Sign up to save your podcasts
Or
Share Trust, but verify - Never Trust Your Code: Bugs, CDNs & Leaky Abstractions
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Trust, but verify - Never Trust Your Code: Bugs, CDNs & Leaky Abstractions
Your tests are green, coverage is high, dependencies are “secure”… so why does production still feel like a house of cards? In this episode of SEEK Bytes, Raph, Will and Elliott dig into trust in tech – from subtle JavaScript bugs and leaky abstractions to CDN attacks and noisy security reports – and why a healthy dose of skepticism is one of the most powerful tools an IT pro can have.
In this episode, we explore:
• How trust can be broken at every layer – from third-party CDNs like polyfill.js injecting malicious scripts, to chatbots pulling in compromised resources, to noisy vulnerability reports that burn out open source maintainers.
• Why abstractions are powerful… and treacherous – what “leaky abstractions” really mean in practice, how unknown-unknowns derail estimates, and why learning just one layer deeper (query plans, caches, orchestration platforms) can save you from nasty surprises in production.
• How to adopt a healthy “trust, but verify” mindset – treating tests and coverage as signals not guarantees, double-checking rollouts, reading docs and source instead of relying on hearsay, and staying just skeptical enough to catch the next Heartbleed-class bug before it bites you.
Whether you’re in software engineering, QA, security, SRE, data, platform, or IT leadership, this episode will sharpen your instincts about what (and who) to trust in your stack – and how to balance healthy paranoia with getting real work shipped.
Whether you’re in software engineering, QA, security, SRE, data, platform, or IT leadership, this episode will sharpen your instincts about what (and who) to trust in your stack – and how to balance healthy paranoia with getting real work shipped.
🔔 Follow the SEEK Bytes podcast so you never miss a new episode
Resources:
• https://www.bleepingcomputer.com/news/security/dev-rejects-cve-severity-makes-his-github-repo-read-only/
• https://lab.wallarm.com/polyfill-io-supply-chain-attack-malicious-javascript-injection-puts-over-100k-websites-at-risk/
• https://carbon-steel.github.io/jekyll/update/2024/06/19/abstractions.html
View all episodes
By SEEKYour tests are green, coverage is high, dependencies are “secure”… so why does production still feel like a house of cards? In this episode of SEEK Bytes, Raph, Will and Elliott dig into trust in tech – from subtle JavaScript bugs and leaky abstractions to CDN attacks and noisy security reports – and why a healthy dose of skepticism is one of the most powerful tools an IT pro can have.
In this episode, we explore:
• How trust can be broken at every layer – from third-party CDNs like polyfill.js injecting malicious scripts, to chatbots pulling in compromised resources, to noisy vulnerability reports that burn out open source maintainers.
• Why abstractions are powerful… and treacherous – what “leaky abstractions” really mean in practice, how unknown-unknowns derail estimates, and why learning just one layer deeper (query plans, caches, orchestration platforms) can save you from nasty surprises in production.
• How to adopt a healthy “trust, but verify” mindset – treating tests and coverage as signals not guarantees, double-checking rollouts, reading docs and source instead of relying on hearsay, and staying just skeptical enough to catch the next Heartbleed-class bug before it bites you.
Whether you’re in software engineering, QA, security, SRE, data, platform, or IT leadership, this episode will sharpen your instincts about what (and who) to trust in your stack – and how to balance healthy paranoia with getting real work shipped.
Whether you’re in software engineering, QA, security, SRE, data, platform, or IT leadership, this episode will sharpen your instincts about what (and who) to trust in your stack – and how to balance healthy paranoia with getting real work shipped.
🔔 Follow the SEEK Bytes podcast so you never miss a new episode
Resources:
• https://www.bleepingcomputer.com/news/security/dev-rejects-cve-severity-makes-his-github-repo-read-only/
• https://lab.wallarm.com/polyfill-io-supply-chain-attack-malicious-javascript-injection-puts-over-100k-websites-at-risk/
• https://carbon-steel.github.io/jekyll/update/2024/06/19/abstractions.html