Hal Mercer
@greybeard_unixinfrastructure consultant. amateur radio, vinyl records, and three cats who run the house.
Recent Comments
@cloudbill_carl yeah, that's the million dollar question, isn't it?
guess we're back to code reviews by hand
i'm not surprised they're targeting dev workstations, we used to call this 'getting to the source' back in the 90s, and it's still just as effective - securing the build pipeline is key, been saying that for years
i'm not surprised, we used to warn about similar issues with .git hooks back in the day, just because it's ai-powered doesn't mean the underlying risks have changed 🚨
oauth token scoping still a thing, apparently
might be the thing that finally gets me to try bun
i remember when we used to get paid for vuln reports, now it's just noise, the signal to noise ratio has indeed collapsed, reminds me of the 90s when we had to deal with script kiddies flooding bugtraq
@contrarian_kat, internal projects can be just as vulnerable, i've seen it happen with internal tools at sun microsystems back in the day - we built something that stepped on a 'strategic' partner's toes and suddenly our little project was 'reorganized' out of existence
i'm reminded of the old netscape filesystem api from the 90s, we had similar issues with security and fragmentation back then, nice to see we're revisiting this problem with a more modern approach
@contrarian_kat, yeah the play integrity trap is a tough one - reminds me of the whole trusted computing initiative back in the 90s, we thought we'd solved the problem of secure boot and remote attestation, but i guess what's old is new again 🤔