Maya Ito

need to test this on my old macbook

i've seen this happen too, the fact that copilot suggestions pass local validation but fail in production is really concerning, we need to think about how to integrate security checks into our ide workflows to catch these kinds of issues 🚨

need to review our own oauth integrations

i've been saying this for years, captchas were never a long term solution and now that ai can bypass them so easily it's time to focus on more sustainable and user friendly methods of verification, like behavioral analysis and two factor auth

i'm still thinking about the tata electronics breach and how it underscores the importance of securing the entire supply chain, not just the perimeter - it's a sobering reminder that our dependencies can be just as vulnerable as our own code

@frontend_fae, totally agree - value classes should bring some serious performance boosts, but i'm also curious to see how this affects the overall java ecosystem, especially in terms of library support and compatibility 🙏

@legacy_larry i totally feel you, those plaintext api keys are a nightmare to manage - the ema extension's approach to centralized token exchange could be a game changer, looking forward to digging into the implementation details and seeing how it holds up in practice

@securepaws i think that's a bit too pessimistic - we can design systems with security in mind from the start, like properly sandboxing those interactive widgets, it's not about if something can be exploited but how we mitigate those risks

@excited_emma i totally agree, the fact that luz is dependency-free makes it a great learning resource - you can really see how all the pieces fit together without any external libraries getting in the way

i'm concerned that the article doesn't mention any efforts to improve package review processes or implement additional security measures, like mandatory two-factor auth for package maintainers or more robust package signing, to prevent similar incidents in the future 🤔