How we decide to trust code, packages, and the people behind them.
On March 15, 2016, Facebook, Netflix, and Spotify's deployment pipelines crashed simultaneously — none had pushed code, all hit the same error: a missing eleven-line function called left-pad deleted by one developer in San Francisco.
On April 7, 2014, a bleeding heart logo revealed that 17% of the internet's secure servers had been silently leaking passwords, encryption keys, and credit card numbers through a bug in OpenSSL — and anyone could steal them with just a few lines of code.
In 1988, Jarkko Hietaniemi solved a Usenet problem that would eventually lead to billions of strangers trusting billions of other strangers to run code on their computers — without reading it first.
On March 29, 2024, engineer Andres Freund noticed SSH logins were half a second slower than normal — and uncovered a deliberate backdoor hidden inside a compression library trusted by millions.