RE: https://mastodon.social/@andrewnez/116233207828494924
Repeat after me, silently, in the voice of your internal monologue:
I accept the packages I cannot update.
"Do you see what I have to put up with?"
https://www.youtube.com/watch?v=bQDeNFv0geg
J
jbm@infosec.exchange
@jbm@infosec.exchange
Posts
-
Repeat after me, silently, in the voice of your internal monologue:I accept the packages I cannot update. -
We have reached the logical conclusion of dependency management: https://malus.sh@andrewnez seriously?
No. "I DON'T want to believe".
But it's a valid point. It MIGHT become true.
https://news.ycombinator.com/item?id=47260919
https://fosdem.org/2026/schedule/event/SUVS7G-lets_end_open_source_together_with_this_one_simple_trick/
https://www.youtube.com/watch?v=9qEtm2zx314 -
Last April, CISA issued an 11-month extension for its CVE program with MITRE, rescuing the program from an almost certain death.@metacurity @joshbressers "Discussions have reportedly begun about potentially amending the EU’s Cyber Resilience Act to reference an identifier managed by ENISA rather than CVE."
(From Paris here) I just checked the full CRA text, there is no mention of "CVE". Not a single one.
-
this hackerbot-claw thing is a good reminder: attackers (and beg bounty spammers) are using zizmor for offensive research, so you should be using it for defense!@yossarian this is brilliant.
I just (vibe) coded my first action last week, it comes at the perfect time! -
Apparently my first GitHub PR was on httparty 15 years ago!@floehopper did I miss something? I thought Claude was 3 years old?
https://en.wikipedia.org/wiki/Claude_(language_model)#Claude