@bradleyjkemp.dev.bsky.social
Experienced ignorer of Safe Browsing warnings Founder @ Phish Report π£
The github status page. At the top a banner: > Atlassian uses cookies to improve your browsing experience, perform analytics and research, and conduct advertising. Accept all cookies to indicate that you agree to our use of cookies on your device
> go to check the GitHub status page
> asked to accept cookies from Atlassian
π€
I guess good on them for having their statuspage infra so separate from their main infra, that it's hosted by a competitor?
@vangogh.bsky.social is just an automated account that posts Van Gogh artwork
03.08.2025 21:29 β π 0 π 0 π¬ 1 π 0
This isn't generated, it's just a real Van Gogh painting
03.08.2025 21:28 β π 1 π 0 π¬ 2 π 0Ask an LLM for an OAuth2 implementation? Get boilerplate with hard-coded values where there should be randomised ones (e.g. state param)
Mention "PKCE" and suddenly you get a perfect implementation...
Been meaning to, but haven't got round to doing it
Are you able to send email from your shared address?
Seems like just an address that forwards on to both personal accounts would give most of the benefit
Slightly a joke, but also kinda reality
28.07.2025 16:44 β π 0 π 0 π¬ 0 π 0
Struggling to fit layers 8+ in there π€
Please do not throw sausage pizza away...
Unless (user)
Overly (organisation)
Greasy (government)
"I'm behind 7 proxies" but they're in parallel not in series, because no single location has a full view of the internet
25.07.2025 23:03 β π 120 π 8 π¬ 3 π 0Kiro looks super interesting. I think there's cursor plugins that do a similar thing, but the whole "let's agree on a spec before we actually start spewing code" approach seems great
16.07.2025 20:46 β π 1 π 0 π¬ 0 π 0
The new (beta) GitHub PR view *finally* lets you switch between unified and split diff without reloading the page ππ»
08.07.2025 09:04 β π 2 π 0 π¬ 0 π 0Kinda skeptical of their bank too...
02.07.2025 21:42 β π 2 π 0 π¬ 0 π 0OpenAI Codex has weirdly become my coding TODO list
When I have a feature idea, bug, etc. rather than writing up a ticket, I just set Codex running on it
When I come back to review, either I've got a mostly-mergable PR, or it's completely failed and I can convert to an actual ticket
Plane ticket β
Train ticket to get to the airport? Nah...
Hero section of a website bragging about "Industry-Leading 94% Accuracy Rate" for their "Advanced cybersecurity platform that analyzes millions of domains using machine learning to provide instant risk scores, vulnerability detection, and compliance reporting."
Lol, if you're going to make unsubstantiated claims about your accuracy at least make them impressive
Hundreds of thousands of new apex domains are registered every day, let alone subdomains...
So 94% accuracy = 10,000+ false negatives/positives per day?
A modal in Gmail which says: This link looks suspicious This link opens a site that might be harmful The reputation of www.gov.uk is unknown
Hmmmm
Of all the challenges in detecting phishing links, you'd have thought knowing a government domain was safe would be pretty simple?
`uv` is what made python bearable for me. It's pretty close to the go dev experience:
uv.lock defines dependency versions (c.f. go.mod)
Use `uv run script.py` and it'll run it using those dependencies
You can even have a .python-version file
Would love a good recipe for either if you've got recommendations!
Jollof day >> Italian day at the office
It's surprisingly hard to build these types of security features without them becoming tools for phishers
04.05.2025 09:29 β π 1 π 0 π¬ 0 π 0Makes sense. Mismatch between address bar and page just sets off my phishing sense: really common now for phishing sites to use a fake Cloudflare page saying that you're proceeding to <bank.com> or whatever
20.04.2025 12:23 β π 0 π 0 π¬ 0 π 0Why the mismatch between address bar and the "hosted by" domain in the warning?
20.04.2025 12:03 β π 0 π 0 π¬ 1 π 0I thought the token had to match up with a value stored in a cookie? (also managed by the csrf package)
In which case, re-use isn't a problem, but also signing it doesn't improve anything
Calling it now: Switch 3 releasing with Mario Kart Universe π
02.04.2025 14:06 β π 1 π 0 π¬ 1 π 0
Showing the accessibility settings for alt text in bluesky with two options: Require alt text before posting Display larger alt text badges Both are checked
As Bluesky has grown, I've seen a lot of backsliding on alt text. Please try to be considerate to others and include alt text with all of your images. It helps everyone. Indeed, in the "accessibility" setting in Bluesky you can set it to make sure you add alt text, which is a useful thing to do.
30.03.2025 00:16 β π 6401 π 2085 π¬ 232 π 178Feels like we should've saved "blastpass" for a really sick LastPass exploit π
26.03.2025 22:26 β π 1 π 0 π¬ 0 π 0@gergely.pragmaticengineer.com these adverts lead to the exact scam you posted about your experience with
26.03.2025 17:46 β π 2 π 0 π¬ 1 π 0
An article in The Atlantic with an AI generated advert for "This cute and realistic bunny robot toy is perfect for Easter"
With all the people reading @theatlantic.com today it'd sure be nice if they weren't showing scam adverts...
26.03.2025 17:44 β π 3 π 1 π¬ 1 π 1Tired: check for the padlock to know a site isn't phishing
Wired: check for a cookie consent modal to know a site isn't phishing
It's freaky how well that little traffic light scale can predict my unit test results
19.03.2025 18:39 β π 1 π 0 π¬ 0 π 0
A CO2 monitor reading 1337 PPM
Ah yes, the optimal CO2 level for programming
19.03.2025 18:37 β π 1 π 0 π¬ 1 π 0
For those of you who build security UIs: If the security UI is in the same place as attacker-controlled pixels, it's not a security UI.
textslashplain.com/2017/01/14/t...
