@audunmo.dev.bsky.social
I like helping people make safer software. #appsec #cloudsec
Is Github Actions down again?
27.01.2026 13:01 โ ๐ 0 ๐ 0 ๐ฌ 1 ๐ 0As an "I use vim actually" guy, I am always inclined to blame every scourge of society on Emacs of course
05.01.2026 06:32 โ ๐ 1 ๐ 0 ๐ฌ 0 ๐ 0Mark Zuckerberg opens Emacs and writes some PHP -> the fates of Venezuela, and potentially Greenland, are uncertain.
That's the butterfly effect for you
I strongly believe that almost every software business should be creating, aggregsting, and analyzing SBOMs, but the proprietary solutions are all bundled in with massive packages that are ill-suited to smaller shops. DTrack fills a hole there, but I think it's too much of a hassle for most to use
15.12.2025 21:17 โ ๐ 0 ๐ 0 ๐ฌ 0 ๐ 0As much as I love the spirit and idea of DependencyTrack, I really dislike the implementation. The app is heavy on resource consumption, the API is clunky to use, and lack of token auth for automation feels ironic for a security focused project
15.12.2025 21:15 โ ๐ 0 ๐ 0 ๐ฌ 1 ๐ 0I opened X to look at Elon Musk tweet. Do I hate myself? Why did I do that to myself?
15.12.2025 21:13 โ ๐ 0 ๐ 0 ๐ฌ 0 ๐ 0What is h a p p e n i n g over at cloudflare. Down, again???
05.12.2025 08:55 โ ๐ 1 ๐ 0 ๐ฌ 0 ๐ 0
Damn, ECMAScript-like syntax and compiles to bash? Folks, I think I'm in love amber-lang.com
12.11.2025 07:16 โ ๐ 1 ๐ 0 ๐ฌ 0 ๐ 0Me: let me simplify this app
Also me: let me start by describing exactly how I'm going to overengineer this thing
*forking
16.10.2025 12:28 โ ๐ 0 ๐ 0 ๐ฌ 1 ๐ 0Then I think the next thing to implement would be a gRPC implementation of the REST API.
16.10.2025 12:28 โ ๐ 0 ๐ 0 ๐ฌ 0 ๐ 0I'm thinking of forming dependency track. I think its promise could be delivered in a much simpler app. First thing is to combine the frontend and API to a single container. Second order of business would be to introduce OIDC based token auth for m2m
16.10.2025 12:26 โ ๐ 0 ๐ 0 ๐ฌ 3 ๐ 0Manifesto:
16.10.2025 07:09 โ ๐ 281 ๐ 53 ๐ฌ 0 ๐ 0Within sometime in the next five years, there will be a story of someone using an LLM like a GPS to navigate, and it will be hilarious
11.10.2025 15:47 โ ๐ 0 ๐ 0 ๐ฌ 0 ๐ 0I have no earthly idea why the world landed on using SPDX over CycloneDX as its default. And I'm so sad about it
06.10.2025 11:58 โ ๐ 0 ๐ 0 ๐ฌ 0 ๐ 0But it's honestly just crazy that tags are not immutable by default. They just should be. They should never change
02.10.2025 09:39 โ ๐ 1 ๐ 0 ๐ฌ 0 ๐ 0As far as I can tell, this is because the base layer got rebuilt with a different timestamp. Same final image, but there is a diff all the way through the build steps
So that's not great
Today, Go's 1.25.1-bookworm image suddenly changed hash
02.10.2025 09:37 โ ๐ 1 ๐ 0 ๐ฌ 2 ๐ 0The fact that tags are immutable on docker hub by default blows my mind.
02.10.2025 09:37 โ ๐ 0 ๐ 0 ๐ฌ 0 ๐ 0At what point do we just classify the entirety of npm as a vulnerability, and just be done with it? Js needs a better standard library, and packages that can't randomly RCE your build pipeline if they feel like it
17.09.2025 18:13 โ ๐ 1 ๐ 0 ๐ฌ 0 ๐ 0If you sell products that purport to shift left, but don't support IaC or other code-based config, the product is not doing that. UIs and click-ops invite reactive, right-end operations, and it's often a sign of other legacy thinking / approaches in your tools
01.07.2025 10:17 โ ๐ 0 ๐ 0 ๐ฌ 0 ๐ 0Pushing ads on a service, then making a subscription to not have ads, is not a feature. It's not a product. And if it's the best you can think of, your company produces nothing
24.06.2025 12:09 โ ๐ 0 ๐ 0 ๐ฌ 0 ๐ 0Linkedins algorithm for what to create notifications for needs to be studied. I don't think I've seen an algo less able to find relevant information
16.06.2025 13:36 โ ๐ 0 ๐ 0 ๐ฌ 0 ๐ 0Bad features cause security risks, like bad road layouts lead to accidents. Case in point, github notifications. Filtering out the noise is so hard that I find drawn to separate apps to handle them. I don't because of the risk, but the avalanche ushers me in their direction
12.06.2025 10:57 โ ๐ 0 ๐ 0 ๐ฌ 0 ๐ 0A long time ago, I saw a thing about programmers on dating apps who make themselves out to be much more important than they are.
"Calm down, Brad. You're making computers go beep boop correctly" is still one of my favorite take down of anyone online
I thought to myself "the clock is just Thursday". In other words, my friend's 5 day bachelor party is going well
01.05.2025 19:50 โ ๐ 0 ๐ 0 ๐ฌ 0 ๐ 0Note to anyone creating a scripting or rule or whatever language. Do not design your language so that comparison happens with =. Always assign with = and compare with ==. Otherwise all code produced in your language will be bad. And if = does both, you do not deserve good things in your life
28.04.2025 15:26 โ ๐ 0 ๐ 0 ๐ฌ 0 ๐ 0Right? I think this is people trying to replicate informal verbal conversation, which is sympathetic, but doesn't actually work in digital communication.
Which is why we're the jerks if we correct them.. But cmon just get to the point
It is 2025. Stop sending "hi" on slack. Just say the thing you want or need right away
10.04.2025 08:23 โ ๐ 0 ๐ 0 ๐ฌ 1 ๐ 0
