<description>&lt;p&gt;This episode of &lt;strong&gt;Ship It Weekly&lt;/strong&gt; is about default trust getting punished. Brian covers Oracle’s emergency PeopleSoft advisory for CVE-2026-35273, npm v12 changing install-script defaults, GitHub Agentic Workflows moving away from long-lived personal access tokens, and Anthropic disabling Fable 5 and Mythos 5 after a U.S. export-control directive. The common thread: legacy ERP systems, package installs, CI/CD agents, and AI models all become production risks when teams trust the default without checking what that trust can actually do.&lt;/p&gt;&lt;p&gt;In the lightning round, Brian covers Tekton CloudEvents moving to a dedicated events controller, NVIDIA Triton Inference Server 26.04 changing inference defaults, AWS Nitro Isolation Engine bringing formal verification to Graviton5-based isolation, and Homebrew 6.0 adding explicit trust for third-party taps. The bigger theme: production does not care why you trusted the default. It only cares what that default was allowed to do.&lt;/p&gt;&lt;p&gt;The bigger theme: production does not care why you trusted the default. It only cares what that default was allowed to do.&lt;/p&gt;&lt;p&gt;&lt;strong&gt;Links&lt;/strong&gt;&lt;/p&gt;&lt;p&gt;Oracle PeopleSoft CVE-2026-35273 advisory &lt;a target="_blank" rel="noopener noreferrer nofollow" href="https://www.oracle.com/security-alerts/alert-cve-2026-35273.html"&gt;https://www.oracle.com/security-alerts/alert-cve-2026-35273.html&lt;/a&gt;&lt;/p&gt;&lt;p&gt;npm v12 breaking changes &lt;a target="_blank" rel="noopener noreferrer nofollow" href="https://github.blog/changelog/2026-06-09-upcoming-breaking-changes-for-npm-v12/"&gt;https://github.blog/changelog/2026-06-09-upcoming-breaking-changes-for-npm-v12/&lt;/a&gt;&lt;/p&gt;&lt;p&gt;GitHub Agentic Workflows no longer need PATs &lt;a target="_blank" rel="noopener noreferrer nofollow" href="https://github.blog/changelog/2026-06-11-agentic-workflows-no-longer-need-a-personal-access-token/"&gt;https://github.blog/changelog/2026-06-11-agentic-workflows-no-longer-need-a-personal-access-token/&lt;/a&gt;&lt;/p&gt;&lt;p&gt;Anthropic Fable 5 / Mythos 5 access statement &lt;a target="_blank" rel="noopener noreferrer nofollow" href="https://www.anthropic.com/news/fable-mythos-access"&gt;https://www.anthropic.com/news/fable-mythos-access&lt;/a&gt;&lt;/p&gt;&lt;p&gt;Tekton Pipelines releases &lt;a target="_blank" rel="noopener noreferrer nofollow" href="https://github.com/tektoncd/pipeline/releases"&gt;https://github.com/tektoncd/pipeline/releases&lt;/a&gt;&lt;/p&gt;&lt;p&gt;NVIDIA Triton Inference Server 26.04 release notes &lt;a target="_blank" rel="noopener noreferrer nofollow" href="https://docs.nvidia.com/deeplearning/triton-inference-server/release-notes/rel-26-04.html"&gt;https://docs.nvidia.com/deeplearning/triton-inference-server/release-notes/rel-26-04.html&lt;/a&gt;&lt;/p&gt;&lt;p&gt;AWS Nitro Isolation Engine &lt;a target="_blank" rel="noopener noreferrer nofollow" href="https://aws.amazon.com/blogs/compute/aws-nitro-isolation-engine-formally-verifying-the-hypervisor-in-the-aws-nitro-system/"&gt;https://aws.amazon.com/blogs/compute/aws-nitro-isolation-engine-formally-verifying-the-hypervisor-in-the-aws-nitro-system/&lt;/a&gt;&lt;/p&gt;&lt;p&gt;Homebrew 6.0.0 &lt;a target="_blank" rel="noopener noreferrer nofollow" href="https://brew.sh/2026/06/11/homebrew-6.0.0/"&gt;https://brew.sh/2026/06/11/homebrew-6.0.0/&lt;/a&gt;&lt;/p&gt;&lt;p&gt;This week’s On Call Brief &lt;a target="_blank" rel="noopener noreferrer nofollow" href="https://www.tellerstech.com/on-call-brief-news/2026-W25/"&gt;https://www.tellerstech.com/on-call-brief-news/2026-W25/&lt;/a&gt;&lt;/p&gt;&lt;p&gt;More episodes and show notes &lt;a target="_blank" rel="noopener noreferrer nofollow" href="https://shipitweekly.fm/"&gt;https://shipitweekly.fm/&lt;/a&gt;&lt;/p&gt;</description>

Ship It Weekly - DevOps, SRE, Platform and Cloud Engineering News

Teller's Tech - DevOps, SRE and Cloud Podcast

PeopleSoft Zero-Day Exploited, npm v12 Install Script Changes, GitHub Agentic Tokens, Anthropic Model Risk, and Default Trust Breaking

JUN 19, 202622 MIN
Ship It Weekly - DevOps, SRE, Platform and Cloud Engineering News

PeopleSoft Zero-Day Exploited, npm v12 Install Script Changes, GitHub Agentic Tokens, Anthropic Model Risk, and Default Trust Breaking

JUN 19, 202622 MIN

Description

<p>This episode of <strong>Ship It Weekly</strong> is about default trust getting punished. Brian covers Oracle’s emergency PeopleSoft advisory for CVE-2026-35273, npm v12 changing install-script defaults, GitHub Agentic Workflows moving away from long-lived personal access tokens, and Anthropic disabling Fable 5 and Mythos 5 after a U.S. export-control directive. The common thread: legacy ERP systems, package installs, CI/CD agents, and AI models all become production risks when teams trust the default without checking what that trust can actually do.</p><p>In the lightning round, Brian covers Tekton CloudEvents moving to a dedicated events controller, NVIDIA Triton Inference Server 26.04 changing inference defaults, AWS Nitro Isolation Engine bringing formal verification to Graviton5-based isolation, and Homebrew 6.0 adding explicit trust for third-party taps. The bigger theme: production does not care why you trusted the default. It only cares what that default was allowed to do.</p><p>The bigger theme: production does not care why you trusted the default. It only cares what that default was allowed to do.</p><p><strong>Links</strong></p><p>Oracle PeopleSoft CVE-2026-35273 advisory <a target="_blank" rel="noopener noreferrer nofollow" href="https://www.oracle.com/security-alerts/alert-cve-2026-35273.html">https://www.oracle.com/security-alerts/alert-cve-2026-35273.html</a></p><p>npm v12 breaking changes <a target="_blank" rel="noopener noreferrer nofollow" href="https://github.blog/changelog/2026-06-09-upcoming-breaking-changes-for-npm-v12/">https://github.blog/changelog/2026-06-09-upcoming-breaking-changes-for-npm-v12/</a></p><p>GitHub Agentic Workflows no longer need PATs <a target="_blank" rel="noopener noreferrer nofollow" href="https://github.blog/changelog/2026-06-11-agentic-workflows-no-longer-need-a-personal-access-token/">https://github.blog/changelog/2026-06-11-agentic-workflows-no-longer-need-a-personal-access-token/</a></p><p>Anthropic Fable 5 / Mythos 5 access statement <a target="_blank" rel="noopener noreferrer nofollow" href="https://www.anthropic.com/news/fable-mythos-access">https://www.anthropic.com/news/fable-mythos-access</a></p><p>Tekton Pipelines releases <a target="_blank" rel="noopener noreferrer nofollow" href="https://github.com/tektoncd/pipeline/releases">https://github.com/tektoncd/pipeline/releases</a></p><p>NVIDIA Triton Inference Server 26.04 release notes <a target="_blank" rel="noopener noreferrer nofollow" href="https://docs.nvidia.com/deeplearning/triton-inference-server/release-notes/rel-26-04.html">https://docs.nvidia.com/deeplearning/triton-inference-server/release-notes/rel-26-04.html</a></p><p>AWS Nitro Isolation Engine <a target="_blank" rel="noopener noreferrer nofollow" href="https://aws.amazon.com/blogs/compute/aws-nitro-isolation-engine-formally-verifying-the-hypervisor-in-the-aws-nitro-system/">https://aws.amazon.com/blogs/compute/aws-nitro-isolation-engine-formally-verifying-the-hypervisor-in-the-aws-nitro-system/</a></p><p>Homebrew 6.0.0 <a target="_blank" rel="noopener noreferrer nofollow" href="https://brew.sh/2026/06/11/homebrew-6.0.0/">https://brew.sh/2026/06/11/homebrew-6.0.0/</a></p><p>This week’s On Call Brief <a target="_blank" rel="noopener noreferrer nofollow" href="https://www.tellerstech.com/on-call-brief-news/2026-W25/">https://www.tellerstech.com/on-call-brief-news/2026-W25/</a></p><p>More episodes and show notes <a target="_blank" rel="noopener noreferrer nofollow" href="https://shipitweekly.fm/">https://shipitweekly.fm/</a></p>