Troy

Companies like Klarna and Afterpay are just high tech payday loan companies. The fact that they are offering deferred payments for food delivery services like DoorDash is disgusting.

YouTube video by Prince William Public Libraries Gen Z writes our marketing script

This might be the best thing on the internet right now. Step away from the political doom scrolling and enjoy this awesome video.

youtu.be/BI_ovUgXC5U?...

I have the tools and knowledge to build a backyard shed but that doesn’t make me a builder.

Likewise, the ability to write some useful code doesn’t make someone, or something, a software engineer.

There’s a lot more to building secure, resilient, maintainable software than writing code.

There is no Vibe Engineering This article explores the relationship between vibe coding and software engineering.

“Software engineering is not writing code.”

Generative AI tools are making coding accessible to everyone but that doesn’t mean software engineers are going to be out of a job anytime soon.

serce.me/posts/2025-3...

Are you securing data and workloads on AWS and wondering when to use Service Control Policies (SCP) vs Resource Control Policies?

www.fogsecurity.io/blog/underst...

Regardless of your politics, everyone should be concerned about the complete lack of operational security in this case.

GitHub Action supply chain attack: reviewdog/action-setup | Wiz Blog A supply chain attack on tj-actions/changed-files leaked secrets. Wiz Research found another attack on reviewdog/actions-setup, possibly causing the compromise.

Lots of attention on the GitHub action supply chain attack this weekend. Is this the source of the tj-actions/changed-files compromise?

If you’re a GitHub user, time to check if you’re using reviewdog/action-setup.

#supplychainsecurity #github

www.wiz.io/blog/new-git...

ISPs fear wave of state laws after New York’s $15 broadband mandate When the FCC isn’t regulating, states have more power to impose broadband laws.

You can’t have your cake and eat it too.

ISPs don’t want to be regulated as common carriers but want the protections from state regulators that the designation would provide.

arstechnica.com/tech-policy/...

Apple pulls iCloud end-to-end encryption feature in the UK Apple will no longer offer iCloud end-to-end encryption in the United Kingdom after the government requested a backdoor to access Apple customers' encrypted cloud data.

Good for Apple not caving. However, not so good for the British people.

www.bleepingcomputer.com/news/securit...

Being brilliant at the basics should be the foundation of EVERY security strategy in every organization. If you aren’t doing things like asset management, patching, and IAM well how do you expect to protect against 0-day exploits?

Don’t make it an either or proposition. We should do both. Some kids will excel in college but others need a different path. We’ve focused a lot in the US on the college route and we’ve lost most effective paths to skilled trade careers.

Is OSS is dying?

Elasticsearch, Redis, Terraform, and now Semgrep are just a few of the projects that have moved to a more restrictive licensing model in recent years.

What does this trend mean for the future of OSS?

Never trust AI to protect your money!

This was a neat challenge. Congrats to the winner!

www.msn.com/en-us/money/...

CySecurity News - Latest Information Security and Hacking Incidents: Malicious Python Packages Target Developers Using AI Tools This incident points to risks in downloading unverified packages of open source, more so when handling emerging technologies such as AI.

There’s a lot of new OSS data science tools tools being released targeting genAI users. Beware, some tools are not what they seem.

#ai #supplychainsecurity #pypi #python

www.cysecurity.news/2024/11/mali...

It’s not often I find myself wishing for government regulation but I sure would like a single standard in the USA. Managing compliance with differing state laws is difficult to say the least.

I’ve got 6 or so domains I just continue to pay for each year. I refuse to kill the dream that caused me to purchase in the first place!

If you’ve tried GitHub Copilot in the past and weren’t impressed, you should check it out again. The addition of new models like Claude Sonnet and OpenAI o1 models are a huge upgrade!

#GitHub #Copilot #SoftwareEngineering #GenAI

Like many things, it was better 30 years ago. You’re not missing anything.

Update now! Apple confirms vulnerabilities are already being exploited | Malwarebytes Apple has released security updates that look especially important for Intel-based Macs because they are already being exploited in the wild.

Apple has patched vulnerabilities in JavaScriptCore and WebKit. Get those iOS and MacOS devices.

www.malwarebytes.com/blog/news/20...

Two CWE’s are new to the list and also tied for largest jump at 13 spots: CWE-200, Exposure of Sensitive Information to an Unauthorized Actor and CWE-400, Uncontrolled Resource Consumption.

MITRE has released the 2025 edition of the CWE Top 25 Most Dangerous Software Weaknesses List.

2024 has seen XSS overtake Out-of-Bounds Write vulnerabilities for top spot on the list.

cwe.mitre.org/top25/archiv...

D-Link says replace vulnerable routers or risk pwnage Vendor offers 20% discount on new model, but not patches

If you’re using one of these D-Link routers, it’s time to upgrade. Don’t forget those routers you might have setup for friends and family too!

EOL in May 2024:
DSR-150
DSR-150N
DSR-250
DSR-250N

DSR-500N EOL 9/2015
DSR-1000N EOL 10/2015

www.theregister.com/2024/11/20/d...

Security plugin flaw in millions of WordPress sites gives admin access A critical authentication bypass vulnerability has been discovered impacting the WordPress plugin 'Really Simple Security' (formerly 'Really Simple SSL'), including both free and Pro versions.

In a surprising bit of news, a vulnerability has been discovered in a Wordpress plug-in for *checks notes* security.

Wordpress security plug-in. The very definition of an oxymoron.

www.bleepingcomputer.com/news/securit...

How so you suppose they figured Chrome could fetch $20 billion? Without the advertising money, how do you monetize the browser?

How can this be stopped? Sure, the FTC might stop some sales of this data but only be the more “legit” data brokers. The ones that are unknown or simply nation state threat actors still have the capability to collect this data.

How do you realistically solve this? I’ve thought about getting rid of my smart phone to reduce my own footprint but the logistics of that are difficult. Should we ban folks in sensitive roles from having devices and bringing them into installations?

If you’re like me and just getting started on Bluesky, these starter packs are a great way to get started filling your feed with relevant content.

Hello, Bluesky!