Hot takes & Cold Storage, May 22, 2026 episode artwork

EPISODE · May 22, 2026 · 19 MIN

Hot takes & Cold Storage, May 22, 2026

from The Iron Sysadmin

Welcome back to Hot Takes and Cold Storage! After a brief hiatus around Red Hat Summit season, Nate is back with a packed episode. Hot Takes: Microsoft quietly added Copilot as a co-author to VS Code git commits — even with AI tools disabled. They reversed it after developer backlash, but it’s another reason to consider VSCodium. The Dutch government has launched its own self-hosted Forgejo instance as a digital sovereignty move, joining a growing trend of nations taking control of their code infrastructure. US states continue filling the federal privacy vacuum. California’s AB 2561 now prohibits apps and OSes from resetting your privacy settings, and Connecticut passed a law requiring data brokers to register with the state. MiciMike is producing a drop-in replacement PCB for the Google Home Mini Gen 1 that turns it into a Home Assistant Voice device — completely local, ESP-based, and available to back on Crowd Supply. And in a story that writes itself: a CISA contractor stored AWS GovCloud admin credentials, a Firefox password CSV, and deployment documentation in a public GitHub repo. For six months. With secret scanning disabled. Cold Storage (Deep Dive): The TanStack Supply Chain Worm On May 11, 2026, over 170 packages were compromised across npm and PyPI. 84 malicious versions across 42 TanStack packages were published in a six-minute window, also hitting Mistral AI, UiPath, and OpenSearch. This is the first documented supply chain worm to ship with valid SLSA provenance certificates. We break down the pull_request_target exploit pattern, how the attacker poisoned the GitHub Actions cache without touching any credentials, and how the worm propagated itself through every developer it infected — including a vindictive payload that wiped your home directory if you revoked your token. The community response was fast and transparent, and that’s the real win. Links: Microsoft Copilot co-author controversy: https://www.msn.com/en-us/news/technology/microsoft-secretly-made-copilot-co-author-your-code-until-developers-revolted/ar-AA22CHBL Dutch government self-hosts Forgejo: https://www.opensourceforu.com/2026/04/dutch-government-backs-forgejo-for-sovereign-open-source-github-alternative/ California AB 2561 & state privacy law roundup: https://www.troutmanprivacy.com/2026/05/proposed-state-privacy-and-ai-law-update-may-18-2026/ Connecticut data broker registration: https://www.troutmanprivacy.com/2026/05/proposed-state-privacy-and-ai-law-update-may-11-2026/ MiciMike Google Home Mini replacement PCB: https://www.cnx-software.com/2026/04/29/micimike-open-source-drop-in-pcb-converts-google-home-mini-into-a-local-voice-assistant/ Back MiciMike on Crowd Supply: https://www.crowdsupply.com/micimike-rev-devices/micimike-home-mini-drop-in-pcb

NOW PLAYING

Hot takes & Cold Storage, May 22, 2026

0:00 19:02

No transcript for this episode yet

We transcribe on demand. Request one and we'll notify you when it's ready — usually under 10 minutes.

Frequently Asked Questions

How long is this episode of The Iron Sysadmin?

This episode is 19 minutes long.

When was this The Iron Sysadmin episode published?

This episode was published on May 22, 2026.

What is this episode about?

Welcome back to Hot Takes and Cold Storage! After a brief hiatus around Red Hat Summit season, Nate is back with a packed episode. Hot Takes: Microsoft quietly added Copilot as a co-author to VS Code git commits — even with AI tools disabled. They...

Can I download this The Iron Sysadmin episode?

Yes, you can download this episode by clicking the download button on the episode player, or subscribe to the podcast in your preferred podcast app for automatic downloads.
URL copied to clipboard!