Github Actions - Supply Chain Attacks

Side Project: RP2350 Powered MP3 Player

In this episode, we talk about my MP3 Player Project [https://www.richinfante.com/2026/02/02/rp2350-vs1053-mp3-player-multicore], and some of the design decisions and challenges I’m solving. I talk about the challenges of playing audio from an SD card while allowing a user to browse it’s contents, indexing album artwork, as well as considerations for case design and the components I’m considering to use for the screen.

Problem Solving, Debugging, and the Impact of AI

The mentioned blog post on my later (better-educated!) attempt at reviving the computer: www.richinfante.com/2019/01/19/repairing-old-pc [https://richinfante.com/2019/01/19/repairing-old-pc]

That's Meshtastic!

In this episode, I talk about Meshtastic, an open source decentralized encrypted peer-to-peer mesh network for off grid communications. You can leverage Meshtastic to communicate long distances, using economical off the shelf hardware. Relevant Meshtastic Documentation: * Getting Started [https://meshtastic.org/docs/getting-started/] * Meshtastic Hardware [https://meshtastic.org/docs/hardware/devices/] * Telemetry [https://meshtastic.org/docs/configuration/module/telemetry/] * Flash your Meshtastic Device [https://flasher.meshtastic.org/] * Meshtastic Web Client [https://client.meshtastic.org/] * Mesh Broadcast Algorithm [https://meshtastic.org/docs/overview/mesh-algo/] * Encryption [https://meshtastic.org/docs/overview/encryption/] Other Links: * MQTT Node Map [https://meshtastic.liamcottle.net/?lat=32.80574473290688&lng=272.63671875000006&zoom=4] * My Meshtastic Case 3D Print [https://richinfante.com/2024/10/30/case-for-rak-wireless-rak19007-meshtastic] * Discord Invite [https://discord.com/invite/meshtastic-867578229534359593] * Reddit: /r/meshtastic/ [https://www.reddit.com/r/meshtastic/]

New PebbleOS Smartwatches, and iOS API Restrictions

Core Devices is releasing some new smartwatches, a successor to the Pebble Watch. I also discuss some of the constraints Apple puts on third party smartwatch developers. Some links from this episode: * Core Devices Pre-order Page [https://store.repebble.com/] * FAQ [https://ericmigi.com/blog/gratitude-and-faq] * Blogpost on Apple restrictions [https://ericmigi.com/blog/apple-restricts-pebble-from-being-awesome-with-iphones]

Github Actions - Supply Chain Attacks

In this episode, we discuss the recent tj-actions/changed-files github action compromise. I propose some ways we can apply existing solutions to this problem, in a way that doesn’t add too much extra friction, but can greatly lessen the number of users impacted by a compromise like this. I also mention some information from Step Security’s blog post on the topic, which I’d recommend reading: https://www.stepsecurity.io/blog/harden-runner-detection-tj-actions-changed-files-action-is-compromised [https://www.stepsecurity.io/blog/harden-runner-detection-tj-actions-changed-files-action-is-compromised] See also: This episode in blog form [https://richinfante.com/2025/03/26/github-actions-supply-chain-compromises] Edit: I have published a revised version of this episode clarifying the current state of dependabot for managing action updates.