Tech Feed - December 09, 2025

Dec 9, 2025

Articles and podcasts from the software engineering world.

SE Radio

SE Radio 698: Srujana Merugu on How to build an LLM App

In this episode of Software Engineering Radio, Srujana Merugu, an AI researcher with decades of experience, speaks with host Priyanka Raghavan about building LLM-based applications. The discussion begins by clarifying essential concepts like generative vs. predictive AI, pre-training vs. fine-tuning...

Software Engineering Daily

Blocking Software Supply Chain Attacks with Feross Aboukhadijeh

Here is a 300-word summary of the key points from the podcast episode "Blocking Software Supply Chain Attacks with Feross Aboukhadijeh":

Feross Aboukhadijeh is the founder and CEO of Socket, a security platform designed to protect software projects from open-source supply chain attacks. In this episode, he discusses his background in open source, the growing problem of supply chain attacks compromising popular libraries, and the practical steps developers can take to secure their software.

Aboukhadijeh started coding in high school, building websites to host his favorite Flash animations. This early experience sparked his interest in open source and automation. After studying computer science at Stanford, he worked on several popular open-source projects like WebTorrent, which showed him both the benefits and challenges of being a high-profile open-source maintainer.

The main focus of the discussion is the rise of software supply chain attacks, where bad actors compromise popular open-source libraries to distribute malware at scale. Aboukhadijeh explains how these attacks often go undetected for months, taking advantage of the fact that most developers don't thoroughly review their dependencies. He emphasizes the importance of using package locks, vetting dependencies, and shifting mindsets to treat third-party code as part of your application.

Aboukhadijeh then details how Socket uses a combination of heuristics and large language models to automatically scan packages for malicious behaviors, providing high-signal alerts to developers. He also warns about emerging threats like attackers exploiting AI-generated code and the risks of excessive permissions in Chrome/Firefox extensions.

While there's no perfect solution, Aboukhadijeh advocates for more experimentation with secure package managers like Deno and pnpm, as well as developing a security-conscious culture around open-source dependencies. The key takeaway is that developers must be proactive about understanding and vetting the code they depend on, rather than blindly trusting open-source packages.

Dev Interrupted

The hidden costs of pre-computing data | Chalk's Elliot Marx

Is your engineering team wasting budget and sacrificing latency by pre-computing data that most users never see? Chalk co-founder Elliot Marx joins Andrew Zigler to explain why the future of AI relies on real-time pipelines rather than traditional storage. They dive into solving compute challenges f...

Tech Brew Ride Home

Nvidia Back In China… Maybe

Trump says Nvidia and others can ship chips to China, but the question is, will China take delivery. OpenAI is ending the code red in about a month, after getting a new model out the door. Meta wants a new Llama model, maybe in a month. And a new smart ring that is pretty intriguing… Trump greenligh...

© 2025 Rakesh Ranjan
RSS
https://rakeshr.net/feed.xml