This episode of Ship It Weekly is about the interface layer becoming the story. Brian covers Amazon S3 Files and why it feels more like a managed filesystem layer in front of S3 than “S3 is EFS now,” including how it relates to the old s3fs and FUSE-style approach. He also digs into 36 malicious npm packages posing as Strapi plugins, the uglier follow-on to the Trivy incident he discussed previously, Kubernetes Ingress2Gateway 1.0 and the push toward Gateway API, and Kubernetes Agent Sandbox as a sign that newer AI-style workloads are starting to reshape the platform itself.

Links

Amazon S3 Files

https://aws.amazon.com/blogs/aws/launching-s3-files-making-s3-buckets-accessible-as-file-systems/

Malicious npm packages posing as Strapi plugins

https://thehackernews.com/2026/04/36-malicious-npm-packages-exploited.html

Trivy follow-on incident discussion

https://github.com/aquasecurity/trivy/discussions/10425

RoseSecurity on Trivy / typosquatting angle

https://rosesecurity.dev/2026/03/20/typosquatting-trivy.html

Earlier episode covering the first Trivy incident

https://www.tellerstech.com/ship-it-weekly/aws-bahrain-uae-data-center-issues-amid-iran-strikes-argocd-vs-flux-gitops-failures-github-actions-hackerbot-claw-attacks-trivy-roguepilot-codespaces-prompt-injection-block-ai-remake/

Kubernetes Ingress2Gateway 1.0

https://kubernetes.io/blog/2026/03/20/ingress2gateway-1-0-release/

Kubernetes Agent Sandbox

https://kubernetes.io/blog/2026/03/20/running-agents-on-kubernetes-with-agent-sandbox/

Fortinet FortiClient EMS emergency patch

https://www.fortiguard.com/psirt/FG-IR-26-099

Karpathy post

https://x.com/karpathy/status/2036487306585268612

ProofShot

https://github.com/AmElmo/proofshot

More episodes and show notes

https://shipitweekly.fm

On Call Briefs

https://oncallbrief.com