Launching 12in12.io, Dependency Confusion Attack, and Conventional Commits
[00:02:42] Andrew does a follow up from last week when he talked about moving and archiving repos and he gives an update. Jason tells us problems they’ve had with Dependabot.
[00:05:36] We learn about Andrew perfecting a gem release workflow and using Conventional Commits.
[00:09:43] Chris was busy this week and he tells us about a live stream he did with Freek Van der Herten, who created an app called Ray.
[00:13:15] Find out about the product streaming Chris did with 12in12.io and how he did a zoom call to talk about job boards and domaining with Jon Hainstock and Peter Askew. Peter is famous for the VidaliaOnions.com domain he bought, which is an interesting story you really need to read about. Jason and Chris talk about job postings for junior developers.
[00:16:04] Chris tells us what kind of job boards he’s wanting to do, and Jason and Andrew talk about job postings and some within their companies as well. Andrew shares a story of how he was hired as an intern at his company which he thought was a great way to start, and how companies should hire juniors.
[00:22:42] Andrew stresses how teaching others is how you learn the best, which is why hiring juniors is a benefit, and Chris shares his thoughts as well.
[00:27:42] Andrew asks the guys if they heard about the “Dependency Confusion” attack that was going around on the Interwebs this week and talks about a GitHub blog article that explains how to prevent this with NPM.
[00:31:36] Andrew talks about Diffend, a free service to help make sure your Ruby dependencies are secure.
[00:32:15] Jason tells us he finished the course and launched it so go buy it! Chris and Jason discuss about making videos, re-recording, and editing them.
[00:41:06] Jason explains to us what a recurring rotation does.
[00:47:08] Chris gives us information if you want to join in on 12in12.io.
Panelists:
Jason Charnes
Chris Oliver
Andrew Mason
Sponsor:
Links:
Fix gem name in release action-andrewmcodes-GitHub
Creating a Ruby gem for Ray-LiveStream with Freek Van der Herten and Chris Oliver
Debug with Ray to fix problems faster=GitHub
Avoiding npm substitution attacks-The GitHub Blog
3 Ways to Mitigate Risk When Using Private Package Feeds-Microsoft Azure