Skip to main content

All posts

Takeaways from Major Software Supply Chain Attacks

Slopsquatting, worms, repojacking, ghost releases — another week in the running battle between FOSS maintainers and increasingly sophisti...

Mythos pulls zero-days forward

A remote crash bug landed in OpenBSD in 1998. It stayed there, lurking in a system famous for its security hardening, surviving decade...

ML pipeline security

Presented at RSAC on Securing ML Pipelines: Way More Than You Wanted to Know. We went deep on specific mechanisms for securing ML pipelin...

Myths of Advisory Feeds

The only rule: Don't look at the code

Wrote up a retrospective and summary of the finals for Chainguard Vibelympics, our first vibe coding tournament. This was a competition w...

Cheese Must Stand

Presented “Cheese Must Stand: Defending the Python Library Ecosystem in 2025” with Srishti Hegde at PyCon US 2025 in Pittsburgh. The talk...

Spoke at Cloud Security Alliance Boston Chapter

Notes from a Cloud Security Alliance Boston Chapter talk on software supply chain security, covering major incidents, CVEs, scanning, SLSA, and a few security memes.

Are we in a uniquely annoying time?

A quick timeline of internet eras and their particular flavors of irritation, with a guess that the current AI-platform-shakeout period is annoying but not uniquely so.

The Old, the New, and the Strange

Breakout session at the inaugural Chainguard Assemble customer conference in San Francisco. The talk runs through the strange shape of at...

Beyond Zero

Presented “Beyond Zero: Eliminating Vulnerabilities in the PyTorch Container Image” with Srishti Hegde and Dan Fernandez at the PyTorch C...

Emacs Buffers, Windows, and Frames Explained

In the last few months, I’ve seen a number of questions on Reddit and elsewhere about Emacs buffers, windows, and frames. These concepts ...

How To Lead a Technical Workshop

Since we’ll be holding our second week-long Digital Research Institute in June, I thought I’d put together a list of the lessons I’ve lea...

Using Elpy with pyenv in Emacs

I use Emacs to write code in Python. As someone who prefers to use the keyboard over the mouse and who doesn’t mind memorizing key combin...

Use Text Expanders for More Efficient Grading

If you grade papers (or proofread) frequently, you probably find yourself writing the same comments over and over: “Use a synonym here t...

Five Underrated Features in Zotero

Zotero is an excellent citation manager, but it can be so much more. These underused features allow Zotero users to go beyond simply crea...

5 Killer Apps for Digital Scholars

As academics, we’re used to dealing with clunky technology. Whether we’re trying to organize a course on Blackboard or naviga...

Two Workarounds for Citing Ebooks

<div class="entry-content"> <p>Most scholars in the humanities avoid using e-books for research. The difficulty is mostly cit...