<p>This episode of <strong>Ship It Weekly</strong> is about the interface layer becoming the story. Brian covers Amazon S3 Files and why it feels more like a managed filesystem layer in front of S3 than “S3 is EFS now,” including how it relates to the old s3fs and FUSE-style approach. He also digs into 36 malicious npm packages posing as Strapi plugins, the uglier follow-on to the Trivy incident he discussed previously, Kubernetes Ingress2Gateway 1.0 and the push toward Gateway API, and Kubernetes Agent Sandbox as a sign that newer AI-style workloads are starting to reshape the platform itself.</p><p><strong>Links</strong></p><p>Amazon S3 Files</p><p><a target="_blank" rel="noopener noreferrer nofollow" href="https://aws.amazon.com/blogs/aws/launching-s3-files-making-s3-buckets-accessible-as-file-systems/">https://aws.amazon.com/blogs/aws/launching-s3-files-making-s3-buckets-accessible-as-file-systems/</a></p><p>Malicious npm packages posing as Strapi plugins</p><p><a target="_blank" rel="noopener noreferrer nofollow" href="https://thehackernews.com/2026/04/36-malicious-npm-packages-exploited.html">https://thehackernews.com/2026/04/36-malicious-npm-packages-exploited.html</a></p><p>Trivy follow-on incident discussion</p><p><a target="_blank" rel="noopener noreferrer nofollow" href="https://github.com/aquasecurity/trivy/discussions/10425">https://github.com/aquasecurity/trivy/discussions/10425</a></p><p>RoseSecurity on Trivy / typosquatting angle</p><p><a target="_blank" rel="noopener noreferrer nofollow" href="https://rosesecurity.dev/2026/03/20/typosquatting-trivy.html">https://rosesecurity.dev/2026/03/20/typosquatting-trivy.html</a></p><p>Earlier episode covering the first Trivy incident</p><p><a target="_blank" rel="noopener noreferrer nofollow" href="https://www.tellerstech.com/ship-it-weekly/aws-bahrain-uae-data-center-issues-amid-iran-strikes-argocd-vs-flux-gitops-failures-github-actions-hackerbot-claw-attacks-trivy-roguepilot-codespaces-prompt-injection-block-ai-remake/">https://www.tellerstech.com/ship-it-weekly/aws-bahrain-uae-data-center-issues-amid-iran-strikes-argocd-vs-flux-gitops-failures-github-actions-hackerbot-claw-attacks-trivy-roguepilot-codespaces-prompt-injection-block-ai-remake/</a></p><p>Kubernetes Ingress2Gateway 1.0</p><p><a target="_blank" rel="noopener noreferrer nofollow" href="https://kubernetes.io/blog/2026/03/20/ingress2gateway-1-0-release/">https://kubernetes.io/blog/2026/03/20/ingress2gateway-1-0-release/</a></p><p>Kubernetes Agent Sandbox</p><p><a target="_blank" rel="noopener noreferrer nofollow" href="https://kubernetes.io/blog/2026/03/20/running-agents-on-kubernetes-with-agent-sandbox/">https://kubernetes.io/blog/2026/03/20/running-agents-on-kubernetes-with-agent-sandbox/</a></p><p>Fortinet FortiClient EMS emergency patch</p><p><a target="_blank" rel="noopener noreferrer nofollow" href="https://www.fortiguard.com/psirt/FG-IR-26-099">https://www.fortiguard.com/psirt/FG-IR-26-099</a></p><p>Karpathy post</p><p><a target="_blank" rel="noopener noreferrer nofollow" href="https://x.com/karpathy/status/2036487306585268612">https://x.com/karpathy/status/2036487306585268612</a></p><p>ProofShot</p><p><a target="_blank" rel="noopener noreferrer nofollow" href="https://github.com/AmElmo/proofshot">https://github.com/AmElmo/proofshot</a></p><p>More episodes and show notes</p><p><a target="_blank" rel="noopener noreferrer nofollow" href="https://shipitweekly.fm">https://shipitweekly.fm</a></p><p>On Call Briefs</p><p><a target="_blank" rel="noopener noreferrer nofollow" href="https://oncallbrief.com">https://oncallbrief.com</a></p>