logo
episode-header-image
Mar 2025
1h 5m

Securing ecommerce: "It's complicated" (...

CHANGELOG MEDIA
About this episode

Ilya Grigorik and his team at Shopify has been hard at work securing ecommerce checkouts from sophisticated news attacks (such as digital skimming) and he’s here to share all the technical intricacies and far-reaching implications of this work.

Join the discussion

Changelog++ members save 7 minutes on this episode because they made the ads disappear. Join today!

Sponsors:

  • RetoolThe low-code platform for developers to build internal tools — Some of the best teams out there trust Retool…Brex, Coinbase, Plaid, Doordash, LegalGenius, Amazon, Allbirds, Peloton, and so many more – the developers at these teams trust Retool as the platform to build their internal tools. Try it free at retool.com/changelog
  • Augment Code – Developer AI that uses deep understanding of your large codebase and how you build software to deliver personalized code suggestions and insights. Augment provides relevant, contextualized code right in your IDE or Slack. It transforms scattered knowledge into code or answers, eliminating time spent searching docs or interrupting teammates.

Featuring:

Show Notes:

Something missing or broken? PRs welcome!

Up next
Yesterday
Vite documentary companion pod (Changelog Interviews #661)
Our friends at Cult.Repo launch their epic Vite documentary on October 9th, 2025! To celebrate, Jerod sat down with Evan You to discuss Vite's adoption story, why he raised money to start VoidZero, how developer documentaries get made, open source sustainability, and more. 
1h 12m
Oct 6
The best coders should exit the feed (Changelog News #164)
Abner Coimbre makes a compelling case why our biggest technical talent should abandon for-profit social platforms, Noah Brier creates a Claude Code and Obsidian starter kit, Bharath Natarajan documents the Vercel vs Cloudflare fight, Toolbrew is a well-designed website brimming w ... Show More
7m 42s
Oct 3
npm under siege (what to do about it) (Changelog & Friends #111)
Over the past two months, we’ve seen some of the most serious supply chain attacks in npm history: phishing campaigns, maintainer account takeovers, and malware published to packages with billions of weekly downloads. What is going on?! What can we do about it? Our old friend, Fe ... Show More
1h 35m
Recommended Episodes
Feb 2025
Build software that lasts! (Interview)
After 30+ years in the software industry, Bert Hubert has experienced a lot. He founded PowerDNS, published articles for places like IETF / IEEE, and built his own parliament monitoring system. That just scratches the surface. Recently, Bert wrote about what it takes to build sof ... Show More
1h 27m
May 2025
This AI Tool Can Build Any SaaS App in Minutes
Episode 60: Can you really build an $8 billion SaaS startup by yourself using AI agents? Nathan Lands (https://x.com/NathanLands) sits down with Matan Grinberg (https://x.com/matansf), a physicist, AI founder, and creator of Factory AI—one of Silicon Valley’s best-kept secrets. M ... Show More
40m 47s
Jan 2022
What's in your package.json?
Tobie Langel, Open source strategist and Principal at UnlockOpen, joins Chris, Feross, and Amal to discuss recent widespread incidents affecting the JavaScript community (and breaking CI builds) around the globe. Two widely used npm libraries were self-sabotaged by their single m ... Show More
1h 9m
Nov 2024
Behind the product: Replit | Amjad Masad (co-founder and CEO)
Amjad Masad is the co-founder and CEO of Replit, a browser-based coding environment that allows anyone to write and deploy code. Replit has 34 million users globally and is one of the fastest-growing developer communities in the world. Prior to Replit, Amjad worked at Facebook, w ... Show More
1h 4m
Nov 2024
Clones, commerce & campaigns
Chris and Daniel dive into what Trump’s impending second term could mean for AI companies, model developers, and regulators, unpacking the potential shifts in policy and innovation. Next, they discuss the latest models, like Qwen, that blur the performance gap between open and cl ... Show More
53m 11s
Aug 2024
Battling ticket bots and untangling taxes at the frontiers of e-commerce
You can find Ilya on LinkedIn here.You can listen to Ilya talk about Commerce Components here, a system he describes as a "modern way to approach your commerce architecture without reducing it to a (false) binary choice between microservices and monoliths."As Ilya notes, “there a ... Show More
30m 52s
Aug 12
Confident, strategic AI leadership
Allegra Guinan of Lumiera helps leaders turn uncertainty about AI into confident, strategic leadership. In this conversation, she brings some actionable insights for navigating the hype and complexity of AI. The discussion covers challenges with implementing responsible AI practi ... Show More
47m 40s
Mar 2016
Episode 214: 214: Atrophic Cohost
Sean, Kyle, and a chorus of small frogs discuss the Game Developers Conference, eating alone, atrophic organs, Slack vs Basecamp, the cost of abstractions, and tips for adding new team members. Braintree: An easy way to accept multiple payment types with one integration. Quick, k ... Show More
1h 23m
Nov 2024
How to Do Product Discovery Right with Pawel Huryn, 175K+ on LinkedIn, Senior PM and Author
This episode is a masterclass in modern product management—featuring cutting-edge frameworks, actionable strategies, AI integration, competitive edge tactics, and aligning product goals with overarching business objectives.In today's episode, we cover:Junior PM Roles Are Done – 0 ... Show More
1h 32m
Sep 2024
Building a Collaborative DevOps Platform with Adam Jacob
DevOps is a powerful model for managing the building and operational aspects of modern applications. Most developers are now familiar with DevOps, and the adoption of DevOps practices is widespread and growing. Adam Jacob was the original author of Chef, a popular early DevOps to ... Show More
53m 14s
Listen to millions of songs and podcasts on Anghami