🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

cc ESLint Prettier Prettier ❤️ ESLint Attention!!! I was tricked by a phishing email and a new npm token was added and leaked then some popular packages I'm maintaining were released with malicious software, I've deleted the leaked token and marked all affected bad

All those SDLC trainings and evangelism? Pretty much outdated now. AI’s churning out code faster than we can review, and your outdated SAST/SCAs don’t keep pace with the scale of these problems.

Why can't .claude.json be inside .claude/ Please, app devs, don't just shit all over my home directory. It's bad enough you all create a ~/.myapp folder. (You should really use XGD conventions, i.e. ~/.config/your-filthy-app, ~/.cache/your-filthy-app)

I think that people would hate less the manifest v3 changes (implicitly the removal of ublock, etc) if chrome would have been proactive in blocking all ads that are intrusive, obnoxious, malware, make the web unusable without an ad blocker. Instead, we live in a world where..

Big news in Ramsey theory: arxiv.org/abs/2507.12926

Happy anniversary of the crowdstrike event

It got too expensive to keep saving Matt Damon so they got Ryan Gosling to pay in Hail Mary instead

Hardening is not sexy. Some nerds really love it. I specifically picked my path to always be in contact with the opposition. In normal security roles, if you're constantly in incident response, that says something about the state of your security program. However, threat

If you’re an AI Engineer and don’t understand these yet, you’re just fine-tuning in the dark: • Event-driven systems • Feature stores • Vector DBs • Model pipelines AI isn’t just models. It’s systems. Learn to build them.

YouTube ads are now so aggressive they feel less like a revenue stream and more like a loyalty test. Like how bad do you really want to watch this video?

What is happening re: Salt Typhoon? It's a gawdamn national embarrassment. US Government: Hey phones are pwned. It's China. citizens: you're fixing it right? Telcos: pweeze dis is so hawd. 🥺👉👈 This is NOT how a serious nation responds to such an incursion.

Don't built agents, build assistents. As a second step: try to turn the assistant into a deterministic program. Building the assistant first usually lets you explore the problem space fully, so you understand how the task can be solved deterministically.

Jonathan Hopkins Mick Douglas 🇺🇦🌻 > since then we have heard nothing from the government Not true: we have heard that some Msft cloud sysadmin was offshored to Chiner. 😂

Just published! How we reconstructed the individual-level records from the 2010 Census tables for tens of millions of people and reidentified millions using only commercially available data. hdsr.mitpress.mit.edu/pub/ntchx9im

Whoa - Datadog's largest-ever outage in 2023 was caused by the same thing as Heroku's largest-ever one this June. Same OS version (Ubuntu 22.04), same process (sytemd) If Heroku had done the same changes Datadog publicly shared in 2023, Heroku's outage would not have happened.

Google OSS Rebuild, a new project designed to detect supply chain attacks in open source software by independently reproducing and verifying package builds across major repositories tech.slashdot.org/story/25/07/22…

How it started: "AI vibe coding tools will replace devs!" How it's going: "Do this: - Provide it w a detailed spec - Break down tasks to small ones - Separate dev and prod envs - Do NOT give access to the agent to prod - Never trust the agent; verify every step it takes - ...

I wrote up some notes on Google Security's new OSS Rebuild project, which increases supply chain security for popular packages on PyPI, NPM and Crates through offering independent build attestations simonwillison.net/2025/Jul/23/os…