The Hidden Blast Radius of the Axios Compromise, by @ahmadnassri (@SocketSecurity):

https://socket.dev/blog/hidden-blast-radius-of-the-axios-compromise

#dependencies #npm #security

Ubuntu 26 apt install #apt #dependencies

https://askubuntu.com/q/1565395/612

True that:

“Every Dependency You Add Is A Supply Chain Attack Waiting To Happen”, Ben Hoyt (https://benhoyt.com/writings/dependencies/).

Via Lobsters: https://lobste.rs/s/j6uemk/every_dependency_you_add_is_supply_chain

On HN: https://news.ycombinator.com/item?id=47613210

#Security #Dependencies #Programming #SupplyChainAttacks #ComputerSecurity

So Where Are All the AI Apps?, by @algal.bsky.social and @rensd.bsky.social:

https://www.answer.ai/posts/2026-03-12-so-where-are-all-the-ai-apps.html

#ai #dependencies #python #metrics

The Three Pillars of JavaScript Bloat, by @43081j.com:

https://43081j.com/2026/03/three-pillars-of-javascript-bloat

#javascript #dependencies #complexity #runtimes #architecture #polyfills

GNOME 50 removes Google Drive integration after libgdata lost maintenance and was archived, leaving unresolved security issues and outdated dependencies. The change reflects risks of unmaintained code in open ecosystems, prioritizing security and transparency over fragile proprietary integrations ⚙️

🔗 https://itsfoss.com/news/gnome-drops-google-drive-support/

#TechNews #GNOME #GNOME50 #Google #Drive #GoogleDrive #Linux #OpenSource #FOSS #Security #Dependencies #Maintenance #Privacy #Transparency #Software #Desktop #IT

#Development #Overviews
Package managers need to cool down · The state of dependency update delay mechanisms https://ilo.im/16bnm5

_____
#Attacks #SupplyChain #PackageManagers #Dependencies #Npm #Vulnerability #Security #WebDev #Frontend #Backend

#Development #Pitfalls
Lessons learned after breaking production · What software engineers never want to experience again https://ilo.im/16bkbg

_____
#Engineering #Troubleshooting #Debugging #Rollbacks #Backups #Dependencies #QuickFixes #WebDev #Frontend #Backend

Should someone be interested, there is a #rc for the new #imagepipe version.

https://kaffeemitkoffein.de/nextcloud/index.php/s/Dees7SB22sXtoJa

A short story:
I am building the #android #sdk on my own and use my own #sdk build to develop #imagepipe .

See here:
https://codeberg.org/Starfish/SDK-Rebuilds

Doing it that way, I learned a lot.

#imagepipe also has zero #dependencies, so that the resulting #apk is only 643 KiB in size. It fits on a 3.5" #floppy #disk, should you remember them.

#imagepipe is also downward compatible to support devices running #android 4.0.1, whilst targeting #android 16, so you can use #imagepipe even on very old, outdated devices.

Unfortunately, my #samsung Galaxy young broke, so that I cannot test #imagepipe on a native device with a display as small as 320x240 pixels anymore. The last versions worked well on it.

#AskFedi, #Fediverse, a topic just came up: many in the #EU are looking to #renewables to strengthen their #sovereignty by reducing #dependencies - e.g. #methane for #electricity generation.

The challenge to balance is just as sharp when it comes to #food #SupplyChain s. How can densely populated regions produce bread grains, rice, or for that matter mustard and lentils?

#VerticalFarming #VF and #UrbanAgriculture #UA can improve availability of leafy produce, fruits; but seed crops?