PSA for @statamic.com folks - update your sites ASAP! β οΈ
A CRITICAL vuln was discovered that allows full account takeover via password resets! π±
All the details: cvereports.com/reports/CVE-...
PSA for @statamic.com folks - update your sites ASAP! β οΈ
A CRITICAL vuln was discovered that allows full account takeover via password resets! π±
All the details: cvereports.com/reports/CVE-...
My current task is to reinstate users ability to update their emails.
The issue? Their email is technically a stable coin wallet and money is directly linked to their ability to access that email
I have a fix but my god this topic hit hard this week
Shipping spaghetti is still shipping π
18.02.2026 08:08 β π 2 π 0 π¬ 0 π 0
GitHub Action with the text: name: Run tests without networking run: | sudo unshare --net -- bash -lc ' ip link set lo up php artisan test --exclude-group manual --parallel '
Tip I leaned today: Disable networking on your GH Action Tests
Even if you block it in code, things could still leak
Hmm I wonder if itβs a cpu power limiter then under high load π€
13.02.2026 01:17 β π 1 π 0 π¬ 0 π 0
Anyone else's PHP github actions suddenly taking an insane time to complete?
Mine are taking 20mins-1hr and I cannot replicate any problem on local or even brand new machines setup
If at first you donβt succeed, try and try again π€
26.01.2026 01:03 β π 1 π 0 π¬ 0 π 0kinda neat, I saw something else recently but in a code that compiles code that compiles other code nesting egg
19.01.2026 04:18 β π 1 π 0 π¬ 0 π 0
We have another giveaway: a ticket to Laracon India π.
Since this is a last-minute giveaway, it is only open to people already basedin Ahmedabad, India, and it's only open until January 17th, 2026.
Retweet/share for reach, and enter via our website, link below β¬οΈ.
Why governments need to treat fraud like cyberwarfare, not customer service cyberscoop.com/industrializ...
10.01.2026 03:42 β π 2 π 1 π¬ 0 π 0
gpg.fail
27.12.2025 18:52 β π 257 π 63 π¬ 7 π 7
There should be a βsame product, same featuresβ law
If a country forces a company to have better privacy options or allow third party app stores or whatever it might be, you should be forced to offer that same feature here in Australia
By all means use it, but don't assume its telling the truth. Investigate and confirm what its said is true before you go off and ask someone else to verify its claims for you
12.12.2025 00:05 β π 0 π 0 π¬ 0 π 0
Reminder folks, chatgpt is designed to agree with you and "solve" issues so it rarely tells you that you're misunderstanding things.
It will absolutely mislead you or say its found the issue when really it's just giving its best guess
Getting tired of seeing low quality github issues hey
Stay safe friends
04.12.2025 23:15 β π 2 π 1 π¬ 1 π 0
View of Brisbane city at night
My favourite part of the city is the KP cliffs. Absolutely stunning views π
Whenever I need time to myself, this is where I go
Iβm really hating the βI know but itβs still so cuteβ crowd of fb simps π
30.11.2025 02:29 β π 1 π 0 π¬ 0 π 0
Ted has to be the worst of them all π€’
Never met a more disgusting lib in my life
Wrong regex in the vite file? Css in script tags? Does it refresh but not do the thing?
I feel you, Iβve had to hunt this bug down a few times
Have they finally got the DB driver working well again?!? Iβll have to check it out
I remember checking in 2 years ago with the mongo team and it was not quite ready for production usage, but it worked in some areas
Yeah fr. In my paper I compare it to the CD/USB autorun drama of the 00s. Except instead of just inserting 1 device, we pull in 10,000 from the internet and assume itβs all gucci
05.11.2025 21:52 β π 1 π 0 π¬ 0 π 0
The first step is tackling npm autorun. Explicit approval for any post install/update script with insights
Next would be SBOMs with behaviour attached. And notices when deps grow, scripts change etc. and a move away from the habit of using deps for tiny tasks. + much more. I could rant for a while
In npm world itβs a little tricky rn. Personally I donβt update a pkg until itβs 2-3 wks old (unless itβs a security patch). This gives community run static/dynamic analysis tools time to find and flag things. There are SBOM tools that help too
The real solution would require community change⦠1/2
I wrote a research paper on this topic just last month
This issue is entirely preventable. The only reason we keep seeing this style of attack is because our industry keeps repeating the same mistakes over and over again π
Whoa this is stunning
04.11.2025 15:53 β π 6 π 1 π¬ 0 π 0I knew the good talks with China could only last so long. Guessing itβs a proxy war sorta thing? I havenβt read into it yet
02.11.2025 21:16 β π 0 π 0 π¬ 0 π 0
Itβs the small things that keep me on Mac.
Like I remember my yubikey being a pain with git commits on Linux and other little small things that take hours to fix properly
I do miss my Linux daily driver tho π₯²
β¨Microsoft securityβ¨
27.10.2025 13:22 β π 0 π 0 π¬ 0 π 0
With the AWS outage, nowβs as good a time as any to post this old strip.
20.10.2025 10:18 β π 2665 π 1050 π¬ 15 π 28