You will sometimes come across examples of code that use one or two asterisks. Depending on how the asterisks are used, they can mean different things to Python. Check your understanding of what a single asterisk means in the following quiz! What will be the output if you run this code? numbers = range(3) output = {*numbers} print(output) A) {range} B) (range) C) [0, 1, 2] D) (0, 1, 2) E) {0, 1, 2} “Unpacking generalizations” is the term to look up if you get stuck.. E) {0, 1, 2} A single asterisk before a Python dictionary or list is known as the unpacking operator. In…
Author: drweb
Mar 31, 2026 Docker Sandboxes: Run Agents in YOLO Mode, Safely Agents have crossed a threshold. Over a quarter of all production code is now AI-authored, and developers who use agents are merging roughly 60% more pull requests. But these gains only come when you let agents run autonomously. And to unlock that, you have to get out of the way. That means letting agents run… Eric Jia, Srini Sekaran, and Timir Karia Read now
Press enter or click to view image in full sizeNested routes, or child routes, can be used when multiple router outlets are present in an Angular application. Why would we have multiple router outlets in the first place? Let’s take an example.Say you have an application with multiple screens (pages) that you can navigate to. One of these screens is a complex dashboard that includes a section with tabs. You could use the router to implement navigation within those tabs, using nested routes.This means we have a main router outlet as follows in the App component:<< MenuAnd then, in our…
North Korean hackers are accused of hijacking the npm account of an axios maintainer, a highly popular and widely used JavaScript HTTP client library, in the latest in a growing number of sophisticated attacks targeting open-source software developers. For a brief few hours running from late March 30 into early March 31, the bad actors were able to hijack the npm account of the primary axios maintainer and publish two new malicious versions – “axios@1.14.1” and “axios@0.30.4” – that introduced a hidden runtime dependency, plain-crypto-js@4.2.1. When a developer or CI/CD pipeline ran the npm install, the dependency installed a remote…
Developers never really voiced any major desire to enter the age of AI coding; they always appeared quite happy to tap away at both chiclet and clacky mechanical keyboards into the wee small hours on manual coding tasks. But that relaxed indifference changed once real coding assistants came onto the scene. Among the most appealing tools in this space is Anthropic’s Claude Code, an AI-powered command-line coding assistant that helps developers write, edit, debug and automate code. But there’s no such thing as a free lunch or an unlimited Claude Code quota, even on the company’s $200 annual subscription deal.…
GitHub shipped four secret scanning updates in March that collectively represent the most significant expansion of the platform’s credential detection capabilities in months. The numbers: 37 new secret detectors across 22 providers; 39 token types now push-protected by default; new validity checks for AI and developer infrastructure tokens; and — most notably — secret scanning that now works inside AI coding agents through the GitHub MCP Server. For DevOps teams managing repositories where AI agents are increasingly generating code and opening pull requests, this last addition changes the security equation. What Shipped in March March 10: The big batch. 28…
I have a presentation on finding balance in your career that got quite a few people thinking and commenting on their own experiences. I decided to write a few posts supporting the ideas in the presentation, which my wife and I have used to both drive our careers forward while enjoying our lives.Just this week, I had an example.This is a series of posts on finding balance in your career.It Starts with a PictureMy daughter told me this happened Monday afternoon. This is one of our horse feeders, and as you can see, the bottom has fallen out.This happens periodically,…
Mar 23, 2026 Trivy supply chain compromise: What Docker Hub users should know On March 19, 2026, threat actors compromised Aqua Security’s CI/CD pipeline and used stolen credentials to push backdoored versions of the aquasec/trivy vulnerability scanner to Docker Hub. A second wave of compromised images followed on March 22. The malicious images contained an infostealer targeting CI/CD secrets, cloud credentials, SSH keys, and Docker configurations. This post summarizes what happened, what Docker did in response, and what you should do if you use Trivy. Read now
Amazon Web Services (AWS) today made a pair of artificial intelligence (AI) agents to manage DevOps workflows and conduct penetration tests generally available. Neha Goswami, director of Agentic DevOps at AWS, said AWS DevOps Agent provides software engineering teams with an always-available assistant that can automatically optimize application reliability and performance in addition to automating specific incident management tasks. The AWS Security Agent, meanwhile, provides on-demand penetration testing capability that reduces the time required to test an application for vulnerabilities and other security weaknesses from months to days, said Goswami. The overall goal is to provide DevOps teams with AI…
Mar 23, 2026 Trivy supply chain compromise: What Docker Hub users should know On March 19, 2026, threat actors compromised Aqua Security’s CI/CD pipeline and used stolen credentials to push backdoored versions of the aquasec/trivy vulnerability scanner to Docker Hub. A second wave of compromised images followed on March 22. The malicious images contained an infostealer targeting CI/CD secrets, cloud credentials, SSH keys, and Docker configurations. This post summarizes what happened, what Docker did in response, and what you should do if you use Trivy. Read now