A report published by JFrog finds that cybercriminals are now increasingly targeting the artificial intelligence (AI) tools and platforms used by application development teams.Based on an analysis of 18.2 billion artifacts managed via the JFrog Platform, security researchers discovered 969 AI agent skills carrying high-impact payloads in addition to 495 malicious AI models on the Hugging Face platform for hosting open source AI models. Additionally, 56 malicious extensions were also discovered on the OpenVSX registry.The survey also finds 41% of respondents work for organizations that are actively using AI libraries, with organizations on average employing 9.3 AI libraries each. At…
Author: drweb
Docker Captain May 26, 2026 The Untrusted Autonomous Workload: How AI Coding Agents Reshape What Isolation Has to Do Learn why AI coding agents need stronger isolation, how Docker Sandboxes use microVMs, and what secure autonomous workloads require. Read now
Ubuntu 26.04 LTS “Resolute Raccoon” shipped on April 23, 2026, and if you’re still on 24.04, this article walks you through the in-place upgrade using do-release-upgrade, the same tool Canonical recommends for every LTS-to-LTS jump. Ubuntu 26.04 LTS is the newest long-term support release from Canonical, and many Ubuntu 24.04 users are already planning upgrades on desktops, VPS instances, and home lab servers. Since both are LTS releases, the upgrade path is officially supported and relatively smooth when the system is prepared properly beforehand. Every failed Ubuntu release upgrade I’ve seen over the years usually came down to one of…
The fight to maintain security has moved to the engineer’s messy desktop. Last week, AI search provider Perplexity open-sourced an internal tool, Bumblebee, for checking developer machines, either Linux or macOS, for vulnerable software.Continuous integration pipelines have baked security checks into them, with Software Bills of Materials (SBOMs) ensuring that the correct version of a package makes it to runtime. So malicious attackers are gravitating to the underbelly of enterprise security, the developer’s laptop. Most developer machines are no doubt teeming with unpatched and outdated software, byproducts of various experiments and projects. There’s probably an outdated version of Node.js on most machines,…
Netplan is the default network configuration tool on Ubuntu since 18.04, replacing the older ifupdown system with a cleaner YAML-based approach that works across both server and desktop environments. Ubuntu 26.04 continues using Netplan as the default network configuration system, just like earlier Ubuntu releases, but instead of editing older configuration files manually, you now manage network settings using simple YAML files stored under /etc/netplan/. For desktop users, Netplan usually works quietly in the background, but on VPS servers, home labs, or remote Ubuntu systems, knowing how to configure static IP addresses, DNS servers, and multiple interfaces becomes very important,…
Sol Duara, a provider of open source platforms for managing the software development lifecycle (SDLC), has announced its intent to contribute an open source orchestration platform for automating software development workflows to the Continuous Delivery (CD) Foundation.At the core of the Conduit platform from Sol Duara is CDrus Expressions, a framework that turns CDEvents vocabulary into expressed intent. Sol Duara has also built an internal developer platform (IDP) based on CDrus Expressions and Tekton pipelines that adheres to a set of principles through which established systems theory, software architecture patterns, and interoperability frameworks are unified to advance interoperability across continuous…
A sequential scan is not always a problem — PostgreSQL’s planner often chooses one correctly for small tables or queries that return most of a table’s rows. The dangerous variant is the sequential scan with no filter predicate: the plan reads every row in the table and returns all of them, with zero selectivity applied at the scan level. This pattern means the query has no WHERE clause narrowing the result, or the join/filter column has no index backing it. On any large table in a transactional workload it produces unnecessary I/O, longer runtimes, and contention under load. This post…
Two years ago, two things happened within a few days of each other. I retired from 3Cloud going on full time disability due to ALS, and I was awarded my first Microsoft MVP award. Retirement was a huge nail in the coffin for my career in data. I still produced more Fabric 5 videos which helped me earn the award. Now I’m giving up my MVP award after only two years.ALS diagnosis and my MVP awardI received my official ALS diagnosis in September 2022, but by the previous fall, it was pretty clear that I had ALS. I didn’t know…
DORA metrics have been a reliable compass for engineering teams for over a decade. Deployment frequency, lead time for changes, change failure rate, mean time to recovery, and reliability give teams a shared language for talking about delivery performance. The research behind them is solid, the benchmarks are well-established, and most engineering leaders know what good looks like for each metric.What is less discussed is how AI-assisted development changes the baseline assumptions those metrics were built on. Not whether DORA metrics are still relevant — they are — but how the same numbers can mean something different when a significant…
Earlier this year I mass-migrated my blog to Astro using Claude Code. 146 posts. 6,024 images. Canonical URLs, JSON-LD markup, sitemap generation, the whole stack. I’d spent hours writing a skills file to teach the agent about my blog’s architecture, how deployment worked, what not to touch. And it worked. Claude Code rewrote components, fixed trailing-slash mismatches across hundreds of pages, added BreadcrumbList structured data to hundreds of routes. Lighthouse scores hit 97 on performance. The blog looked better than it ever had. The problem was that I had stopped understanding my own codebase. Not completely. I could still read…