0:00

10:03

what the hell is even happening

Tech

🏫 MY COURSES Sign-up for my FREE 3-Day C Course: https://lowlevel.academy 🧙‍♂️ HACK YOUR CAREER Wanna learn to hack? Join my new CTF platform: https://stacksmash.io ⌨️ KEYBOARD Like what you hear? Grab a Q5 at https://go.lowlevel.tv/keyboard 🔥COME HANG OUT Check out my other stuff: https://lowlevel.tv

Comments 100 keith_davis: turns out Herb Sutter was right, C++ having no package mana…

Comments 100

keith_davis 1 month, 1 week ago

turns out Herb Sutter was right, C++ having no package manager is indeed a feature

utkarsh.kalita 1 month, 1 week ago

2026 is officially the year of exploits

raagini_dhar 1 month, 1 week ago

Every developer: *sees 5000+ directories in node_modules* "....this is fine"

rafaél_gastélum 1 month, 1 week ago

And would C or C++ have prevented this exploit? <tongue in cheek> Yes they would, because they totally fail to have an easy to use centralized package manager/repository. Adding a dependency in C or C++ is a MAJOR decision, and often a PAIN IN THE ARSE. That.... is also a good thing. ;-)

leon.mohaupt 1 month, 1 week ago

I'd consider the idea that it might be a two-pronged issue: AI is making cyber attacks easier, but more importantly, people who used to work in the tech sector are getting laid off and people who got computer science degrees can't find jobs, meaning they either have no choice but to stoop to this level to provide for themselves, or they're doing it out of utter boredom and anger at the world. Just a thought.

lisa_hayes 1 month, 1 week ago

Year of the Linux exploit.

judithdrift46 1 month, 1 week ago

its past time people start treating dependency creep as a vulnerability

valentim_darocha 1 month, 1 week ago

I am scarred, the frequency of this freaking exploits are crazy day by day

bryanmyst97 1 month, 1 week ago

Sec is DOOMED for at least the next six months. Coffee up.

brendanhollow27 1 month, 1 week ago

Mr developer, another supply chain attack has hit the packages.

océane.blin 1 month, 1 week ago

I've never been super opposed to package managers, but I've been feeling very vindicated in my utter contempt for the JS/frontend ecosystem lately.

manyadaylight5 1 month, 1 week ago

Don’t worry management is on the job. They are gleefully firing as many devs as they can to replace with AI. Any senior knowledgeable ones left have all their time taken up reviewing AI slop code. That is a perfect defense against this new severe threat environment.

saanvi.sha 1 month, 1 week ago

Abolish all computers! All hail the abacus!

sarah.zuniga 1 month, 1 week ago

Cargo is only one commit away from compromise too. Things can get hidden easily at scale. I'm really cautious about picking up any dependency now.

advaithsoni654 1 month, 1 week ago

Escaping the virtual machine is the biggest thing I've ever heard so far! This means it can affect the host machine

valentim_darocha 1 month, 1 week ago

What i did was convert my entire 50,000 line codebase to php. Npm is off the rocker.and the inmates are running the asylum.

suzannelloyd476 1 month, 1 week ago

haha yeah. live @ /LowLevelTV eventually

shawnbird242 1 month, 1 week ago

Neatly Packaged Malware.

christine_ferrand 1 month, 1 week ago

The worms shall continue until dependency trees get trimmed. Given this thing will keep happening, at least we should try to be happy about it.

reynaldo_godínez 1 month, 1 week ago

The Jia TanStack

You've reached the end