One of the most misunderstood parts of software supply chain security is the difference between signing and attesting. It’s both getting more attention lately and with it, a lot more vendor FUD. ...

Let’s chat about that AI recorder in job interviews. Since I’ve been asked a few times about it on interviews, it can’t be that common yet. I’ve been using it a lot while in the hiring loop for v...

When I’d started out building images for actions-runner-controller, I’d only built them for amd64. This was fine until I got a new job working with folks on ARM instead. I still use this project ...

This is post #75 - meaning I’ve written 42 posts this year! 🥂 A fantastic year ✨ The past year had a ton of exciting things going on, led first and foremost by starting a shiny new job! Despite ...

People don’t quit bad jobs, they quit bad managers. – some person on the internet (probably) I really like my job. I get to spend perhaps an hour with someone before they’ll receive the abili...

How long do cows live? The best communication lesson I’ve learned makes me a better human every day, told as an ancient Greek tragedy. 🐄 🎭 👋🏻 Hi, I’m Natalie. I currently work as a solutions en...

While waiting for my delayed flight, I figured it would be fun to dive into a new project to pass the time. After connecting to the airport WiFi, I tried cloning the public repository. That’s whe...

A grimoire is a book of spells - a collection of snippets found on StackOverflow or got Slack’d by a coworker that got me out of a jam. There’s a decent chance it can’t be found again. This is w...

I recently had the honor of speaking on the 6th at the Software Supply Chain Security Summit. Many thanks to Lineaje, a terrific group of moderators, and my fellow speakers for a fantastic event. ...

Let’s make some dangerous choices safer inside a devcontainer. Sometimes it just isn’t possible to do things ‘the right way’. In hindsight it wasn’t possible to avoid 🐳 Docker-in-Docker 🐳, was it...