Interesting list of criteria about why you might not use some piece of tech. Also delves into why this is often not public knowledge.

Now this one is really nasty...

Another couple of attempts at supply chain attacks. This time in the Python ecosystem. The skill level of those attempts isn't high though.

This ecosystem keeps baffling me... How come there are so little checks on what can get published or how the command line process parameters.

Seeing the bad practices of Amazon with its Android AppStore, it really feels like another supply chain mess in the making with Windows 11 Android support...

Maybe a way out of the supply chain attacks? Will take time and adoption of course.

Very interesting new supply chain attack. Shows one of the big downsides of the very convenient packaging tools everyone uses lately. Interestingly in that particular case it seems less risky only with the publicly available components, it's in the context of private repositories that the risk arises. Root cause seems to be the lack of control on how those tools resolve between private and public repositories.