Adrian Mouat
@adrianmouat.com
Technical community advocate at Chainguard. Bad guitarist. He/him.
Pinned
Adrian Mouat
@adrianmouat.com
· Apr 11
Want to see how secure your container images are? Try out the CHPs scorer. Here's a run on an example Python project that's pretty typical of what you find in the wild.
Reposted by Adrian Mouat
Been working on this one for a while — it's a little bit of history of a key foundation of internet technology, and a little bit of an explainer about how people _actually_ invent things. This is the amazing (true!) story of how Markdown took over the world. www.anildash.com/2026/01/09/h...
How Markdown took over the world - Anil Dash
A blog about making culture. Since 1999.
www.anildash.com
January 9, 2026 at 4:17 PM
Been working on this one for a while — it's a little bit of history of a key foundation of internet technology, and a little bit of an explainer about how people _actually_ invent things. This is the amazing (true!) story of how Markdown took over the world. www.anildash.com/2026/01/09/h...
Evaluating risk and focusing on actual problems is key to security. Quantum risks are real, but does it matter when you leave long-lived tokens accessible?
As Bruce Schneier said "More people are killed every year by pigs than by sharks, which shows you how good we are at evaluating risk."
As Bruce Schneier said "More people are killed every year by pigs than by sharks, which shows you how good we are at evaluating risk."
January 9, 2026 at 11:16 AM
Evaluating risk and focusing on actual problems is key to security. Quantum risks are real, but does it matter when you leave long-lived tokens accessible?
As Bruce Schneier said "More people are killed every year by pigs than by sharks, which shows you how good we are at evaluating risk."
As Bruce Schneier said "More people are killed every year by pigs than by sharks, which shows you how good we are at evaluating risk."
Yeah. I'm tempted to say "why not both" but I know I would definitely forget to check one.
December 24, 2025 at 2:02 PM
Yeah. I'm tempted to say "why not both" but I know I would definitely forget to check one.
Keeping s/w updated would also have prevented this attack. I wonder if the author could use Renovate or something similar.
(And yeah, there should have been a firewall so the umami container wasn't exposed externally)
(And yeah, there should have been a firewall so the umami container wasn't exposed externally)
December 24, 2025 at 10:00 AM
Keeping s/w updated would also have prevented this attack. I wonder if the author could use Renovate or something similar.
(And yeah, there should have been a firewall so the umami container wasn't exposed externally)
(And yeah, there should have been a firewall so the umami container wasn't exposed externally)
Containerisation for the win! The only real fallout from the attack was increased CPU usage and an annoyed host from the scanning. The host server wasn't compromised.
December 24, 2025 at 10:00 AM
Containerisation for the win! The only real fallout from the attack was increased CPU usage and an annoyed host from the scanning. The host server wasn't compromised.
The hack was the recent React2Shell vuln. But the author wasn't aware they were even running NextJS. This is a critical point and one of the reasons for the push towards SBOMs -- we should be able to immediately review our infrastructure for vulnerable components
react2shell.com
react2shell.com
December 24, 2025 at 10:00 AM
The hack was the recent React2Shell vuln. But the author wasn't aware they were even running NextJS. This is a critical point and one of the reasons for the push towards SBOMs -- we should be able to immediately review our infrastructure for vulnerable components
react2shell.com
react2shell.com
There was a recent post that hit Hacker News about a server getting hacked and running Monero.
blog.jakesaunders.dev/my-server-st...
I wanted to call out a few points...
blog.jakesaunders.dev/my-server-st...
I wanted to call out a few points...
I got hacked, my server started mining Monero this morning.
I got hacked, my server started mining Monero this morning.
blog.jakesaunders.dev
December 24, 2025 at 10:00 AM
There was a recent post that hit Hacker News about a server getting hacked and running Monero.
blog.jakesaunders.dev/my-server-st...
I wanted to call out a few points...
blog.jakesaunders.dev/my-server-st...
I wanted to call out a few points...
Reposted by Adrian Mouat
via The New Yorker, Ellis Rosen cartoon
December 23, 2025 at 5:31 AM
via The New Yorker, Ellis Rosen cartoon
Some of the time you will be adding the cert while adding custom code or binaries, so it may not remove a build. But it's still one less thing to worry about. And there are many cases where the cert was the only customisation (e.g. application images like databases) and those are now taken care of.
December 23, 2025 at 10:45 AM
Some of the time you will be adding the cert while adding custom code or binaries, so it may not remove a build. But it's still one less thing to worry about. And there are many cases where the cert was the only customisation (e.g. application images like databases) and those are now taken care of.
Think about it -- previously you had to run a build just to drop the certs in every time a new image was released. Now we do that work for you.
December 23, 2025 at 10:45 AM
Think about it -- previously you had to run a build just to drop the certs in every time a new image was released. Now we do that work for you.
We've just added support for "Custom Certificates" to @chainguard.dev's Custom Assembly tool.
This means you can provide us with your org's public certs and we will build them into your images. Simple, but it saves a massive amount of time and resources for our customers.
tinyurl.com/vkwvsjsa
This means you can provide us with your org's public certs and we will build them into your images. Simple, but it saves a massive amount of time and resources for our customers.
tinyurl.com/vkwvsjsa
Custom Certificates are now available in Custom Assembly
Custom Certificate support for Custom Assembly allows you to add your enterprise certificate authority certificates directly to Chainguard Containers
www.chainguard.dev
December 23, 2025 at 10:45 AM
We've just added support for "Custom Certificates" to @chainguard.dev's Custom Assembly tool.
This means you can provide us with your org's public certs and we will build them into your images. Simple, but it saves a massive amount of time and resources for our customers.
tinyurl.com/vkwvsjsa
This means you can provide us with your org's public certs and we will build them into your images. Simple, but it saves a massive amount of time and resources for our customers.
tinyurl.com/vkwvsjsa
If you're an AWS user, you can now get @chainguard.dev images directly from ECR.
So now you can get your secure, zero CVE images faster and with less networking costs.
You can try it out right away:
docker pull public.ecr.aws/chainguard/wolfi-base:latest
aws.amazon.com/blogs/contai...
So now you can get your secure, zero CVE images faster and with less networking costs.
You can try it out right away:
docker pull public.ecr.aws/chainguard/wolfi-base:latest
aws.amazon.com/blogs/contai...
Expanding container security and choice with Amazon ECR Public | Amazon Web Services
Today, we're excited to announce that Amazon ECR Public now offers Chainguard Wolfi Images—security-hardened, minimalist base container images that dramatically reduce vulnerabilities in your…
aws.amazon.com
December 22, 2025 at 1:59 PM
If you're an AWS user, you can now get @chainguard.dev images directly from ECR.
So now you can get your secure, zero CVE images faster and with less networking costs.
You can try it out right away:
docker pull public.ecr.aws/chainguard/wolfi-base:latest
aws.amazon.com/blogs/contai...
So now you can get your secure, zero CVE images faster and with less networking costs.
You can try it out right away:
docker pull public.ecr.aws/chainguard/wolfi-base:latest
aws.amazon.com/blogs/contai...
I have found the original inspiration for space invaders
December 22, 2025 at 1:06 PM
I have found the original inspiration for space invaders
Reposted by Adrian Mouat
Unpopular opinion:
Current code review tools just don’t make much sense for AI-generated code
When reviewing code I really want to know:
- The prompt made by the dev
- What corrections the other dev made to the code
- Clear marking of code AI-generated not changed by a human
Current code review tools just don’t make much sense for AI-generated code
When reviewing code I really want to know:
- The prompt made by the dev
- What corrections the other dev made to the code
- Clear marking of code AI-generated not changed by a human
December 14, 2025 at 2:24 PM
Unpopular opinion:
Current code review tools just don’t make much sense for AI-generated code
When reviewing code I really want to know:
- The prompt made by the dev
- What corrections the other dev made to the code
- Clear marking of code AI-generated not changed by a human
Current code review tools just don’t make much sense for AI-generated code
When reviewing code I really want to know:
- The prompt made by the dev
- What corrections the other dev made to the code
- Clear marking of code AI-generated not changed by a human
Corollary: buy cables with different colours...
December 14, 2025 at 3:25 PM
Corollary: buy cables with different colours...
Top networking tip: do not plug both ends of an ethernet cable into the same switch.
December 14, 2025 at 3:25 PM
Top networking tip: do not plug both ends of an ethernet cable into the same switch.
With the rise of LLM generated code, it feels like it's taken on a whole new meaning. Can you really say the code you're committing today is readable by humans? If not, be aware that it represents a lot tech debt that may need to be paid back with interest...
December 12, 2025 at 1:56 PM
With the rise of LLM generated code, it feels like it's taken on a whole new meaning. Can you really say the code you're committing today is readable by humans? If not, be aware that it represents a lot tech debt that may need to be paid back with interest...
"Any fool can write code that a computer can understand. Good programmers write code that humans can understand."
I stumbled across this quote from Refactoring by Martin Fowler when looking at dannorth.net/blog/cupid-f... by @tastapod.com .
I stumbled across this quote from Refactoring by Martin Fowler when looking at dannorth.net/blog/cupid-f... by @tastapod.com .
December 12, 2025 at 1:56 PM
"Any fool can write code that a computer can understand. Good programmers write code that humans can understand."
I stumbled across this quote from Refactoring by Martin Fowler when looking at dannorth.net/blog/cupid-f... by @tastapod.com .
I stumbled across this quote from Refactoring by Martin Fowler when looking at dannorth.net/blog/cupid-f... by @tastapod.com .
And the Renovate GitHub Action: github.com/renovatebot/...
December 11, 2025 at 5:53 PM
And the Renovate GitHub Action: github.com/renovatebot/...
You can find more about Octo-STS here: github.com/apps/octo-sts
December 11, 2025 at 5:53 PM
You can find more about Octo-STS here: github.com/apps/octo-sts
New video on updating container images with Renovate.
The demo uses the Renovate GitHub Action but pairs it with Octo-STS so you don't need to create a PAT.
www.youtube.com/watch?v=I0hW...
The demo uses the Renovate GitHub Action but pairs it with Octo-STS so you don't need to create a PAT.
www.youtube.com/watch?v=I0hW...
Updating Container Images with Renovate (and no PATs!)
YouTube video by Chainguard
www.youtube.com
December 11, 2025 at 5:53 PM
New video on updating container images with Renovate.
The demo uses the Renovate GitHub Action but pairs it with Octo-STS so you don't need to create a PAT.
www.youtube.com/watch?v=I0hW...
The demo uses the Renovate GitHub Action but pairs it with Octo-STS so you don't need to create a PAT.
www.youtube.com/watch?v=I0hW...
Just finished @nealstephenson.bsky.social's Baroque Cycle. I'm not a fast reader so it was a bit of an undertaking. Worth it though.
And in relation to recent news, it definitely has an ending and even goes some lengths to wrap up various story arcs. Infinite Jest it is not.
And in relation to recent news, it definitely has an ending and even goes some lengths to wrap up various story arcs. Infinite Jest it is not.
December 11, 2025 at 1:07 PM
Just finished @nealstephenson.bsky.social's Baroque Cycle. I'm not a fast reader so it was a bit of an undertaking. Worth it though.
And in relation to recent news, it definitely has an ending and even goes some lengths to wrap up various story arcs. Infinite Jest it is not.
And in relation to recent news, it definitely has an ending and even goes some lengths to wrap up various story arcs. Infinite Jest it is not.
Please remember a Lewis is for life, not just Xmas.
On the 12th day of Quizmas, my true love gave to me… 12 ugly sweaters and a Lewis Denham-Parry.
We’re giving away limited-edition Edera Holiday Sweaters. It’s punny. It’s festive. It's a-lotl.
How to enter:
1. Reshare this post
2. Register for Runtime Rumble: The Quizmas Clash
edera.link/vev5bsky
We’re giving away limited-edition Edera Holiday Sweaters. It’s punny. It’s festive. It's a-lotl.
How to enter:
1. Reshare this post
2. Register for Runtime Rumble: The Quizmas Clash
edera.link/vev5bsky
December 10, 2025 at 10:24 PM
Please remember a Lewis is for life, not just Xmas.
Reposted by Adrian Mouat
fucking bryan is both very, very good -- again -- and also funny, again. I especially dig the fact that building a solution is about trust built into the future. It's human thing.
December 9, 2025 at 4:18 PM
fucking bryan is both very, very good -- again -- and also funny, again. I especially dig the fact that building a solution is about trust built into the future. It's human thing.
Reposted by Adrian Mouat
I fucking love memes you can understand through the language barrier, holy shit
December 6, 2025 at 3:39 PM
I fucking love memes you can understand through the language barrier, holy shit