Rob Winch

Spring Security lead Rob Winch on Spring Security 7.0, SpringOne 2025, and more Podcast Episode · A Bootiful Podcast · 31/07/2025 · 44m

Neat episode of a Bootiful Podcast from @starbuxman.joshlong.com with @rwinch.github.io , the lead of @spring.io Security. Great insights on how the design and product decisions are made in an OSS project, and the timeframes for these.

podcasts.apple.com/gb/podcast/s...

Just pushed support for Spring Security OAuth + Interface REST Client integration docs.spring.io/spring-secur...

#SpringFramework #SpringSecurity

I'll be presenting "Secure All The Things With Spring Security" with @starbuxman.joshlong.com at #SpringOne #VMwareExplore

I hope to see you there!

event.vmware.com/flow/vmware/...

Thanks for reaching out and sorry for the delay. Can you please reach out via github.com/spring-proje...

Anyone have any realistic use of Java's Scoped Values they can share? Yes, I know it's still a preview feature, but I can hope there are some eager people out there.

Interesting post infosec.exchange/@briankrebs/...

- AI bots are used to commit financial aid fraud at universities
- rise in bots enrolling prevents some students from registering for classes
- teachers worry when the bots drop (after bot gets aid) it might cause them to lose their job

I'm glad to see that funding for the CVE program has been extended www.bleepingcomputer.com/news/securit...

I'm interested to see what happens with the foundation going forward.

tldr - CVE Program funding was going to expire, foundation was setup to preserve it, CVE Program funding was extended

My current setup has been with ⌘+arrow to move to half of screen, ⌘+Enter for full screen, ⌥+⌘+arrow to move displays, ⌃+⌥+⌘+arrow to move spaces. This collides with navigating a text file

Trying MacOS again Key binding suggestions for moving window left/right/top/bottom half screen, full screen, to next/previous display, & to next/previous "spaces" (desktops or in linux it was workspace)? Ideally bindings use arrows, are similar to each other, and don't collide with default bindings

It's frustrating when authenticating to website (e.g. website.com) to be redirected to an external domain (e.g. website.idp.com) & expect website.com's credentials. Shame on both the website & the IdPs that follow this practice which primes users to be phished.

I'm not speaking @devnexus.bsky.social this year, but I'm going as an attendee. If you will be there, I'd love to meet up. Hope to see you there!

Linux user trying to figure out macos - How can I have the menu bar & doc on all displays AND have "Displays have separate Spaces" unchecked?

NOTE: I do not want separate spaces per display because then I have to switch a space per display. I prefer switch space updates all monitors at once.

You've probably heard advice about how hackers can steal all your sensitive information if you don't use a VPN on public Wi-Fi, but is that actually true? In... Why You Probably Don't Need A VPN To Stay Secure On Public Wi-Fi

Why You Probably Don't Need A VPN To Stay Secure On Public Wi-Fi

Hello DCO, Goodbye CLA: Simplifying Contributions to Spring Level up your Java code and explore what Spring can do for you.

I'm very excited that @spring.io is switching from a Contributor License Agreement to a Developer Certificate of Origin!

We're looking forward to seeing more & simplified contributions from you! If you have any questions, reach out to us in our issue trackers.

spring.io/blog/2025/01...

Fantastic news to see the @antora.org collector has hit GA!

Gmail Takeover Hack Attack—Google Warns You Have Just 7 Days To Act As Gmail users complain hackers have compromised accounts, changing passwords and passkeys in the process, Google advises they have 7 days to regain control—here’s how.

Good advice for protecting against / recovering Hijacked Gmail (& other) Accounts

www.forbes.com/sites/daveyw...

- Setup recovery phone & email to your account
- For Gmail, if attacker changes your recovery phone number, then you have7 days to use that original number to regain control

President Biden's deputy natsec advisor for cyber and emerging tech Anne Neuberger told reporters that Chinese hackers got into (at least) 8 U.S. telcos in a broad spying campaign that affected "dozens of countries" since it began.

The latest on All Things Considered: www.npr.org/2024/12/04/n...

That's not me. I renamed my account from robwinch.bsk.social to rwinch.github.io and do not have another account.

.well-known/atproto-did at main · rwinch/.well-known Contribute to rwinch/.well-known development by creating an account on GitHub.

Note that the Blue Sky documentation states that atprto-did must return content-type text/plain but it worked for me despite GitHub pages returning application/octet-stream

This is good for me since it doesn't appear that I can change the content-type on GitHub pages docs.github.com/en/pages/get...

GitHub - rwinch/.well-known Contribute to rwinch/.well-known development by creating an account on GitHub.

Verification can be done using a .well-known URL bsky.social/about/blog/4...

To do that I created a .well-known project that publishes the atproto-did file with the verification to GitHub pages github.com/rwinch/.well...

How to verify your Bluesky account - Bluesky Here's how to verify your Bluesky account by setting your website as your username.

I changed my username to rwinch.github.io so that I had a verified domain with a username that I'm well known by.

How did I do it?

FBI Warns iPhone And Android Users—Stop Sending Texts US officials urge citizens to use encrypted messaging and calls wherever they can—here’s what you need to know.

Chinese is hacking US telco so stop using SMS

- Use 3rd party apps that do end to end encryption (eg WhatsApp)
- RCS iPhone <-> Android is not encrypted
- Use phone that auto updates in timely fashion
- Use MFA

www.forbes.com/sites/zakdof...

HT @starbuxman.joshlong.com

Join @starbuxman.joshlong.com and I as we discuss #SpringSecurity 6.4 x.com/starbuxman/s...