PLAY PODCASTS
Trust, but verify - Never Trust Your Code: Bugs, CDNs & Leaky Abstractions
Season 1 · Episode 27

Trust, but verify - Never Trust Your Code: Bugs, CDNs & Leaky Abstractions

Your tests are green, coverage is high, dependencies are “secure”… so why does production still feel like a house of cards? In this episode of SEEK Bytes, Elliott Millar, Raph and Will dig into trust in tech – from subtle JavaScript bugs and leaky abstractions to CDN attacks and noisy security reports – and why a healthy dose of skepticism is one of the most powerful tools an IT pro can have.

SEEK Bytes · SEEK

July 16, 202450m 18s

Audio is streamed directly from the publisher (traffic.megaphone.fm) as published in their RSS feed. Play Podcasts does not host this file. Rights-holders can request removal through the copyright & takedown page.

Show Notes

Your tests are green, coverage is high, dependencies are “secure”… so why does production still feel like a house of cards? In this episode of SEEK Bytes, Raph, Will and Elliott dig into trust in tech – from subtle JavaScript bugs and leaky abstractions to CDN attacks and noisy security reports – and why a healthy dose of skepticism is one of the most powerful tools an IT pro can have. In this episode, we explore: • How trust can be broken at every layer – from third-party CDNs like polyfill.js injecting malicious scripts, to chatbots pulling in compromised resources, to noisy vulnerability reports that burn out open source maintainers. • Why abstractions are powerful… and treacherous – what “leaky abstractions” really mean in practice, how unknown-unknowns derail estimates, and why learning just one layer deeper (query plans, caches, orchestration platforms) can save you from nasty surprises in production. • How to adopt a healthy “trust, but verify” mindset – treating tests and coverage as signals not guarantees, double-checking rollouts, reading docs and source instead of relying on hearsay, and staying just skeptical enough to catch the next Heartbleed-class bug before it bites you. Whether you’re in software engineering, QA, security, SRE, data, platform, or IT leadership, this episode will sharpen your instincts about what (and who) to trust in your stack – and how to balance healthy paranoia with getting real work shipped. Whether you’re in software engineering, QA, security, SRE, data, platform, or IT leadership, this episode will sharpen your instincts about what (and who) to trust in your stack – and how to balance healthy paranoia with getting real work shipped. 🔔 Follow the SEEK Bytes podcast so you never miss a new episode Resources: • https://www.bleepingcomputer.com/news/security/dev-rejects-cve-severity-makes-his-github-repo-read-only/ • https://lab.wallarm.com/polyfill-io-supply-chain-attack-malicious-javascript-injection-puts-over-100k-websites-at-risk/ • https://carbon-steel.github.io/jekyll/update/2024/06/19/abstractions.html
← All episodes of SEEK Bytes