24 February 2022 · 808 words · 4 mins
As conflict erupts in Ukraine, destructive wiper malware targeting critical infrastructure signals a new chapter in state-sponsored cyber operations.
17 February 2022 · 774 words · 4 mins
The Linux Foundation’s new Alpha-Omega Project, backed by Google and Microsoft, aims to systematically improve the security of critical open source software.
10 February 2022 · 676 words · 4 mins
NVIDIA’s $40 billion bid for ARM has officially fallen apart under regulatory pressure, and the implications for the semiconductor landscape are enormous.
3 February 2022 · 1014 words · 5 mins
DeepMind’s AlphaCode system achieves competitive-level performance in programming contests, raising questions about what AI can and can’t do in software engineering.
27 January 2022 · 1008 words · 5 mins
Terraform 1.1 brings refactoring support and moved/imported blocks, signaling that Infrastructure as Code tooling is growing up.
20 January 2022 · 1017 words · 5 mins
The Faster CPython project, backed by Microsoft and led by Guido van Rossum, is shipping real performance gains in Python 3.11 alpha.
13 January 2022 · 955 words · 5 mins
The White House convened tech leaders to address open source security after Log4Shell. Here’s what was discussed and what it means for developers.
6 January 2022 · 951 words · 5 mins
A single developer deliberately corrupted two widely-used npm packages, exposing the fragility of the open source supply chain.
30 December 2021 · 979 words · 5 mins
Node.js had a year of steady progress in 2021: Node 16 went LTS, the test runner landed, and the ecosystem continued its TypeScript migration.
23 December 2021 · 1012 words · 5 mins
After six months in the GitHub Copilot technical preview, here’s what AI pair programming actually looks like in day-to-day development work.
16 December 2021 · 1036 words · 5 mins
A week after Log4Shell, the patching chaos continues. But the bigger lesson is about software supply chain security and why we need SBOMs now.
9 December 2021 · 870 words · 5 mins
A critical remote code execution vulnerability in Apache Log4j has sent the entire industry scrambling. Here’s what you need to know and do right now.