Podcasts about JavaScript

Ransomware attacks typically don't care about memory safety and dependency scanning, they often target old, unpatched vulns and too often they succeed. Rob Allen shares some of the biggest cases he's seen, what they have in common, and what appsec teams could do better to help them. Too much software still requires custom configuration to make it more secure. And too few software makers are embracing secure by default, let alone secure by design. In the news, passively monitoring geosynchronous satellite communications on the cheap, successful LLM poisoning of any size model with a single size dose, security engineering lessons from Signal's post-quantum crypto work, improving security for JavaScript in the browser, and more! This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-353

Ever wondered how source maps actually work? In this episode, Nicolo Ribaudo, Babel maintainer and TC39 delegate, breaks down how source maps connect your JavaScript, TypeScript, and CSS back to the original code — making debugging, stack traces, and observability smoother in Chrome dev tools. We dive into how source maps help in both development and production with minified code, explore tools like Webpack, Rollup, Next.js, and Svelte, and share when you should turn off source maps to avoid confusion. Links Website: https://nicr.dev LinkedIn: https://www.linkedin.com/in/nicol%C3%B2-ribaudo-bb94b4187 BlueSky: https://bsky.app/profile/nicr.dev Github: https://github.com/nicolo-ribaudo Resources Squiggleconf talk: https://squiggleconf.com/2025/sessions#source-maps-how-does-the-magic-work Slide deck: https://docs.google.com/presentation/d/1lyor5xgv821I4kUWJIwrrmXBjzC_qiqIqcZxve1ybw0 We want to hear from you! How did you find us? Did you see us on Twitter? In a newsletter? Or maybe we were recommended by a friend? Fill out our listener survey (https://t.co/oKVAEXipxu)! https://t.co/oKVAEXipxu Let us know by sending an email to our producer, Elizabeth, at elizabet.becz@logrocket.com (mailto:elizabeth.becz@logrocket.com), or tweet at us at PodRocketPod (https://twitter.com/PodRocketpod). Check out our newsletter (https://blog.logrocket.com/the-replay-newsletter/)! https://blog.logrocket.com/the-replay-newsletter/ Follow us. Get free stickers. Follow us on Apple Podcasts, fill out this form (https://podrocket.logrocket.com/get-podrocket-stickers), and we'll send you free PodRocket stickers! What does LogRocket do? LogRocket provides AI-first session replay and analytics that surfaces the UX and technical issues impacting user experiences. Start understanding where your users are struggling by trying it for free at LogRocket.com. Try LogRocket for free today. (https://logrocket.com/signup/?pdr) Chapters 00:00 Intro – Welcome to PodRocket + Introducing Nicolo Ribaudo 00:45 What Are Source Maps and Why They Matter for Debugging 01:20 From Babel to TC39 – Nicolo's Path to Source Maps 02:00 Source Maps Beyond JavaScript: CSS, C, and WebAssembly 03:00 The Core Idea – Mapping Compiled Code Back to Source 04:00 How Source Maps Work Under the Hood (Encoded JSON) 05:10 File Size and Performance – Why It Doesn't Matter in Production 06:00 Why Source Maps Are Useful Even Without Minification 07:00 Sentry and Error Monitoring – How Source Maps Are Used in Production 08:10 Two Worlds: Local Debugging vs. Remote Error Analysis 09:00 You're Probably Using Source Maps Without Realizing It 10:00 Why Standardization Was Needed After 15+ Years of Chaos 11:00 TC39 and the Creation of the Official Source Maps Standard 12:00 Coordinating Browsers, Tools, and Vendors Under One Spec 13:00 How Chrome, Firefox, and WebKit Implement Source Maps Differently 14:00 Why the Source Maps Working Group Moves Faster Than Other Standards 15:00 A Small, Focused Group of DevTools Engineers 16:00 How Build Tools and Bundlers Feed Into the Ecosystem 17:00 Making It Easier for Tool Authors to Generate Source Maps 18:00 How Frameworks Like Next.js and Vite Handle Source Maps for You 19:00 Common Pitfalls When Chaining Build Tools 20:00 Debugging Wrong or Broken Source Maps in Browsers 21:00 Upcoming Feature: Scopes for Variables and Functions 22:00 How Scopes Improve the Live Debugging Experience 23:00 Experimental Implementations and How to Try Them 24:00 Where to Find the TC39 Source Maps Group + Get Involved 25:00 Nicolo's Links – GitHub, BlueSky, and Talks Online 25:30 Closing Thoughts

Una and Bramus dive into the latest advancements in CSS with state-based container queries. Learn how to create responsive and dynamic user experiences by querying the scroll state of UI elements, including 'stuck,' 'snapped,' and 'scrollable' states. Discover practical examples and techniques to replace complex JavaScript with declarative CSS, making your web development more efficient and powerful. Resources: Scroll state queries → https://goo.gle/4mQDQ0M Scroll-state-container →  https://goo.gle/487y4nI Anchor queries → https://goo.gle/3IBDVaw Episode 59 → https://goo.gle/3KB7M3z  Una Kravets (co-host) Bluesky | Twitter | YouTube | WebsiteMaking the web more colorful @googlechrome  Bramus Van Damme (co-host) Bluesky | Mastodon | YouTube | Website@GoogleChrome CSS DevRel; @CSSWG; Scuba Diver

Ian and Aaron are joined this week by Jeffrey Way, creator of Laracasts, to talk about everything from their opinions about JavaScript to the evolution of Laracasts to modeling behavior for your kids and so much more.Sponsored by Bento, Flare, and Laravel Forge.Interested in sponsoring Mostly Technical?  Head to https://mostlytechnical.com/sponsor to learn more.(00:00) - Optimizing Everything (07:41) - Social Media, Kids, & Modeling Behavior (21:42) - Vision Quest Deep Dive (34:46) - Switch to Subscription? (39:48) - The Evolution of Laracasts (50:03) - Opinions About JavaScript (57:00) - Deciding What To Teach (01:02:59) - Chess (01:07:47) - YouTube & AI's Impact Links:AmaranTanStackRemix3 Ninjas (1992)Suno

Dynamic languages like Ruby, Python, and JavaScript determine the types of variables at runtime rather than at compile time. This flexibility allows for rapid development and concise code, but it also makes it harder to catch certain classes of bugs before execution. Type checkers for dynamic languages add structure and safety without compromising their expressive The post Static Analysis for Ruby with Jake Zimmerman appeared first on Software Engineering Daily.

Episode NotesThe discussion moves into how standards evolve beyond tools, the trade-offs of monocultures vs. consensus-driven teams, and why ownership matters when the original authors move on. Nathan also unpacks the cost of neglect, describing defects as anything that slows developers down—not just issues that impact end users.Later in the conversation, Nathan recounts a migration from a React SPA to Turbo and Stimulus that removed barriers between designers and developers. He highlights how keeping all problems on the radar together prevents teams from falling into local optima. The episode closes with reflections on TestBench, blind spots in testing, continuous improvement in remote teams, and advice for developers who feel stuck raising maintenance concerns.Episode Highlights[00:01:07] Defining Well-Maintained Software: Nathan shares his three key markers—up-to-date dependencies, adherence to team standards, and fixing defects immediately.[00:02:53] From Tools to Tacit Knowledge: Why norms start with tool-enforced rules like RuboCop but evolve into cultural agreements within teams.[00:04:49] Speed vs. Durability: Teams built on monoculture move quickly early on, but diverse, consensus-driven cultures go farther.[00:11:11] Owning the Architecture: When original developers leave, new teams must take responsibility for architecture rather than defer decisions.[00:13:37] The Cost of Neglect: Dependencies, drifting standards, and defects interact in compounding ways. Nathan reframes defects as “anything that impedes developer effectiveness.”[00:17:46] React → Turbo + Stimulus Migration: A costly SPA and siloed design team gave way to a simpler approach that reduced rework and empowered designers to contribute directly.[00:22:44] Avoiding Local Optima: Tackling problems in isolation creates dead ends—addressing them holistically opens real paths forward.[00:24:32] Who We Seek Validation From: Developer identities often align with whose approval they value—shaping front-end vs. back-end divides.[00:27:34] Comfort vs. Maintenance Burden: Silos built for comfort create tomorrow's maintenance problems.[00:33:45] Relentless Improvement in Remote Teams: Start as an ensemble, evolve into autonomous work cells, and use work logs to sustain consensus.[00:38:33] What's Missing from Remote Work: Nathan reflects on lost “hallway conversations” and the challenge of building social glue remotely.[00:40:50] The Story Behind TestBench: Dissatisfaction with existing frameworks and a desire for simplicity led to TestBench's creation.[00:47:38] Testing Blind Spots: The biggest blind spot is equating testing with automation—interactive testing and intelligible output remain essential.[00:50:35] Advice for Stuck Engineers: Nathan encourages developers to study quality traditions, connect with peers, and embrace continuous improvement.[00:53:16] Book Recommendations: Deming's Out of the Crisis and The New Economics, Toyota's product development work, and Rawls' A Theory of Justice.Tools & Resources MentionedBrightworks Digital – Nathan's current company, where he serves as Principal.Nathan Ladd on LinkedIn – Connect with Nathan and follow his work.TestBench – A Ruby testing framework co-created by Nathan.Turbo – Hotwire framework for building modern, fast applications without heavy JavaScript.Stimulus – A modest JavaScript framework for enhancing HTML with small, reusable controllers.RSpec – A popular Ruby testing tool for behavior-driven development.Minitest – A simple and fast Ruby testing framework.RuboCop – A Ruby static code analyzer and formatter.Lessons Learned in Software Testing – Classic book on testing by Cem Kaner, James Bach, and Bret Pettichord.Out of the Crisis – W. Edwards Deming's influential work on quality and systems thinking.The New Economics – Deming's follow-up book on continuous improvement.A Theory of Justice – John Rawls' seminal work on moral and political philosophy.The Toyota Product Development System – Insights into Toyota's continuous improvement and development practices.Thanks to Our Sponsor!Turn hours of debugging into just minutes! AppSignal is a performance monitoring and error-tracking tool designed for Ruby, Elixir, Python, Node.js, Javascript, and other frameworks.It offers six powerful features with one simple interface, providing developers with real-time insights into the performance and health of web applications.Keep your coding cool and error-free, one line at a time! Use the code maintainable to get a 10% discount for your first year. Check them out! Subscribe to Maintainable on:Apple PodcastsSpotifyOr search "Maintainable" wherever you stream your podcasts.Keep up to date with the Maintainable Podcast by joining the newsletter.

Scans for ESAFENET CDG V5 We do see some increase in scans for the Chinese secure document management system, ESAFENET. https://isc.sans.edu/diary/Heads%20Up%3A%20Scans%20for%20ESAFENET%20CDG%20V5%20/32364 Investigating targeted payroll pirate attacks affecting US universities Microsoft wrote about how payroll pirates redirect employee paychecks via phishing. https://www.microsoft.com/en-us/security/blog/2025/10/09/investigating-targeted-payroll-pirate-attacks-affecting-us-universities/ Attacks against Edge via IE Mode Microsoft Edge offers an IE legacy mode to support websites created for Internet Explorer. The old JavaScript engine, which is part of this mode, has been abused in recent attacks, and Microsoft will make it more difficult to enable IE Mode to counter these attacks. https://microsoftedge.github.io/edgevr/posts/Changes-to-Internet-Explorer-Mode-in-Microsoft-Edge/

Jonathan Tower is known to friends and colleagues simply as “J.” J. is a Microsoft MVP, Telerik Developer Expert, and the founder of Trailhead Technology Partners, a global custom software consultancy. With nearly 25 years of experience in the industry, J. has held roles ranging from senior architect to director of development, and now leads a team building high-quality, large-scale applications across a wide range of technologies.   J.'s technical expertise spans C#, .NET, ASP.NET MVC, and modern JavaScript frameworks, along with mobile app development. But what truly sets him apart is his passion for building community. He's the driving force behind Beer City Code, Michigan's largest software conference, and serves on the board of SoftwareGR, a nonprofit dedicated to growing the software industry in West Michigan.   He's also a frequent speaker at conferences and meetups around the world, a LinkedIn Learning course author, and a mentor to many through his work with robotics teams and local tech groups.   Outside of tech, J. is an adventurer at heart. He and his family recently completed a year-long road trip across the U.S., visiting 58 of the 63 national parks. He's also a fan of photography, hiking, reading, and catching every Best Picture nominee before the Oscars.   Topics of Discussion: [3:30] Fun fact! J. has been to 58 of the 63 national parks, with his current favorite being Glacier National Park. [4:46] J. explains his early interest in creating things and his discovery of software development in middle school. [7:33] J.'s journey into leadership and consulting. [11:04] J. talks about his Blue Blazes podcast and the inspiration behind the name. [14:27] The “shiny object syndrome” and the misuse of microservices architecture. [15:06] Understanding the true needs of a project before implementing complex solutions. [21:20] AI should be viewed as a collaborative tool, not a replacement for team members. [22:51] The insight that J. got at a Ford Factory about how AI can help us shape and create jobs instead of just replacing them. [27:50] J. mentions he recently released courses on Dome Train about migrating legacy applications. [29:05] Choosing the framework that is the most similar model. [31:29] The type of traits that J. would look for in a lead engineer or a team leader.   Mentioned in this Episode: Clear Measure Way Architect Forum Software Engineer Forum Jonathan “J.” Tower LinkedIn JTower Website Trailhead Technology Jonathan “J.” Tower MVP Blue Blazes Podcast .NET Foundation Dome Train — Jonathan Tower     Want to Learn More? Visit AzureDevOps.Show for show notes and additional episodes.

The popular MERN stack tutorials and the larger JavaScript ecosystem in general has failed to prepare junior developers for professional jobs. This is a rant about that...---------------------------------------------------

Or just "Embeds" as we more frequently refer to them as. Stephen and Chris talk about the fairly meaty project which was re-writing our Embeds for a CodePen 2.0 world. No longer can we assume Pens are just one HTML, CSS, and JavaScript "file", so they needed a bit of a redesign, but doing as little as possible so that existing Embed Themes still work. This was plenty tricky as it was a re-write from Rails to Next.js, with everything needing to be Server-Side Rendered and as lightweight as possible (thank urql!). Time Jumps

Google's new demand for developer registration could spell the end for open-source app stores, while Europe's controversial chat control vote threatens privacy for everyone—Steve and Leo break down what's at stake for devs and users alike. Qantas says no one can releak their stolen data. Brave's usage is up. But is it really 3 times faster. Next Tuesday the EU votes on "Chat Control". Microsoft formally launches a "Security Store". Outlook moves to block JavaScript in SVG's. A new release of Chrome. Gmail will no longer pull external email via POP. Googe Drive starts blocking ransomware encryptions. The UK issues another order to Apple. Researchers create a "Battering RAM" attack device. HackerOne's significant bug bounty payouts. The Imgur service goes dark across the UK. Guess why. The Netherlands plans to say NO to "Chat Control." Discord was breached and government IDs leaked. Salesforce says it's not another new breach. Signal introduces a new post-quantum ratchet. Your motherboard MIGHT support TPM 2.0. Google to force Android app devs to register and pay Show Notes - https://www.grc.com/sn/SN-1046-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: threatlocker.com for Security Now joindeleteme.com/twit promo code TWIT hoxhunt.com/securitynow bitwarden.com/twit veeam.com

Google's new demand for developer registration could spell the end for open-source app stores, while Europe's controversial chat control vote threatens privacy for everyone—Steve and Leo break down what's at stake for devs and users alike. Qantas says no one can releak their stolen data. Brave's usage is up. But is it really 3 times faster. Next Tuesday the EU votes on "Chat Control". Microsoft formally launches a "Security Store". Outlook moves to block JavaScript in SVG's. A new release of Chrome. Gmail will no longer pull external email via POP. Googe Drive starts blocking ransomware encryptions. The UK issues another order to Apple. Researchers create a "Battering RAM" attack device. HackerOne's significant bug bounty payouts. The Imgur service goes dark across the UK. Guess why. The Netherlands plans to say NO to "Chat Control." Discord was breached and government IDs leaked. Salesforce says it's not another new breach. Signal introduces a new post-quantum ratchet. Your motherboard MIGHT support TPM 2.0. Google to force Android app devs to register and pay Show Notes - https://www.grc.com/sn/SN-1046-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: threatlocker.com for Security Now joindeleteme.com/twit promo code TWIT hoxhunt.com/securitynow bitwarden.com/twit veeam.com

Google's new demand for developer registration could spell the end for open-source app stores, while Europe's controversial chat control vote threatens privacy for everyone—Steve and Leo break down what's at stake for devs and users alike. Qantas says no one can releak their stolen data. Brave's usage is up. But is it really 3 times faster. Next Tuesday the EU votes on "Chat Control". Microsoft formally launches a "Security Store". Outlook moves to block JavaScript in SVG's. A new release of Chrome. Gmail will no longer pull external email via POP. Googe Drive starts blocking ransomware encryptions. The UK issues another order to Apple. Researchers create a "Battering RAM" attack device. HackerOne's significant bug bounty payouts. The Imgur service goes dark across the UK. Guess why. The Netherlands plans to say NO to "Chat Control." Discord was breached and government IDs leaked. Salesforce says it's not another new breach. Signal introduces a new post-quantum ratchet. Your motherboard MIGHT support TPM 2.0. Google to force Android app devs to register and pay Show Notes - https://www.grc.com/sn/SN-1046-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: threatlocker.com for Security Now joindeleteme.com/twit promo code TWIT hoxhunt.com/securitynow bitwarden.com/twit veeam.com

Google's new demand for developer registration could spell the end for open-source app stores, while Europe's controversial chat control vote threatens privacy for everyone—Steve and Leo break down what's at stake for devs and users alike. Qantas says no one can releak their stolen data. Brave's usage is up. But is it really 3 times faster. Next Tuesday the EU votes on "Chat Control". Microsoft formally launches a "Security Store". Outlook moves to block JavaScript in SVG's. A new release of Chrome. Gmail will no longer pull external email via POP. Googe Drive starts blocking ransomware encryptions. The UK issues another order to Apple. Researchers create a "Battering RAM" attack device. HackerOne's significant bug bounty payouts. The Imgur service goes dark across the UK. Guess why. The Netherlands plans to say NO to "Chat Control." Discord was breached and government IDs leaked. Salesforce says it's not another new breach. Signal introduces a new post-quantum ratchet. Your motherboard MIGHT support TPM 2.0. Google to force Android app devs to register and pay Show Notes - https://www.grc.com/sn/SN-1046-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: threatlocker.com for Security Now joindeleteme.com/twit promo code TWIT hoxhunt.com/securitynow bitwarden.com/twit veeam.com

Google's new demand for developer registration could spell the end for open-source app stores, while Europe's controversial chat control vote threatens privacy for everyone—Steve and Leo break down what's at stake for devs and users alike. Qantas says no one can releak their stolen data. Brave's usage is up. But is it really 3 times faster. Next Tuesday the EU votes on "Chat Control". Microsoft formally launches a "Security Store". Outlook moves to block JavaScript in SVG's. A new release of Chrome. Gmail will no longer pull external email via POP. Googe Drive starts blocking ransomware encryptions. The UK issues another order to Apple. Researchers create a "Battering RAM" attack device. HackerOne's significant bug bounty payouts. The Imgur service goes dark across the UK. Guess why. The Netherlands plans to say NO to "Chat Control." Discord was breached and government IDs leaked. Salesforce says it's not another new breach. Signal introduces a new post-quantum ratchet. Your motherboard MIGHT support TPM 2.0. Google to force Android app devs to register and pay Show Notes - https://www.grc.com/sn/SN-1046-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: threatlocker.com for Security Now joindeleteme.com/twit promo code TWIT hoxhunt.com/securitynow bitwarden.com/twit veeam.com

Andreas Rossberg unpacks WASM 3.0, covering new capabilities like garbage collection, exception handling, tail calls, and support for 64-bit addressing with multiple memories. The discussion explores deterministic profiles following relaxed sim, WebAssembly's capability-based security model, and advances in sandboxing and module design. Andreas connects these features to practical use cases in JavaScript engines and applications like Google Sheets, then looks ahead to experimental work on threading, stack switching, and async programming models shaping the next phase of the WebAssembly ecosystem. Links Website: https://people.mpi-sws.org/~rossberg GitHub: https://github.com/rossberg Resources WASM 3.0 Completed: https://webassembly.org/news/2025-09-17-wasm-3.0 Chapters 00:00 Intro – Andreas Rossberg and the WebAssembly 3.0 Update 01:05 The State of WebAssembly Today 02:15 Why WebAssembly Exists Beyond the Web 03:20 From WebAssembly 2.0 to 3.0 – What's Actually New 04:30 Garbage Collection: A Game-Changer for Managed Languages 06:00 The Vision of WebAssembly as a Universal Compilation Target 07:40 How GC Support Unlocks Java, Kotlin, and Dart on WASM 09:10 Expanding to 64-bit Memory – Performance and Limits 10:40 WebAssembly for Databases, AI, and LLMs 12:00 Sandboxing and Security by Design 13:10 How Capabilities and Static Analysis Keep WASM Safe 14:30 Multi-Memory Support and Real-World Use Cases 16:00 Developer Ergonomics vs. Specification Purity 17:20 Tail Calls and Functional Programming Benefits 18:40 Function Tables and Secure Indirection 20:00 Exception Handling Finally Arrives 21:10 Determinism, Efficiency, and Why It Matters for Blockchain 22:30 SIMD and Hardware Divergence Across Platforms 24:00 Balancing Portability with Performance 25:20 The Design Philosophy Behind WebAssembly 26:30 Why WASM Rejects Language-Specific Features 27:40 Proposal Process: Who Decides What Gets In 29:00 Browser Vendors and Implementation Challenges 30:10 Early Deployments: GC, Tooling, and Adoption Stories 31:30 Threads, Stack Switching, and the Future of Concurrency 33:00 Async/Await and Coroutines on WebAssembly 34:30 What's Coming Next for WASM Developers 35:40 How to Get Involved – Working Groups and Proposals 37:00 Closing Thoughts and Thanks We want to hear from you! How did you find us? Did you see us on Twitter? In a newsletter? Or maybe we were recommended by a friend? Fill out our listener survey (https://t.co/oKVAEXipxu)! https://t.co/oKVAEXipxu Let us know by sending an email to our producer, Elizabeth, at elizabet.becz@logrocket.com (mailto:elizabeth.becz@logrocket.com), or tweet at us at PodRocketPod (https://twitter.com/PodRocketpod). Follow us. Get free stickers. Follow us on Apple Podcasts, fill out this form (https://podrocket.logrocket.com/get-podrocket-stickers), and we'll send you free PodRocket stickers! What does LogRocket do? LogRocket provides AI-first session replay and analytics that surfaces the UX and technical issues impacting user experiences. Start understanding where your users are struggling by trying it for free at LogRocket.com. Try LogRocket for free today. (https://logrocket.com/signup/?pdr)

Google's new demand for developer registration could spell the end for open-source app stores, while Europe's controversial chat control vote threatens privacy for everyone—Steve and Leo break down what's at stake for devs and users alike. Qantas says no one can releak their stolen data. Brave's usage is up. But is it really 3 times faster. Next Tuesday the EU votes on "Chat Control". Microsoft formally launches a "Security Store". Outlook moves to block JavaScript in SVG's. A new release of Chrome. Gmail will no longer pull external email via POP. Googe Drive starts blocking ransomware encryptions. The UK issues another order to Apple. Researchers create a "Battering RAM" attack device. HackerOne's significant bug bounty payouts. The Imgur service goes dark across the UK. Guess why. The Netherlands plans to say NO to "Chat Control." Discord was breached and government IDs leaked. Salesforce says it's not another new breach. Signal introduces a new post-quantum ratchet. Your motherboard MIGHT support TPM 2.0. Google to force Android app devs to register and pay Show Notes - https://www.grc.com/sn/SN-1046-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: threatlocker.com for Security Now joindeleteme.com/twit promo code TWIT hoxhunt.com/securitynow bitwarden.com/twit veeam.com

Google's new demand for developer registration could spell the end for open-source app stores, while Europe's controversial chat control vote threatens privacy for everyone—Steve and Leo break down what's at stake for devs and users alike. Qantas says no one can releak their stolen data. Brave's usage is up. But is it really 3 times faster. Next Tuesday the EU votes on "Chat Control". Microsoft formally launches a "Security Store". Outlook moves to block JavaScript in SVG's. A new release of Chrome. Gmail will no longer pull external email via POP. Googe Drive starts blocking ransomware encryptions. The UK issues another order to Apple. Researchers create a "Battering RAM" attack device. HackerOne's significant bug bounty payouts. The Imgur service goes dark across the UK. Guess why. The Netherlands plans to say NO to "Chat Control." Discord was breached and government IDs leaked. Salesforce says it's not another new breach. Signal introduces a new post-quantum ratchet. Your motherboard MIGHT support TPM 2.0. Google to force Android app devs to register and pay Show Notes - https://www.grc.com/sn/SN-1046-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: threatlocker.com for Security Now joindeleteme.com/twit promo code TWIT hoxhunt.com/securitynow bitwarden.com/twit veeam.com

A couple of years ago, I tweeted that “the best tech stack is the one you already know.” To this day, this is one of my most resonating tweets. People keep bringing it back, and founders who've been around for a while seem to particularly agree with it. But AI changes things. Or does it?This episode of The Bootstraped Founder is sponsored by Paddle.comThe blog post: https://thebootstrappedfounder.com/the-best-tech-stack-in-the-age-of-ai/ The podcast episode: https://tbf.fm/episodes/417-the-best-tech-stack-in-the-age-of-aiCheck out Podscan, the Podcast database that transcribes every podcast episode out there minutes after it gets released: https://podscan.fmSend me a voicemail on Podline: https://podline.fm/arvidYou'll find my weekly article on my blog: https://thebootstrappedfounder.comPodcast: https://thebootstrappedfounder.com/podcastNewsletter: https://thebootstrappedfounder.com/newsletterMy book Zero to Sold: https://zerotosold.com/My book The Embedded Entrepreneur: https://embeddedentrepreneur.com/My course Find Your Following: https://findyourfollowing.comHere are a few tools I use. Using my affiliate links will support my work at no additional cost to you.- Notion (which I use to organize, write, coordinate, and archive my podcast + newsletter): https://affiliate.notion.so/465mv1536drx- Riverside.fm (that's what I recorded this episode with): https://riverside.fm/?via=arvid- TweetHunter (for speedy scheduling and writing Tweets): http://tweethunter.io/?via=arvid- HypeFury (for massive Twitter analytics and scheduling): https://hypefury.com/?via=arvid60- AudioPen (for taking voice notes and getting amazing summaries): https://audiopen.ai/?aff=PXErZ- Descript (for word-based video editing, subtitles, and clips): https://www.descript.com/?lmref=3cf39Q- ConvertKit (for email lists, newsletters, even finding sponsors): https://convertkit.com?lmref=bN9CZw

I did an interview with Rebecker Specialties' founder Matt Hargett at Meta Connect 2025 about alternative open source and open standards, JavaScript-based pipelines for developing XR applications that he's been working on including React Native for VisionOS, as well as working with NativeScript for VisionOS, and also working to bringing Node API support for React Native. Also be sure to check out his git visualizer Factotum, which is an app that is using some of these alternative production pipelines. Hargett also mentions a couple of recent React Universe Conf talks covering this work including Hermes + Node API: A Match Made in Heaven and Bringing Node-API to React Native. You can also see more context in the rough transcript below. This is a listener-supported podcast through the Voices of VR Patreon. Music: Fatality

In this episode of JavaScript Jabber, I sit down with Dan Shapir and our special guest, Yoni Goldberg, to dive deep into the ever-evolving world of JavaScript testing. Yoni, a consultant who's worked with over 40 organizations to refine developer workflows, shares valuable lessons learned from helping teams design efficient and reliable tests.We explore emerging trends in testing, including the rise of browser-based test runners, the shift from unit testing toward more integration and component testing, and how modern frameworks like Playwright, Vite Test Browser Mode, and Storybook are changing the way developers think about confidence in their code. We also tackle the role of AI in writing and maintaining tests, the pros and cons of mocking vs. real backends, and why contract testing is becoming essential in 2025.If you've ever struggled with flaky end-to-end tests, wondered how to balance speed with confidence, or wanted a clear breakdown of modern testing tools, this conversation will give you practical insights and fresh perspectives to take back to your projects.Links & ResourcesYoni Goldberg's GitHubGoldbergYoni.comBecome a supporter of this podcast: https://www.spreaker.com/podcast/javascript-jabber--6102064/support.

One of our most popular episodes ever was our very first episode with Mike Shady, so we're bringing it back in celebration of our two-year anniversary to make sure everyone has a chance to hear this timeless gold from Mike - because every step up the customer loyalty ladder builds trust, but one misstep can send you crashing to the ground.Join hosts Chuck Moxley and Nick Paladino as they revisit their debut episode featuring Mike Shady, former Senior VP of Online at Lowe's and 15-year Home Depot veteran. Now Chief Digital Officer at Staples, Mike shares hard-earned wisdom about creating frictionless experiences when digital and physical worlds collide. From appliance delivery disasters to JavaScript crashes that break add-to-cart buttons, this episode reveals why being your own customer is essential for identifying friction.Key Actionable Takeaways:Be your own customer and shop your own site regularly - The easiest way to identify friction is to experience your customer journey firsthand, from purchase through deliveryCreate different digital experiences for different customer segments - Pros shop completely differently than DIY customers and need tailored functionality like reorder capabilities and bulk purchasing toolsBuild systems to catch problems before they impact customers - Thousands of things can go wrong with major e-commerce sites, so proactive monitoring and quick recovery capabilities are essentialWant more tips and strategies about creating frictionless digital experiences? Subscribe to our newsletter!https://www.thefrictionlessexperience.com/frictionless/Download the Black Friday/Cyber Monday eBook: http://bluetriangle.com/ebookMike Shady's LinkedIn: https://www.linkedin.com/in/mike-shady/Nick Paladino's LinkedIn: https://linkedin.com/in/npaladinoChuck Moxley's LinkedIn: https://linkedin.com/in/chuck-moxleyChapters:(00:00) Introduction(03:00) Mike's background at Lowe's, Home Depot, and customer-first mentality(06:00) Defining site aesthetics and the importance of functionality(09:00) Being your own customer - The power of shopping your own site(12:00) The customer loyalty ladder analogy - Higher climbs mean harder falls(15:00) Creating separate experiences for pros vs DIY customers(17:00) Measuring impact when all five friction forces are changing(20:00) Real-world example - When releases look great but break checkout(24:00) Success story - Finding and fixing friction that was hiding products(26:00) What companies get wrong - Thinking they know best without testing(28:00) The importance of using customer terminology, not vendor jargon(32:00) Visual search solutions and vocabulary challenges(36:00) JavaScript crash example and site reliability engineering(38:00) Proactive friction identification and conversion funnel improvements(41:00) Common misconceptions about knowing what customers want(43:00) Vendor terminology vs customer language challenges(46:00) Final thoughts on customer focus and being ready for problems(48:00) Conclusion

Artículo de Mediumhttps://medium.com/p/3aa5d738e6ec

Expo SDK 54 and React Native 0.81 are a perfect match—and our hosts Mazen Chami, Frank Calise, and Tyler Williams are here to break it all down. In this episode, they dive deep into everything new in Expo SDK 54, from faster precompiled iOS builds to the sleek Liquid Glass feature and Android 16 support. If you want the complete rundown of what's fresh, powerful, and ready to use in Expo SDK 54, this episode has you covered. Show NotesExpo SDK 54 beta is now availablePrecompiling the Expo SDK for iOSExpo AutolinkingInfinite Red's articlePhil Pluckthun's article Connect With Us!Mazen Chami: @mazenchamiFrank Calise: @frankcaliseTyler Williams: @coolsoftwaredevReact Native Radio: @reactnativerdio This episode is brought to you by Infinite Red!Infinite Red is an expert React Native consultancy located in the USA. With nearly a decade of React Native experience and deep roots in the React Native community (hosts of Chain React and the React Native Newsletter, core React Native contributors, creators of Ignite and Reactotron, and much, much more), Infinite Red is the best choice for helping you build and deploy your next React Native app.

A challenge in modern frontend application design is efficiently fetching and managing GraphQL data while keeping UI components responsive and maintainable. Developers often face issues like over-fetching, under-fetching, and handling complex query dependencies, which can lead to performance bottlenecks and increased development effort. Relay is a JavaScript framework developed by Meta for managing GraphQL data The post Rethinking GraphQL Frontends with Robert Balicki appeared first on Software Engineering Daily.

Feross Aboukhadijeh, founder of Socket, joins us to break down the recent wave of NPM supply chain attacks hitting the JavaScript ecosystem, including how attackers used phishing to target developers, snuck malware into popular packages like Prettier and "is", and even abused tools like Claude, Gemini, and TruffleHog. We dig into how GitHub Actions vulnerabilities were exploited, what makes postinstall scripts risky, and and what you can do to protect yourself from future attacks. Links Website: https://feross.org X: https://x.com/feross GitHub: https://github.com/feross LinkedIn: https://www.linkedin.com/in/feross YouTube: https://www.youtube.com/channel/UCHM4OEvQDUq8UszyUrdov-w Resources npm Author Qix Compromised via Phishing Email in Major Supply Chain Attack: https://socket.dev/blog/npm-author-qix-compromised-in-major-supply-chain-attack Compromised files replace npm packages with a combined 2 billion weekly downloads: https://www.techradar.com/pro/security/compromised-files-replace-npm-packages-with-a-combined-2-billion-weekly-downloads Shai-Hulud: Ongoing Package Supply Chain Worm Delivering Data-Stealing Malware: https://www.wiz.io/blog/shai-hulud-npm-supply-chain-attack Chapters 00:00 Intro: NPM supply chain attacks explained 01:10 What is a software supply chain attack? 02:00 NPM phishing campaign: Fake login pages 03:00 Prettier ecosystem compromised 04:00 The “is” package malware incident 05:30 NX package breach (August 27 attack) 06:40 AI-powered supply chain exploit 08:00 GitHub Actions misconfiguration 12:00 Lessons from recent NPM attacks 20:00 How malicious packages get published 25:00 Why install scripts are so risky 30:00 Limitations of banning install scripts 35:00 Open source maintainer challenges 40:00 Smarter approaches to dependency updates 44:00 The future of open source supply chain security 47:00 Closing thoughts and resources We want to hear from you! How did you find us? Did you see us on Twitter? In a newsletter? Or maybe we were recommended by a friend? Fill out our listener survey (https://t.co/oKVAEXipxu)! Let us know by sending an email to our producer, Em, at emily.kochanek@logrocket.com (mailto:emily.kochanek@logrocket.com), or tweet at us at PodRocketPod (https://twitter.com/PodRocketpod). Follow us. Get free stickers. Follow us on Apple Podcasts, fill out this form (https://podrocket.logrocket.com/get-podrocket-stickers), and we'll send you free PodRocket stickers! What does LogRocket do? LogRocket provides AI-first session replay and analytics that surfaces the UX and technical issues impacting user experiences. Start understanding where your users are struggling by trying it for free at LogRocket.com. Try LogRocket for free today. (https://logrocket.com/signup/?pdr) Special Guest: Feross Aboukhadijeh.

Are you burning out trying to handle every part of your business solo? In this insightful episode of It's The Bottom Line that Matters, cohosts Jennifer Glass and Patricia Reszetylo dive deep into the hidden costs—and overlooked dangers—of doing it all yourself as an entrepreneur.Jennifer and Patricia bring refreshing honesty as they share personal stories of undercharging, overcommitting, and learning the hard way how essential it is to outsource or delegate. You'll hear why trying to save money by shouldering every task yourself can actually drain your time, wear down your confidence, and stunt your business's growth. From failing at JavaScript to wrestling with design, and even the pros and cons of using AI tools like ChatGPT, the hosts illustrate how knowing your limits and strategically seeking help can unlock more freedom and productivity.This conversation goes beyond cliché advice. Jennifer and Patricia get real about perfectionism, trust, and the power of focusing on your true strengths. You'll get practical wisdom for finding balance between hands-on learning and knowing when it's smarter to invest in outside expertise. The emotional payoff? Less stress and guilt, more time for what matters, and the growth that comes from letting go.Speaker Bios:Jennifer Glass opens up about her journey from massively undercharging and taking on every element of a client project herself, to shifting her approach, leveraging better tools, and setting healthy boundaries. Jennifer's reflective, solution-focused perspective encourages listeners to value their expertise and make smarter choices for sustained success.Patricia Reszetylo brings a grounded, practical angle, sharing vivid stories of technical struggles and the relief found in recognizing her limits. Patricia's insights emphasize the importance of self-awareness, knowing when to seek guidance, and the emotional freedom that comes with smart delegation.Keywords: small business, entrepreneur tips, outsourcing, business growth, time management, Jennifer Glass, Patricia Reszetylo, business podcast, entrepreneurial advice, productivity, solo entrepreneurship, delegation strategies, business owner burnout, ChatGPT for business, business efficiency

A challenge in modern frontend application design is efficiently fetching and managing GraphQL data while keeping UI components responsive and maintainable. Developers often face issues like over-fetching, under-fetching, and handling complex query dependencies, which can lead to performance bottlenecks and increased development effort. Relay is a JavaScript framework developed by Meta for managing GraphQL data The post Rethinking GraphQL Frontends with Robert Balicki appeared first on Software Engineering Daily.

In this episode of JavaScript Jabber, I sit down with Ryan Carniato, creator of SolidJS, and Tanner Linsley, the force behind TanStack, for a deep-dive conversation on the resurgence of Remote Procedure Calls (RPC) in modern web development. We explore why RPC is making a comeback, how frameworks like Solid, TanStack, and others are shaping the way we think about data fetching, and the technical innovations that are driving this movement forward.From streaming and serialization to type safety and the future of client-server communication, Ryan and Tanner share their experiences, insights, and the unique challenges they've faced building cutting-edge tools for developers. If you've been curious about where RPC fits in today's frameworks—or just love geeking out about performance, signals, and developer experience—this is one episode you won't want to miss.Links & ResourcesRyan Carniato on SolidJSTanStack (React Query, Router, Table, and more)Sentry – where Ryan is currently workingCreate TanStackSolidJS DiscordRyan CarniatoRyan Carniato is the creator of SolidJS, a high-performance JavaScript framework built on fine-grained reactivity. He's also a Senior Software Engineer at Sentry, where he explores new approaches to front-end architecture and developer experience. Through his open-source contributions, talks, and in-depth content, Ryan has become a trusted voice in the web development community, helping developers think differently about building fast, reactive applications.Tanner LinsleyTanner Linsley is the founder of TanStack, the home of widely adopted open-source libraries like TanStack Query (formerly React Query), TanStack Router, Table, Virtual, and more. A full-time open-source entrepreneur, Tanner has redefined how developers manage state, caching, and data fetching in modern applications. With a focus on performance, simplicity, and type safety, his tools power some of the most advanced applications on the web today.Become a supporter of this podcast: https://www.spreaker.com/podcast/javascript-jabber--6102064/support.

This week we talk to Zoltan Kochan, the lead maintainer of PNPM, a package manager for JavaScript. PNPM revolutionized the way we install dependencies in the JavaScript ecosystem with it's speed and focus on DX. Come join us as we talk about the origins of PNPM, the technical details of how it works, and the future of package management.https://github.com/zkochanhttps://www.linkedin.com/in/zkochan/https://pnpm.io/https://github.com/pnpm/pnpmhttps://www.kochan.io/

This is a recap of the top 10 posts on Hacker News on September 19, 2025. This podcast was generated by wondercraft.ai (00:30): Trump to impose $100k fee for H-1B worker visas, White House saysOriginal post: https://news.ycombinator.com/item?id=45305845&utm_source=wondercraft_ai(01:53): Help us raise $200k to free JavaScript from OracleOriginal post: https://news.ycombinator.com/item?id=45297066&utm_source=wondercraft_ai(03:16): Ruby Central's Attack on RubyGems [pdf]Original post: https://news.ycombinator.com/item?id=45299170&utm_source=wondercraft_ai(04:39): I regret building this $3000 Pi AI clusterOriginal post: https://news.ycombinator.com/item?id=45302065&utm_source=wondercraft_ai(06:02): Ask HN: Has anyone else been unemployed for over two years?Original post: https://news.ycombinator.com/item?id=45306539&utm_source=wondercraft_ai(07:25): Ants that seem to defy biology – They lay eggs that hatch into another speciesOriginal post: https://news.ycombinator.com/item?id=45300865&utm_source=wondercraft_ai(08:48): NostrOriginal post: https://news.ycombinator.com/item?id=45298336&utm_source=wondercraft_ai(10:11): Disney+ cancellation page crashes as customers rush to quitOriginal post: https://news.ycombinator.com/item?id=45308558&utm_source=wondercraft_ai(11:34): Internal emails reveal Ticketmaster helped scalpers jack up prices, FTC saysOriginal post: https://news.ycombinator.com/item?id=45305042&utm_source=wondercraft_ai(12:57): Trevor Milton's Nikola case dropped by SEC following Trump pardonOriginal post: https://news.ycombinator.com/item?id=45302220&utm_source=wondercraft_aiThis is a third-party project, independent from HN and YC. Text and audio generated using AI, by wondercraft.ai. Create your own studio quality podcast with text as the only input in seconds at app.wondercraft.ai. Issues or feedback? We'd love to hear from you: team@wondercraft.ai

This week, Mazen is joined by Infinite Red teammates Frank Calise and Tyler Williams to unpack everything included in the huge React Native 0.81 release. They cover Android 16 support, precompiled iOS builds, and many other updates! Show NotesReact Native 0.81 Blog ArticleExpo SDK 54 Beta Blog Article Connect With Us!Mazen Chami: @mazenchamiFrank Calise: @frankcaliseTyler Williams: @coolsoftwaredevReact Native Radio: @reactnativerdio This episode is brought to you by Infinite Red!Infinite Red is an expert React Native consultancy located in the USA. With nearly a decade of React Native experience and deep roots in the React Native community (hosts of Chain React and the React Native Newsletter, core React Native contributors, creators of Ignite and Reactotron, and much, much more), Infinite Red is the best choice for helping you build and deploy your next React Native app.

Traditional package management systems for JavaScript have faced several inefficiencies related to dependency storage, resolution, and project performance. pnpm is a fast, disk-efficient package manager for JavaScript and TypeScript projects, serving as an alternative to npm and Yarn. Due to its efficiency and reliability, pnpm is increasingly popular for managing monorepos and large-scale applications. Zoltan The post pnpm with Zoltan Kochan appeared first on Software Engineering Daily.

Will Sentance, Founder at Codesmith and Visiting Fellow at Oxford University, explores why empathy is a foundational skill in engineering. He explains how empathetic interactions are core to building software, teams, and the trust necessary to scale tech-based companies. Will reflects on Codesmith's mission to empower people through thoughtful communication in a non-hierarchical learning environment. He describes how empathy, as a relational tool, expands technologists' critical communication capabilities driving clarity and collaboration, propelling their careers.     TAKEAWAYS     [00:26] Will is drawn to the intersection of analytical and intuitive disciplines from early education.   [01:45] Will feels a deep sense of possibility through his PPE studies and aims to pass that on.   [03:05] A mentor at Oxford influences Will's brief foray into international relations at the UN.   [04:30] Not suited to be an employee, Will seeks autonomy and creative power in software engineering.   [06:00] Will finds software to be materially satisfying and empowering as a pathway to opportunity.     [07:20] A surprising response to an early JavaScript workshop reveals his teaching clarity.   [08:15] Struggling to understand complex concepts helps Will become a better educator.   [09:30] Codesmith is founded to be an alternative path to power by mastering technology.   [10:20] Teaching coding is not just technical but an empowerment vehicle for long-term careers.   [11:40] Thoughtful communication at CodeSmith recognizes others' knowledge and emotional states.   [13:00] Empathy is about adapting communication to another person's experience.   [14:30] Coding success requires explaining systems clearly—communication is as vital as code.   [16:10] Leaders like Sam Altman show that technical communication drives modern tech leadership.   [17:45] CodeSmith uses pair programming to instill empathy through precise verbal technical articulation.   [19:00] Empathy begins with self-understanding and is trained through iterative collaboration.   [20:20] Breaking down code for others builds resilience and fosters a capacity to learn continuously.   [21:45] How different learning speeds and imposter syndrome are combatted by sharing struggles.   [23:00] Codesmith instructors are alumni because lived experience cultivates trust and relatability with students.   [24:20] Will's Oxford Fellowship explores how certain skills drive opportunity in an AI-transformed job market.   [25:50] The real skill is learning how to learn and explain complex ideas using unfamiliar tools.   [27:15] Codesmith interviews measure communication, problem-solving, and how applicants handle the unknown.   [28:30] The focus is on cultivating capacities, not just teaching frameworks or programming languages.   [29:40] Engineers and non-technical people alike must build clear, empathetic communication skills.   [30:55] Workshops for non-programmers empower leaders to engage confidently with technical concepts.   [32:00] Empathetic leadership respects team members' potential rather than relying on rules-bound oversimplification.   [34:20] Scaling AI must be matched with scaling human trust across teams and organizations.   [36:00] Will warns against systems that machines understand but humans cannot, which risks alienation.   [37:30] Open-source tools preserve accessibility and transparency in a fast-moving tech landscape.   [38:45] Many leaders are not engaging with AI tools, missing key learning and leadership opportunities.   [40:10] Building the engineering mindset—problem-solving and communication—without coding.   [41:30] Struggle is not a problem in learning; it is the engine of understanding and growth.   [42:40] Empathetic development depends on trusted relationships and cannot be scaled without sincere human investment.   [44:00] IMMEDIATE ACTION TIP: Deep learning happens through struggle which takes place in trust-based environments, so build trusting relationships to facilitate learning.     RESOURCES   Will Sentence on LinkedIn Codesmith's website     QUOTES   "The hardest part of coding isn't writing code—it's explaining code to others so that they can also either build it, understand it, or write it themselves." "Struggle is not a bug—it's the engine of growth." "We train empathy like nothing else in the program. We train it through pair programming." "You can't scale trust with AI. You need humans to scale trust." "We've even called it empathetic engineering at times. One of the principles of Codesmith is grow others even before yourselves." "It is not how vibey you are. It is not how chummy you are. It's pure and simply, can you precisely walk through based on the understanding of another person?" "Breaking something down means that I can have clarity about how I'm thinking about it, and therefore I can then build it up for you." "Struggle-based growth depends on someone else saying, ‘You're important to me enough that I'm going to invest in you.'”  

Cybersecurity Worms, Steganography Attacks, Municipal Cyber Incidents and More... In this episode of Cybersecurity Today, host Jim Love delves into multiple cybersecurity threats affecting the tech landscape. He discusses the 'Shai Hulud' worm, which has infiltrated over 187 JavaScript libraries on NPM, exploiting developer tokens for spread, including those maintained by CrowdStrike. Love explains practical but challenging measures to mitigate such threats. He also explores steganography's role in hiding malicious scripts within seemingly benign image files, urging vigilance against embedding hidden commands. Additionally, the episode covers a cyber incident in Yellowknife, causing severe disruptions to municipal services and emphasizing the importance of cyber hygiene and support from higher government levels. Lastly, Jim examines how a Windows 11 patch has created a new vulnerability, stressing the need for enhanced monitoring and quick updates. 00:00 Introduction and Overview 00:21 The Shy Ude Worm: A New Threat 02:19 Steganography: Hiding in Plain Sight 05:30 Cybersecurity Incident in Yellowknife 07:24 Microsoft's Patch Problems 08:27 Conclusion and Contact Information

In this episode of The Cybersecurity Defenders Podcast, we discuss some intel being shared in the LimaCharlie community.A high-profile phishing incident has resulted in the compromise of several widely-used JavaScript packages on npm, after a developer known as "Qix" inadvertently clicked a malicious link from a fake support email.Multiple undersea cable cuts in the Red Sea have led to degraded internet connectivity across the Middle East and South Asia, affecting key infrastructure and cloud services.North Korean-aligned threat actors operating under the Contagious Interview campaign have been systematically abusing cyber threat intelligence (CTI) platforms to monitor exposure of their own infrastructure and scout for new assets.Researchers from Ontinue have detailed a sophisticated phishing campaign leveraging the Salty2FA phishing kit - a framework that reflects how cybercriminal tooling is increasingly mimicking enterprise-grade software in terms of design, capability, and operational maturity.Support our show by sharing your favorite episodes with a friend, subscribe, give us a rating or leave a comment on your podcast platform.This podcast is brought to you by LimaCharlie, maker of the SecOps Cloud Platform, infrastructure for SecOps where everything is built API first. Scale with confidence as your business grows. Start today for free at limacharlie.io.

Chas Jhin, Director of Engineering for Discord, joins our hosts to unpack Discord's adoption of React Native. Chas opens up about Discord's experience adopting React Native, performance challenges, and the New Architecture. Show NotesDiscord's Switch Android to React Native (2022)Supercharging Discord Mobile (2025)Achieving Native iOS performance with React Native (2019) React Native Mornings Connect With Us!Chas Jhin: @chasjhinJamon Holmgren: @jamonholmgrenRobin Heinze: @robinheinzeMazen Chami: @mazenchamiReact Native Radio: @reactnativerdio This episode is brought to you by Infinite Red!Infinite Red is an expert React Native consultancy located in the USA. With nearly a decade of React Native experience and deep roots in the React Native community (hosts of Chain React and the React Native Newsletter, core React Native contributors, creators of Ignite and Reactotron, and much, much more), Infinite Red is the best choice for helping you build and deploy your next React Native app.

Crypto News: Crypto users urged to take extreme care as NPM attack hits core JavaScript libraries. SwissBorg hacked for $41M SOL after third-party API compromise. CoinShares to go public in the US through $1.2B SPAC merger. HashKey launches $500M digital asset treasury fund in Hong Kong.Show Sponsor -

Chris and Stephen hop on the podcast to discuss the concept of a proxy. Possibly the most "gray hat" thing that CodePen does. We use a third-party analytics tool called Fullres. We could just put a link to the necessary to make that work directly to fullres.com, but being an analytics tool, it's blocked by a ton of ad blocking browsers and browser extensions. We made the conscious choice to have that point to a codepen.io URL instead (a proxy) so that we get (much) more accurate usage data on the app. Since there is nothing tracked that is an anonymity concern, and we do nothing with the data other than help inform ourselves on how to make a better app, we wear this gray hat. If you'd still like to block these requests, the path would be https://codepen.io/stats/fr/* Time Jumps

Alexander Lichter joins the podcast to talk about Rolldown, a bundler built in Rust by Void Zero that aims to replace Rollup and ESBuild with faster builds and better enterprise scalability. He dives into the power of OXC and Oxlint, the push toward a unified JavaScript toolchain, and previews what to expect at ViteConf 2024. Links X: https://x.com/TheAlexLichter Website: https://www.lichter.io Mastodon: https://hachyderm.io/@manniL GitHub: https://github.com/manniL YouTube: https://www.youtube.com/@TheAlexLichter Twitch: https://www.twitch.tv/TheAlexLichter LinkedIn: https://www.linkedin.com/in/alexanderlichter Resources Rolldown: How Vite Bundles at the Speed of Rust: https://squiggleconf.com/2025/sessions#rolldown-how-vite-bundles-at-the-speed-of-rust Rolldown: https://rolldown.rs Rolldown-vite migration: https://vite.dev/guide/rolldown Oxlint Type Aware linting (preview) announcement: https://oxc.rs/blog/2025-08-17-oxlint-type-aware.html ViteConf: https://viteconf.amsterda Benchmarks: Minifier: https://github.com/privatenumber/minification-benchmarks Linter: https://github.com/oxc-project/bench-javascript-linter Parser: https://github.com/oxc-project/bench-javascript-parser-written-in-rust Transformer: https://github.com/oxc-project/bench-transformer/ Bundler: https://github.com/rolldown/benchmarks Chapters We want to hear from you! How did you find us? Did you see us on Twitter? In a newsletter? Or maybe we were recommended by a friend? Fill out our listener survey (https://t.co/oKVAEXipxu)! Let us know by sending an email to our producer, Em, at emily.kochanek@logrocket.com (mailto:emily.kochanek@logrocket.com), or tweet at us at PodRocketPod (https://twitter.com/PodRocketpod). Follow us. Get free stickers. Follow us on Apple Podcasts, fill out this form (https://podrocket.logrocket.com/get-podrocket-stickers), and we'll send you free PodRocket stickers! What does LogRocket do? LogRocket provides AI-first session replay and analytics that surfaces the UX and technical issues impacting user experiences. Start understanding where your users are struggling by trying it for free at LogRocket.com. Try LogRocket for free today. (https://logrocket.com/signup/?pdr) Special Guest: Alexander Lichter.

From YARA Offsets to Virtual Addresses Xavier explains how to convert offsets reported by YARA into offsets suitable for the use with debuggers. https://isc.sans.edu/diary/From%20YARA%20Offsets%20to%20Virtual%20Addresses/32262 Phishing via JavaScript in SVG Files Virustotal uncovered a Colombian phishing campaign that takes advantage of JavaScript in SVG files. https://blog.virustotal.com/2025/09/uncovering-colombian-malware-campaign.html FreePBX Patches FreePBX released details regarding two vulnerabilities patched last week. One of these vulnerabilities was already actively exploited. https://github.com/FreePBX/security-reporting/security/advisories/GHSA-3r47-p39v-vqqf