I added a sentence to the #curl hackerone submission page:
"Please present your case briefly and to the point. Do not use an AI to help you blab hundreds of line that will exhaust us to death instead of making us understand your claim."
22.12.2025 22:31 — 👍 11 🔁 2 💬 0 📌 0
Why? Because
4.1.13 The state of a Product being EOL, by itself, MUST NOT be determined to be a Vulnerability.
www.cve.org/resourcessup....
04.12.2025 23:37 — 👍 0 🔁 0 💬 1 📌 0
Node.js — Tuesday, January 21, 2025 Security Releases
Node.js® is a free, open-source, cross-platform JavaScript runtime environment that lets developers create servers, web apps, command line tools and scripts.
Vendored deps are not unusual at all...
But, unfortunately, misuse of the CVE program is all too common in the NodeJS community.
Let's take CVE-2025-23087, CVE-2025-23088, and CVE-2025-23089 for example. All of these CVEs are REJECTED. nodejs.org/en/blog/vuln...
04.12.2025 23:37 — 👍 0 🔁 0 💬 1 📌 0
React2Shell (CVE-2025-55182)
> The decision to publish a second CVE for Next.js was made due to these exceptional circumstsances: Next.js does not include React as a traditional dependency - instead, they bundle it "vendored"
react2shell.com
04.12.2025 23:24 — 👍 0 🔁 0 💬 1 📌 0
There are definitely PoCs circulating…
04.12.2025 07:59 — 👍 0 🔁 0 💬 0 📌 0
Unpopular opinion: a vulnerability that was disclosed privately by researchers and had a coordinated response from vendors and service operators under an (albeit short) embargo is not a “0-day”.
04.12.2025 04:55 — 👍 7 🔁 0 💬 0 📌 0
4.1.12 The act of updating Product dependencies MUST NOT be determined to be a Vulnerability, regardless of whether the dependencies have Vulnerabilities.
www.cve.org/resourcessup...
03.12.2025 19:09 — 👍 0 🔁 0 💬 1 📌 0
A public service announcement regarding CVEs: one identified vulnerability gets one CVE.
Each vendor doesn't get their own CVE that corresponds to their security bulletin.
CVE-2025-66478 is REJECTED as duplicate of CVE-2025-55182
www.cve.org/CVERecord?id...
03.12.2025 19:08 — 👍 3 🔁 0 💬 2 📌 0
YouTube video by RedMonk
Not overselling #aideveloper and #devtools as magical at #aws with Ali Maaz & Jessie VanderVeen
To celebrate #awsreinvent, @redmonk.com has been publishing New Builders conversations w @awscloud.bsky.social leaders every day this week & TODAY IS MY DAY 🎉🎉🎉!! Hear AWS's Ali Maaz & Jessie VanderVeen chat all things #AI & #DevTools w me redmonk.com/videos/insid... www.youtube.com/shorts/Ot0gy...
03.12.2025 14:53 — 👍 10 🔁 1 💬 0 📌 0
Unpopular opinion: through an economics lens, the optimal number of CVEs in most software systems is almost never 0.
12.11.2025 23:38 — 👍 5 🔁 0 💬 1 📌 0
Culture eats AI adoption strategy for breakfast, lunch, and dinner.
12.11.2025 07:11 — 👍 3 🔁 0 💬 0 📌 0
"Our only modification part is that, if the Software (or any derivative works thereof) is used for any of your commercial products or services that have more than 100 million monthly active users, or more than $20M in monthly revenue, you shall prominently display 'Kimi K2' on the user interface"
06.11.2025 22:15 — 👍 2 🔁 1 💬 1 📌 0
I mean, honesty is a human trait. The humans who built that particular AI system biased the set of mysterious numbers (through reinforcement, filtering, etc.) so it assembles tokens in a way that conveys information about the properties and limitations of the system they built.
That's all.
06.11.2025 00:04 — 👍 1 🔁 0 💬 0 📌 0
The sun rises at the horizon, reflecting of the water of Eagle Harbor. The car deck of the Washington State ferry Tacoma is in the foreground.
#FerryLife #WAWX #Seattle #Sunrise
31.10.2025 15:07 — 👍 12 🔁 2 💬 0 📌 0
Strengthening Liquibase Community for the Future
Liquibase Community now uses the Functional Source License (FSL). Learn what this means for developers, contributors, and enterprises, and how it protects sustainability.
"As adoption has grown, so has our responsibility to ensure the project remains sustainable and continues to thrive. That’s why, with the release of Liquibase 5.0, we are updating the license for Liquibase Community."
www.liquibase.com/blog/liquiba...
04.10.2025 04:05 — 👍 1 🔁 0 💬 2 📌 0
“Organizational culture is the pattern of basic assumptions that a given group has invented, discovered, or developed in learning to cope with its problems […], and that has worked well enough to be considered valid, and, therefore, to be taught to new members.”
The stories we tell are how we teach.
02.10.2025 15:40 — 👍 0 🔁 0 💬 1 📌 0
"apparently web traffic is down because Google is giving you an answer already in the results, and you no longer have the need to visit a website"
I mean, this has been a complaint for a while, even before AI entered the timeline? Who needs to go to a music lyrics website when it's in the Info Box?
14.09.2025 21:03 — 👍 0 🔁 0 💬 0 📌 0
"Piracy lost, but it was always going to lose. Streaming won."
But did the reader / listener / viewer win?
And did the content creators win?
🤔
14.09.2025 20:45 — 👍 3 🔁 0 💬 1 📌 0
PSA: attacks on public infrastructure like software package registries are on the rise. Here’s an active one targeting folks who have crates.io accounts.
12.09.2025 14:17 — 👍 4 🔁 3 💬 1 📌 0
I am happily paying Nabu Casa for Home Assistant Cloud.
29.08.2025 03:41 — 👍 2 🔁 0 💬 0 📌 0
And in the words of @booch.com “Every line of code represents a moral decision"
29.08.2025 01:45 — 👍 3 🔁 1 💬 0 📌 0
It’s really hard for OSS projects too. Imagine a leaked GH access token from a project maintainer who is not responding, and who is not an employee because OSS isn’t a company. How do you the project get that token revoked? You can’t. You have to de-list the maintainer from your GH org.
27.07.2025 17:11 — 👍 2 🔁 1 💬 0 📌 0
Tricky thing is when people have built their own automation (predating Actions), using CI/CD tools and services, making for something other than a “pure GitHub” implementation. 😬
26.07.2025 20:10 — 👍 0 🔁 0 💬 1 📌 0
That said: prevention > detection, as always
26.07.2025 17:48 — 👍 8 🔁 0 💬 0 📌 0
Also, speaking for myself, hurray for watchful, diligent security folks detecting things before vandals could fix their syntax error.
26.07.2025 17:47 — 👍 13 🔁 0 💬 2 📌 1
Computer scientist with a background in mathematics and logic. Academic researching formal verification technologies and applications. Also in the cesspit
I'm a member of the imperial senate on a diplomatic mision to Alderaan.
Computer networking professor. 🇺🇲❤️🇵🇹, she/her, Dr. Sherry, Mamã, working at AS8!
www.justinesherry.com
Associate Prof. of Databases @ Carnegie Mellon.
MD, trail runner, jbeda-adjacent. wisepatientim.com 🐕⛰️🩺🏳️🌈
#ProtectTransKids
CTI @wizsecurity.bsky.social
Previously NSC44, Mandiant, Google
Go Mammoths
Gentleman of leisure. Legendary wedding guest. I wrote two of the best books you haven't read. Friend of hackers. https://decipher.sc
National security, cyber, science & innovation, whisky, and other musings.
Adviser, lawyer, and sometimes cybersecurity circus ringmaster - my monkeys fly.
Cats, Games, Compilers, Software Performance,
Open Source.
Avid side-quest enthusiast.
Vell, I'm just zis guy, you know?
[bridged from https://mstdn.social/@jschauma on the fediverse by https://fed.brid.gy/ ]
Work on hybrid ☁️ at Red Hat
Found on a 🚴🏻 or geeking out on Star Wars
Startup builder.
Startup investor.
AWS enthusiast.
AWS Hero.
Disclosure: Long $AMZN
{he/him}
New Englander in Netherlands 🇳🇱!
I sincerely want you to get ahead. Love to cook. Dad. Exhausted.
Open Source / ADHD / TTRPG / TinnedFish / Gweep / Neurospicy / E_TOOMANYHOBBIES
I lead an incredible team building voting machines everyone can trust. https://voting.works
Optimistic about judicious uses of tech. Systems, security, privacy, cryptography, and the web are my jam.
Previously: Clever, Square, Mozilla, Harvard, MIT.
Sr. Front-end Engineer, Accessibility. Aggressive keyboard navigation tester. Fighter of bright ideas. Hater of delight. MMO gamer. Brooklyn. she/her. Opinions are my own.
Masto: https://hachyderm.io/@hbuchel
Web: https://heather-buchel.com
👩🏾💻🌮🍩💻 🌙🪬🧿Lover of nerd jokes, tacos & ☕️Coffee • Mom • 📚 Reader• Advocates • OpenSource• DevOps• Java• Linux• Security • 🎙Speaker • NoSQL Databases• MilSpouseCoders Thoughts are my own she/her
https://www.fafo.fm
https://sessionize.com/autumn-nash
Encinitas CA. Dogs, sports, gaming, home improvement, food. Engineering Leadership @ Netflix Security. he/him
I work on @securedrop.org
Former fed at 18F "deleted" by DOGE
🔗 https://skiles.blue/
Dogecoin Professor of Law & Grifting. Securities artist & conceptual lawyer. Legal scholarship's #1 plagiarism apologist. Maybell Romero’s +1. https://linktr.ee/brianlfrye
2nd Sight Lab. Cloud, SAAS, and App Pentesting. Security Research. AWS Security Hero . Author on Amazon. Former IANS, SANS faculty. GSE. Masters Software & Infosec.
