+------------------------------------------------------------+
|    ____                  _         ____        __       __ |
|   / __ \____  ____  ____(_)____   / __ \____ _/ /____  / / |
|  / / / /_  / / __ '/ __ '/ ___/  / /_/ / __ '/ __/ _ \/ /  |
| / /_/ / / /_/ /_/ / /_/ / /     / ____/ /_/ / /_/  __/ /   |
| \____/ /___/\__,_/\__,_/_/     /_/    \__,_/\__/\___/_/    |
|                                                            |
|                software engineer @ etsy                    |
+------------------------------------------------------------+
[resume.pdf] [linkedin] [github]
------------------------------------------------------------

:: LATEST ::

> on supply chain attacks

> [today | 2 min read]
> //

supply chain attack: a way to execute malicious code on many computers by sneaking in the bad code into a highly used open source library.

[expand]

reflecting on the recently viral supply chain attack of LiteLLM, a few others this week?, and xz, i think this method of attack will be an even more utilized into 2026 beyond. there is more software being submitted into Github and the surface area of code is increasing.

what might change:

  1. blind & careless software upgrades are risky. no more npm update && git push. engineers will spend more time auditing each upgrade for security & a safe code supply chain. good time to be a security engineer.

  2. the older the software is, the safer it might be. a lot of software was spared this week because the malicious code only was available for 2 hours and people hadn't had time to update. the older the code has been stamped for release, the safer it might be. maybe this looks like [uv/npm] update --older-than=1wk flags?

are these examples of software viruses having a lifespan?

---

> the small internet

> [3 days ago | 1 min read]
> //

recently i've been hosting LibreChat instance for a couple of my friends. it's a low-ish effort project that enables people in my community to access at-cost per-usage AI instead of paying a fixed $10/20/30 subscription that you may forget or only use 10% of.

[expand]

it's also private, so conversations aren't sold to identify how to target you (imagine being targeted for exploitive sale because you asked a health question, research a personal topic, etc)

if everyone hosts their own little LibreChat instance for their friends & family, that could decentralize AI usage and combat Big Tech's monopoly on data.

people have been doing this concept for decades though, think of Plex for friends, NAS for friends, and even Minecraft servers for friends.

except now, maybe its not just a fun side project. maybe it is now a means for data ownership & social change.

this is the small internet

---

> Yo

> [4 days ago | 1 min read]
> /is this on chat/

we here 🗿







[view all]