Launching, Dependency Confusion Attack, and Conventional Commits

[00:02:42] Andrew does a follow up from last week when he talked about moving and archiving repos and he gives an update. Jason tells us problems they’ve had with Dependabot.

[00:05:36] We learn about Andrew perfecting a gem release workflow and using Conventional Commits.

[00:09:43] Chris was busy this week and he tells us about a live stream he did with Freek Van der Herten, who created an app called Ray.


[00:13:15] Find out about the product streaming Chris did with and how he did a zoom call to talk about job boards and domaining with Jon Hainstock and Peter Askew. Peter is famous for the domain he bought, which is an interesting story you really need to read about. Jason and Chris talk about job postings for junior developers.  

[00:16:04] Chris tells us what kind of job boards he’s wanting to do, and Jason and Andrew talk about job postings and some within their companies as well. Andrew shares a story of how he was hired as an intern at his company which he thought was a great way to start, and how companies should hire juniors. 


[00:22:42] Andrew stresses how teaching others is how you learn the best, which is why hiring juniors is a benefit, and Chris shares his thoughts as well. 

[00:27:42] Andrew asks the guys if they heard about the “Dependency Confusion” attack that was going around on the Interwebs this week and talks about a GitHub blog article that explains how to prevent this with NPM.


[00:31:36] Andrew talks about Diffend, a free service to help make sure your Ruby dependencies are secure.

[00:32:15] Jason tells us he finished the course and launched it so go buy it!  Chris and Jason discuss about making videos, re-recording, and editing them.

[00:41:06] Jason explains to us what a recurring rotation does.

[00:47:08] Chris gives us information if you want to join in on


Jason Charnes

Chris Oliver

Andrew Mason




Fix gem name in release action-andrewmcodes-GitHub 

Conventional Commits

Release Please Action-GitHub

Creating a Ruby gem for Ray-LiveStream with Freek Van der Herten and Chris Oliver

Debug with Ray to fix problems faster=GitHub

Avoiding npm substitution attacks-The GitHub Blog

3 Ways to Mitigate Risk When Using Private Package Feeds-Microsoft Azure

“Dependency Confusion: How I Hacked Into Apple, Microsoft and Dozens of Other Companies,” by Alex Birsan

Interactive Rails with StimulusReflex-Jason Charnes course

Deep South Ventures- “I sell onions on the Internet”-Peter Askew

1 week, 2 days ago 0
Login to Add New Comment
No comments have been posted yet, be the first one to comment.