Companies like Klarna and Afterpay are just high tech payday loan companies. The fact that they are offering deferred payments for food delivery services like DoorDash is disgusting.
This might be the best thing on the internet right now. Step away from the political doom scrolling and enjoy this awesome video.
youtu.be/BI_ovUgXC5U?...
I have the tools and knowledge to build a backyard shed but that doesn’t make me a builder.
Likewise, the ability to write some useful code doesn’t make someone, or something, a software engineer.
There’s a lot more to building secure, resilient, maintainable software than writing code.
“Software engineering is not writing code.”
Generative AI tools are making coding accessible to everyone but that doesn’t mean software engineers are going to be out of a job anytime soon.
serce.me/posts/2025-3...
Are you securing data and workloads on AWS and wondering when to use Service Control Policies (SCP) vs Resource Control Policies?
www.fogsecurity.io/blog/underst...
Regardless of your politics, everyone should be concerned about the complete lack of operational security in this case.
Lots of attention on the GitHub action supply chain attack this weekend. Is this the source of the tj-actions/changed-files compromise?
If you’re a GitHub user, time to check if you’re using reviewdog/action-setup.
#supplychainsecurity #github
www.wiz.io/blog/new-git...
You can’t have your cake and eat it too.
ISPs don’t want to be regulated as common carriers but want the protections from state regulators that the designation would provide.
arstechnica.com/tech-policy/...
Good for Apple not caving. However, not so good for the British people.
www.bleepingcomputer.com/news/securit...
Being brilliant at the basics should be the foundation of EVERY security strategy in every organization. If you aren’t doing things like asset management, patching, and IAM well how do you expect to protect against 0-day exploits?
Don’t make it an either or proposition. We should do both. Some kids will excel in college but others need a different path. We’ve focused a lot in the US on the college route and we’ve lost most effective paths to skilled trade careers.
Is OSS is dying?
Elasticsearch, Redis, Terraform, and now Semgrep are just a few of the projects that have moved to a more restrictive licensing model in recent years.
What does this trend mean for the future of OSS?
Never trust AI to protect your money!
This was a neat challenge. Congrats to the winner!
www.msn.com/en-us/money/...
There’s a lot of new OSS data science tools tools being released targeting genAI users. Beware, some tools are not what they seem.
#ai #supplychainsecurity #pypi #python
www.cysecurity.news/2024/11/mali...
It’s not often I find myself wishing for government regulation but I sure would like a single standard in the USA. Managing compliance with differing state laws is difficult to say the least.
I’ve got 6 or so domains I just continue to pay for each year. I refuse to kill the dream that caused me to purchase in the first place!
If you’ve tried GitHub Copilot in the past and weren’t impressed, you should check it out again. The addition of new models like Claude Sonnet and OpenAI o1 models are a huge upgrade!
#GitHub #Copilot #SoftwareEngineering #GenAI
Like many things, it was better 30 years ago. You’re not missing anything.
Apple has patched vulnerabilities in JavaScriptCore and WebKit. Get those iOS and MacOS devices.
www.malwarebytes.com/blog/news/20...
Two CWE’s are new to the list and also tied for largest jump at 13 spots: CWE-200, Exposure of Sensitive Information to an Unauthorized Actor and CWE-400, Uncontrolled Resource Consumption.
MITRE has released the 2025 edition of the CWE Top 25 Most Dangerous Software Weaknesses List.
2024 has seen XSS overtake Out-of-Bounds Write vulnerabilities for top spot on the list.
cwe.mitre.org/top25/archiv...
If you’re using one of these D-Link routers, it’s time to upgrade. Don’t forget those routers you might have setup for friends and family too!
EOL in May 2024:
DSR-150
DSR-150N
DSR-250
DSR-250N
DSR-500N EOL 9/2015
DSR-1000N EOL 10/2015
www.theregister.com/2024/11/20/d...
In a surprising bit of news, a vulnerability has been discovered in a Wordpress plug-in for *checks notes* security.
Wordpress security plug-in. The very definition of an oxymoron.
www.bleepingcomputer.com/news/securit...
How so you suppose they figured Chrome could fetch $20 billion? Without the advertising money, how do you monetize the browser?
How can this be stopped? Sure, the FTC might stop some sales of this data but only be the more “legit” data brokers. The ones that are unknown or simply nation state threat actors still have the capability to collect this data.
How do you realistically solve this? I’ve thought about getting rid of my smart phone to reduce my own footprint but the logistics of that are difficult. Should we ban folks in sensitive roles from having devices and bringing them into installations?
If you’re like me and just getting started on Bluesky, these starter packs are a great way to get started filling your feed with relevant content.
Hello, Bluesky!
