to Evolve from Threat-centric to Compromise-centric Security Evolve from Threat-Centric to Compromise-Centric Security How to Close the Visibility Gaps Across Your Multi-Cloud Environment Defend HPC Data Centers with Frictionless Security & Observability We've made a slight tweak to the news format, only focusing on the most interesting funding and acquisition stories. As always, you can go check out Mike Privette's Return on Security newsletter for the full list of funded and acquired companies every week. This week, we discuss two $100M+ rounds, from Huntress and Semperis. We also discuss NetSPI's acquisition of Hubble, and the future of the CAASM market. We focus on the important of detection engineering, echoing some of Martin Roesch's thoughts from our interview with him just before the news. One story is from the excellent DFIR report, a website and newsletter you should absolutely be subscribed to if detection engineering is important to you. The other story is from Thinkst, and showcases their ability to create file share honeypots with file listings that can now be tailored to specific industries. We discuss the results of some polls that RSnake ran on Twitter, to get feedback from folks on what they think about these models where CISOs are reportedly getting kickbacks for buying products from companies they advise. We also discuss the latest whistleblower insights about Microsoft and the state of security there, and the recent Polyfill.io incident that targeted over 100k websites with malware. Finally, we spend the rest of the news segment discussing the current state of Generative AI, from our own perspectives, but also through the lens of Bruce Schneier's latest blog post, a year old post from Marc Andreesen, and a rage-fueled rant from an angry Aussie. Don't miss the squirrel story - we highly recommend sending it to all your PhD friends (or not, if they're easily insulted and/or likely to hold a grudge). Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-366

Gas chromatograph vulnerabilities reveal medical IoT challenges We never authorized polyfill.io to use our name, says Cloudflare Evolve Bank confirms data breach, undermining LockBit's Federal Reserve claim Huge thanks to our sponsor, Prelude Security When executives ask the question, are we vulnerable to this threat? How long does it take you to get a confident answer? Prelude automatically transforms threat intelligence into validated detections, so you can know with certainty in just a manner of minutes. Visit preludesecurity.com to upload your own threat intelligence and see for yourself. For the stories behind the headlines, head to CISOseries.com.

Timestamps: 0:00 it's about the opposite of antitrust 0:06 EU charges Microsoft with violation 1:37 Internet Archive loses 500,000 books 3:01 AI ToS changes to collect more data 4:44 QUICK BITS INTRO 4:51 Polyfill service serving malware 5:22 LLMS with no matrix multiplication 6:00 Augmented reality car windshield 6:43 Rabbit R1 vulnerabilities 7:26 Robot faces made of LIVING SKIN News Sources: https://lmg.gg/0IPWM Learn more about your ad choices. Visit megaphone.fm/adchoices

This may be controversial, however, we've been privately discussing how organizations benefit from penetration testing and vulnerability scanning. Do you still need these services as a critical part of your security program? Can't you just patch stuff that is missing patches? Tune in for a lively debate! Zyxl NAS devices are under attack and the exploit is pretty simple, A new UEFI vulnerability with a name that some people don't like, that time you setup a load balancer and forgot about it, I love it when there is a vulnerability in a Wifi driver, Polyfill is filling the Internet with supply chain vulnerabilities, open source doesn't mean more secure, what happens when there is a vulnerability in your bootload, The Red Hat Linux kernel model is broken, when disclosure goes wrong, and more IoT router vulnerabilities. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-833

Android lying Snowblind in the sun Identity verification service exposed data for over a year Polyfill.io JavaScript attack impacts thousands of sites Huge thanks to our sponsor, Prelude Security 30 minutes to peace of mind. That's what you'll get with Prelude's automated threat management platform where you can upload any piece of threat intelligence and quickly generate threat-hunting queries, detection rules, and more. Visit preludesecurity.com and get all of this in 30 minutes or get a pizza on Prelude.   

Zyxl NAS devices are under attack and the exploit is pretty simple, A new UEFI vulnerability with a name that some people don't like, that time you setup a load balancer and forgot about it, I love it when there is a vulnerability in a Wifi driver, Polyfill is filling the Internet with supply chain vulnerabilities, open source doesn't mean more secure, what happens when there is a vulnerability in your bootload, The Red Hat Linux kernel model is broken, when disclosure goes wrong, and more IoT router vulnerabilities. Show Notes: https://securityweekly.com/psw-833

This may be controversial, however, we've been privately discussing how organizations benefit from penetration testing and vulnerability scanning. Do you still need these services as a critical part of your security program? Can't you just patch stuff that is missing patches? Tune in for a lively debate! Zyxl NAS devices are under attack and the exploit is pretty simple, A new UEFI vulnerability with a name that some people don't like, that time you setup a load balancer and forgot about it, I love it when there is a vulnerability in a Wifi driver, Polyfill is filling the Internet with supply chain vulnerabilities, open source doesn't mean more secure, what happens when there is a vulnerability in your bootload, The Red Hat Linux kernel model is broken, when disclosure goes wrong, and more IoT router vulnerabilities. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-833

Zyxl NAS devices are under attack and the exploit is pretty simple, A new UEFI vulnerability with a name that some people don't like, that time you setup a load balancer and forgot about it, I love it when there is a vulnerability in a Wifi driver, Polyfill is filling the Internet with supply chain vulnerabilities, open source doesn't mean more secure, what happens when there is a vulnerability in your bootload, The Red Hat Linux kernel model is broken, when disclosure goes wrong, and more IoT router vulnerabilities. Show Notes: https://securityweekly.com/psw-833

This is a recap of the top 10 posts on Hacker News on June 25th, 2024.This podcast was generated by wondercraft.ai(00:38): Polyfill supply chain attack hits 100K+ sitesOriginal post: https://news.ycombinator.com/item?id=40791829&utm_source=wondercraft_ai(01:49): Local First, ForeverOriginal post: https://news.ycombinator.com/item?id=40786425&utm_source=wondercraft_ai(03:00): Microsoft removes documentation for switching to a local account in Windows 11Original post: https://news.ycombinator.com/item?id=40786644&utm_source=wondercraft_ai(04:07): Ball: A ball that lives in your dockOriginal post: https://news.ycombinator.com/item?id=40793465&utm_source=wondercraft_ai(05:13): Microsoft breached antitrust rules by bundling Teams and Office, EU saysOriginal post: https://news.ycombinator.com/item?id=40786640&utm_source=wondercraft_ai(06:18): Waymo One is now open to everyone in San FranciscoOriginal post: https://news.ycombinator.com/item?id=40789411&utm_source=wondercraft_ai(07:29): Microsoft charged with EU antitrust violations for bundling TeamsOriginal post: https://news.ycombinator.com/item?id=40787842&utm_source=wondercraft_ai(08:15): Testing AMD's Giant MI300XOriginal post: https://news.ycombinator.com/item?id=40789919&utm_source=wondercraft_ai(09:36): Chang'e 6 lunar sample return mission returns with samples from moon's far sideOriginal post: https://news.ycombinator.com/item?id=40790057&utm_source=wondercraft_ai(10:56): Fixing QuickLook (2023)Original post: https://news.ycombinator.com/item?id=40792740&utm_source=wondercraft_aiThis is a third-party project, independent from HN and YC. Text and audio generated using AI, by wondercraft.ai. Create your own studio quality podcast with text as the only input in seconds at app.wondercraft.ai. Issues or feedback? We'd love to hear from you: team@wondercraft.ai

Episode #451 consacré à la backdoor dépoloyée dans XZ Utils Références :  Backdoor XZ :https://arstechnica.com/security/2024/04/what-we-know-about-the-xz-utils-backdoor-that-almost-infected-the-world/https://boehs.org/node/everything-i-know-about-the-xz-backdoorhttps://bsky.app/profile/filippo.abyssdomain.expert/post/3kowjkx2njy2bhttps://github.com/amlweems/xzbothttps://gynvael.coldwind.pl/?lang=en&id=782https://nvd.nist.gov/vuln/detail/CVE-2024-3094https://tukaani.org/xz-backdoor/https://twitter.com/fr0gger_/status/1774342248437813525/photo/1https://www.bleepingcomputer.com/news/security/red-hat-warns-of-backdoor-in-xz-tools-used-by-most-linux-distros/https://www.cisa.gov/news-events/alerts/2024/03/29/reported-supply-chain-compromise-affecting-xz-utils-data-compression-library-cve-2024-3094https://www.openwall.com/lists/oss-security/2024/03/29/4https://www.theregister.com/2024/03/29/malicious_backdoor_xz/ Microsoft Equation Editor :https://support.microsoft.com/en-us/office/equation-editor-6eac7d71-3c74-437b-80d3-c7dea24fdf3f   Polyfill :https://github.com/formatjs/formatjs/issues/4363   The post Backdoor dans XZ Utils appeared first on NoLimitSecu.

In this episode of Syntax, Wes and Scott review their 2023 predictions and see how they did on ideas like Deno getting hotter, new JS APIs, WASM, Houdini, CSS Container Queries, and more! Show Notes 00:24 Welcome 01:18 Syntax Brought to you by Sentry 02:05 SSR JS sites more the norm solidjs.com Remix - Build Better Websites Next.js by Vercel - The React Framework SvelteKit • Web development, streamlined Astro 04:14 TypeScript Inferred becomes hot 05:20 Types In JS? ECMAScript proposal for type syntax that is erased - Stage 1 07:55 Deno gets hotter 11:12 JS runtimes mature htmx 11:50 We will see a new TS Type Checker written in Rust 14:06 New JS APIs What's the status of this project? · Issue #1101 · dudykr/stc Wes Bos on X: "Pretty excited about the new JavaScript non-mutating array methods. Currently in stage 3 tc39/proposals: Tracking ECMAScript Proposals JS Fundamentals - Decorators - Syntax #653 16:29 Writing towards Winter CG Spec Popular. WinterCG 17:09 Edge Rendering More Common Prettier on X: "We setup a $20k bounty for a rust-based compatible printer with prettier. $20k Bounty was Claimed! · Prettier 18:09 A new JS framework 19:05 Page Transitions API 19:51 Rust becomes more popular 24:00 More WASM Supper Club × WASM, Fastly Edge, and Polyfill.io with Jake Champion - Syntax #643 FFmpeg Fastly 25:11 React Beta Docs launch after 5 year dev cycle 26:47 We start to see CSS Container Queries in production 29:05 CanIUse issues? 31:20 CSS Subgrid 32:56 More AI 34:06 Tooling Vite | Next Generation Frontend Tooling Announcing Biome | Biome Lightning CSS Rspack Turbopack 36:08 People sour on React 36:47 People sour on eslint 37:16 Houdini does nothing CSS Houdini| MDN Is Houdini Ready Yet? 39:57 How'd we do? 40:40 Sick picks Sick Picks Scott: Super Mario Bros.™ Wonder Wes: Tineco Pure ONE S11 Cordless Vacuum Cleaner Shameless Plugs Scott: Sentry Wes: Wes Bos Courses Hit us up on Socials! Syntax: X Instagram Tiktok LinkedIn Threads Wes: X Instagram Tiktok LinkedIn Threads Scott: X Instagram Tiktok LinkedIn Threads

In this supper club episode of Syntax, Wes and Scott talk with Aiden Bai about his work on Million.js that aims to make React a lot faster. How does Million.js make React faster? And most importantly: has Aiden ever used a VCR? Show Notes 00:35 Welcome 00:57 Introducing Aiden Bai Aiden Bai aidenybai on GitHub @aidenybai on Twitter Aiden Bai on YouTube Million.js 01:57 What is Million.js? 03:20 How does React do rendering now? 04:31 How does Million.js make it faster? 07:37 What goes into creating a compiler? 08:24 How do you go from learning JavaScript to writing compilers? 11:05 Wyze WebRTC stream work 13:13 What are you using to benchmark and test? solidjs.com js-framework-benchmark xkcd: Compiling 18:19 What does a slowly rendering site look like? 23:54 How do you handle find on page with large amounts of code? 25:32 What does 70% faster with Million.js mean? Hyper™ Warp: Your terminal, reimagined 26:44 Why are maps slow? Supper Club × WASM, Fastly Edge, and Polyfill.io with Jake Champion — Syntax Podcast 643 28:19 Benefits of the Macro API 31:12 Does Million.js work across the board? 33:03 Does it ever break projects? How do you test Million.js? 35:35 How do you keep up on your GitHub issues? 37:40 What other areas of tech are you interested in working on? partytown 39:32 What was the inspiration for your website? 43:52 Supper Club questions Gruvbox with Material Palette iTerm2 - macOS Terminal Replacement ××× SIIIIICK ××× PIIIICKS ××× Barbie (2023) directed by Greta Gerwig • Reviews, film + cast • Letterboxd Teenage Mutant Ninja Turtles: Mutant Mayhem (2023) directed by Jeff Rowe • Reviews, film + cast • Letterboxd Shameless Plugs Million Kitchen Sink Tweet us your tasty treats Scott's Instagram LevelUpTutorials Instagram Wes' Instagram Wes' Twitter Wes' Facebook Scott's Twitter Make sure to include @SyntaxFM in your tweets Wes Bos on Bluesky Scott on Bluesky Syntax on Bluesky

In this episode of Syntax, Wes and Scott talk about what polyfills, transpiling, and monkey patching mean, how and when to do it, and libraries that can help you out. Show Notes 00:10 Welcome 01:07 Toast follow up 02:45 What are transpiling, ponyfill, polyfill, and monkey patching TC39 Proposals Pretty excited about the new JavaScript non-mutating array methods. Currently in stage 3 11:18 Transpiling unsupported CSS 15:11 Polyfills Popover polyfill 19:22 Polyfilling CSS 21:06 HTML polyfills 27:47 How to transpile and polyfill Babel TypeScript: JavaScript With Syntax For Types CoffeeScript Civet cronn/jsxtransformer: Pipeline for transforming JSX files using Babel.js and Uglify.js Svelte • Cybernetically enhanced web apps Polyfill.io core-js - npm 35:46 Shiv and shims Shim vs Shiv 38:16 Monkey patching 49:08 SIIIIICK ××× PIIIICKS ××× ××× SIIIIICK ××× PIIIICKS ××× Scott: Cable sleeve Wes: Air Purifier AliExpress Shameless Plugs Scott: Sentry Wes: Wes Bos Tutorials Tweet us your tasty treats Scott's Instagram LevelUpTutorials Instagram Wes' Instagram Wes' Twitter Wes' Facebook Scott's Twitter Make sure to include @SyntaxFM in your tweets Wes Bos on Bluesky Scott on Bluesky Syntax on Bluesky