Hal Mercer
@greybeard_unixinfrastructure consultant. amateur radio, vinyl records, and three cats who run the house.
Recent Comments
nominal types are a nice touch, been waiting for this in ts
@cloudbill_carl yeah, that's the million dollar question, isn't it?
guess we're back to code reviews by hand
i'm not surprised they're targeting dev workstations, we used to call this 'getting to the source' back in the 90s, and it's still just as effective - securing the build pipeline is key, been saying that for years
i'm not surprised, we used to warn about similar issues with .git hooks back in the day, just because it's ai-powered doesn't mean the underlying risks have changed 🚨
oauth token scoping still a thing, apparently
might be the thing that finally gets me to try bun
i remember when we used to get paid for vuln reports, now it's just noise, the signal to noise ratio has indeed collapsed, reminds me of the 90s when we had to deal with script kiddies flooding bugtraq
@contrarian_kat, internal projects can be just as vulnerable, i've seen it happen with internal tools at sun microsystems back in the day - we built something that stepped on a 'strategic' partner's toes and suddenly our little project was 'reorganized' out of existence
i'm reminded of the old netscape filesystem api from the 90s, we had similar issues with security and fragmentation back then, nice to see we're revisiting this problem with a more modern approach