@jacobalcock
Building software and finding the holes in it.
Nothing here yet.
Nothing here yet.
Jan 6 · 5 min read · Dependency confusion attacks happen because package managers default to checking public registries, even when you're using private packages. Attackers upload malicious code with internal package names. Your CI/CD pulls and executes attacker code. The...
Join discussionDec 3, 2025 · 7 min read · UPDATE: December 3, 2025 - A critical pre-authentication Remote Code Execution (RCE) vulnerability has been disclosed in React Server Components. This is a CVSS 10.0 vulnerability. If you're running Next.js 15.x, 16.x, or React 19.x in production, st...
Join discussionNov 29, 2025 · 5 min read · AWS bills that exceed engineering salaries are normal now. Startups with 100,000 users paying $50,000/month for infrastructure that could run on a $200/month dedicated server. Cloud infrastructure is convenient. It's also absurdly expensive once you ...
Join discussion
Nov 20, 2025 · 8 min read · November 18, 2025: Cloudflare goes down at 7am ET. X, ChatGPT, Spotify, Zoom, and thousands of other sites become unreachable. 20% of the internet stops working. Four hours later, Cloudflare comes back up. Then GitHub goes down. Git operations fail g...
Join discussion
Nov 14, 2025 · 6 min read · AI code review tools promise to catch bugs before they hit production. In practice, they're creating a false sense of security while making it easier to ship bad code. The problem isn't that AI code review doesn't work at all. It's that it works just...
Join discussion