Kebab has already been skewered? 😝
IndieWeb post types
This content type is full of IndieWeb post types, which are all content types which allow me to take greater ownership of my own data. These are likely unrelated to my blog posts. You can find a better breakdown by actual post kind below:
Between and I took 5010 steps.
Listened to
Just on the rocks (Changelog & Friends #98)

Post details
Jerod tells Adam about how bad he hates the taste of Gin, sips on some Generative A Rye (on the rocks), they open the comments section for a bit, and then land the plane talking about being alone, naked, and afraid.
Between and I took 4355 steps.
Listened to
Engineering Enablement by Abi Noda | Snowflake’s playbook for operational excellence

Post details
In this episode, Abi Noda speaks with Gilad Turbahn, Head of Developer Productivity, and Amy Yuan, Director of Engineering at Snowflake, about how their team builds and sustains operational excellence. They break down the practices and principles that guide their work—from creating two-way...

Between and I took 10897 steps.
Listened to
Open Source Security: Package URLs with Philippe Ombredanne

Post details
I'm joined by Philippe Ombredanne, creator of the Package URL (PURL), to discuss the surprisingly complex and messy problem of simply identifying open source software packages. We dive into how PURLs provide a universal, common-sense standard that is becoming essential for the future of SBOMs and securing the software supply chain. The show notes and blog post for this episode can be found at
Listened to
https://www.youtube.com/watch?v=FDEUzE8KJmo
.
Liked
kat cosgrove (@kat.lol)
Post details
If you, a business, are reliant on an open source project to function it is YOUR responsibility to assess and ensure the health of that project by either contributing to it yourself or by using an alternative if project health cannot be guaranteed.
Listened to
Fork Around And Find Out | Creating YAML with Ingy döt Net

Post details
Today's history lesson is about the non-markup language platform engineers love to hate, YAML Ain't Markup Language (YAML). Ingy tells us all about how and why it started, how it evolved over time, and what's happening next with YS. Note: sorry about the audio issues in this episode. We did our...

Between and I took 7221 steps.
I have finished reading
Sunrise on the Reaping
by
(isbn:9780702340581)
Post details

Liked
Hazel Weakly (@hazelweakly.me)
Post details
I love this and I’m stoked about this, but I feel for OSS communities that don’t have the outsized impact and leverage of CNCF. This wouldn’t have happened to anyone else, I suspect [contains quote post or other embedded content]
Between and I took 3309 steps.
Liked
Kefimochi 👏 HIRE ME 👏 (@kefimochi.bsky.social)
Post details
I have never passed a single LeetCode-type interview. Because I didn't ever have to use this skill professionally & consider it ridiculous in the first place. That said, I have this interview today & I didn't have enough time to prepare. Yolo 🤪 Failing is still practice!
Listened to
The CEO of htmx likes codin' dirty featuring Carson Gross (Changelog Interviews #646)

Post details
Jerod is joined by Carson Gross, the creator of htmx –a small, zero-dependency JavaScript library that he says, "completes HTML as a hypertext". Carson built it because he's big on hypermedia, he even wrote a book called Hypermedia Systems. Carson has a lot of strong opinions weakly held that we dive into in this conve...
Between and I took 7366 steps.
Liked
If a note can be public, it should be
by
Post details
A few years ago, I quietly adopted a small principle that has changed how I think about publishing on my website. It's a principle I've been practicing for a while now, though I don't think I've ever …
Between and I took 2407 steps.
Liked
GitHub - charmbracelet/fang: The CLI starter kit

Post details
The CLI starter kit. Contribute to charmbracelet/fang development by creating an account on GitHub.
Listened to
How to Secure the Software Supply Chain by The Tech Trek

Post details
In this episode of The Tech Trek, Amir sits down with Matt Moore, CTO and co-founder of Chainguard, to explore the escalating importance of software supply chain security. From Chainguard’s origin story at Google to the systemic risks enterprises face when consuming open source, Matt shares the lessons, best practices, and technical innovations that help make open source software safer and more reliable. The conversation also touches on AI’s impact on the attack surface, mitigating threats with engineering rigor, and why avoiding long-lived credentials could be your best defense.🔑 Key Takeaways:Security Starts with Engineering: Doing engineering right makes security (and even compliance) much easier.Control the Full Chain: Building from source and applying best practices at every build stage significantly reduces exposure to CVEs.Attackers Exploit the Edges: Most attacks start small—with a leaked credential or compromised dependency—and cascade through the ecosystem.AI Introduces New Vectors: As AI tools integrate deeper into dev workflows, they bring both value and new risks that require thoughtful containment.You Can’t Leak What You Don’t Have: Eliminating long-lived credentials is one of the simplest and most effective ways to reduce breach risk.⏱ Timestamped Highlights:00:45 – What Chainguard does: securing open source consumption and curating safe containers.02:56 – Chainguard’s origin story and co-founders’ experience at Google.06:50 – Building minimal, hardened container images from source to mitigate CVEs.09:40 – Real-world example: how compiler hardening flags protected Chainguard from a high-severity CVE.10:59 – The invisible sprawl of open source in enterprise stacks—from Kubernetes to AWS SDKs.15:45 – How leaked credentials power cascading supply chain attacks.22:30 – “You can't leak what you don't have”: Chainguard's credential-less auth approach.24:30 – Most breaches come from known vulnerabilities—not zero-days.25:38 – AI and security: new use cases, new threats, and the need for explainability.30:41 – AI adoption in enterprises: security best practices still apply, just to new tools and risks.34:43 – Learn more at chainguard.dev and explore hardened images at images.chainguard.dev.💼 Career Tips (from the episode):Don’t wait for zero-days: Most real-world breaches stem from unpatched, well-known vulnerabilities. Ship secure, stay patched.Build from source: If you're in a security or DevOps role, aim to build and control your stack from the source code up—this provides auditability and trust.Engineering rigor is a differentiator: Whether you're launching a startup or working in enterprise tech, applying fundamental engineering principles helps you scale securely.📚 Resources Mentioned:🛡️ OpenSSF Projects – e.g., SIGstore, Scorecards, SLSA.🛠 Projects Mentioned: Kubernetes, Istio, Flux, Tekton, Cert-Manager, Cloud Code.💬 Quote of the Episode:“If you do engineering right, security becomes easier. And if you do security right, compliance becomes easier.” — Matt Moore

Listened to
Shipping 22 products to find the true product - Utpal from Digger.dev - Scaling DevTools

Post details
Utpal Nadiger is the cofounder of Digger.dev. Digger built a popular open source IaC orchestration tool. Their new product Infrabase is an AI DevOps agent that ...

Between and I took 7145 steps.
Listened to
Demystifying Cyber Resilience and the Tools That Help | Open at Intel
by

Post details
In this episode, Michael Lieberman, Co-founder and CTO of Kusari, walks us through the intersection of open source software and security. We discuss Mike's extensive involvement in OpenSSF projects like SLSA and GUAC, which provide essential frameworks for securing the software development life cycle (SDLC) and managing software supply chains. He explains how these tools help verify software provenance and manage vulnerabilities. Additionally, we explore regulatory concerns such as the Cyber Resilience Act (CRA) and the vital role of the recently released Open SSF Security Baseline (OSPS Baseline) in helping organizations comply with such regulations. Mike also shares insights into the evolution of open source security practices, the importance of reducing complexity for developers, and the potential benefits of orchestrating security similarly to Kubernetes. We conclude with a look at upcoming projects and current pilots aiming to simplify and enhance open source security. 00:00 Introduction and Guest Welcome 00:19 Mike's Background and Role in Open Source 01:35 Exploring SLSA and GUAC Projects 04:57 Cyber Resiliency Act Overview 06:54 OpenSSF Security Baseline 11:29 Encouraging Community Involvement 18:39 Final Thoughts Resources: OpenSSF's OSPS Baseline GUAC SLSA KubeCon Keynote: Cutting Through the Fog: Clarifying CRA Compliance in C... Eddie Knight & Michael Lieberman Guest: Michael Lieberman is co-founder and CTO of Kusari where he helps build transparency and security in the software supply chain. Michael is an active member of the open-source community, co-creating the GUAC and FRSCA projects and co-leading the CNCF’s Secure Software Factory Reference Architecture whitepaper. He is an elected member of the OpenSSF Governing Board and Technical Advisory Council along with CNCF TAG Security Lead and an SLSA steering committee member.

Listened to
Giving developers what they want with Deepak Prabhakara - Scaling DevTools

Post details
Deepak Prabhakara is the CEO and Co-founder of BoxyHQ. BoxyHQ enables you to add plug-and-play enterprise-ready features to your SaaS product.What we coverAn in...

Listened to
Open Source Security: Hobbyist Maintainers with Thomas DePierre

Post details
Thomas DePierre joins Open Source Security to discuss the central idea from his blog post, "You are all on the hobbyist maintainers turf now," exploring the massive disconnect between the corporate world that consumes open source and the hobbyist community that actually produces it. The conversation reveals this isn't a new problem, but a long-standing reality whose consequences for security, stability, and the future of software we are only now beginning to truly confront. The show notes and blog post for this episode can be found at
Between and I took 2840 steps.
Liked
JP (@justinpoliachik.com)
Post details
Goofiness is by far the most underrated green flag trait I just want people I can goof off with, vibe out, have a good time and not care about what others might think Crazy how rare that is tho
Listened to
Cup o' Go | Agentic workflows and AI firewalls, so pretty much cancelling ourselves out

Post details
Don't forget to visit cupogo dot dev, where you can find links to all the things!🤖 Ezo Saleh - How We Built Rock-Solid Agentic Orchestration with Go🔥 Anubis🥨 Godump - pretty printer🪳 gcassert💧 isLitOrSingle

Liked
The New Stack (@thenewstack.io)

Post details
✨ Author Spotlight: Jennifer Riggins ✨ She’s never written a line of code — and that’s her superpower. With a background in journalism and a career shaped by dev storytelling, @jkriggins.bsky.social helps bridge the gaps between developers, business leaders, and everyday users.
Liked
Lars (@lars-ellingsen.dev)
Post details
Zulip may be a good alternative
Listened to
Killing features with Josh Twist, founder of Zuplo - Scaling DevTools

Post details
Josh Twist is the founder of Zuplo, an API gatewayIntroducing Josh Twist, the founder of Zuplo. 0:00Zuplo vs Azure API management.How do you make this fit into ...

Liked
Carol 🪩 (@carol.gg)

Post details
big up for the monzo pals on stage at #LDX3 #LeadDev ✨
Listened to
Developer onboarding with Kilian from Polypane - Scaling DevTools

Post details
How do you do onboarding in a way developers actually like?Kilian is the founder of Polypane - The browser for ambitious web developers https://polypane.app/Kil...

Listened to
Scaling DevTools

Post details
Lessons from 100+ DevTool founders - DevTools successes, failures and stories in a free weekly email and podcast.

Between and I took 6960 steps.
Liked
Corey Quinn (@quinnypig.com)
Post details
Came for the democracy, stayed for the systemd [contains quote post or other embedded content]
Listened to
Saltiness about frostiness with Justin Searls (Changelog & Friends #97)

Post details
Justin Searls joins Jerod in Apple's WWDC wake for hot takes about frosty UIs. We go (almost) point-by-point through the keynote, dissecting and reacting along the way. Concentricity!
Liked
The Nuanced Writer (@skriptble.me)
Post details
Just finished mastering episode 24 of @fallthrough.fm, which is actually our 25th episode since our first was episode 0. For one, I’m amazed that we’ve been able to not only ship 25 episodes, but also do so every week (on the same weekday with a couple exceptions).
Listened to
Cloud Native Compass | The Future of Sustainability in Open Source

Post details
The Future of Sustainability in Open Source Can open source ever truly be sustainable?In this mind-bending episode, Hazel Weakly guides us through the social, economic, and emotional layers of open...

Liked
Justin Garrison (@justingarrison.com)
Post details
I wonder how many people at #nokings protests today didn't show up at the polls last year If you want democracy, you have to vote
Between and I took 2946 steps.
Liked
Roscoe Rubin-Rottenberg (@knotbin.com)
Post details
Please answer the question again. I should remind you, you are under OAuth.