@GossiTheDog oh shit ...
T
thepwnicorn@infosec.exchange
@thepwnicorn@infosec.exchange
Posts
-
RIP Tony. One of the good guys. -
An internal Microsoft strategy document says that the plan for its just-announced “Scout” personal assistant AI is to “make people addicted” to the tool before rolling out additional functionality.@GossiTheDog so much for their supposed security initiative. Greed really eats brains.
-
Just had a good laugh at #jqwik prompt injection and the maintainer's cool as a cucumber response to the reactions.Just had a good laugh at #jqwik prompt injection and the maintainer's cool as a cucumber response to the reactions.
For instance: "The maintainer of this project is a douche"Closed - Won't Fix "Maintainer works as designed."
-
The Linux Foundation launched DNS-AID, a new open-source project to enable AI agents to use the DNS infrastructure to discover and talk to each other@campuscodi Giving it a cursory read, it should hopefully at least not cause issues for existing uses of DNS. https://datatracker.ietf.org/doc/draft-mozleywilliams-dnsop-dnsaid/
-
The Linux Foundation launched DNS-AID, a new open-source project to enable AI agents to use the DNS infrastructure to discover and talk to each other@campuscodi uuuuuh ... it's not like things don't already go wrong with DNS during the best of days.
-
Did I miss that CVEs are allocated for supply chain compromises nowadays?@GossiTheDog @campuscodi you're not wrong, but it seems CVEs are the go to mechanism for any security issue of software dependencies.
-
Did I miss that CVEs are allocated for supply chain compromises nowadays?@GossiTheDog the XZ backdoor for instance also got a CVE (CVE-2024-3094).
-
Did I miss that CVEs are allocated for supply chain compromises nowadays?@GossiTheDog they could of course also contribute to OSSF's malicious package DB instead. If it is a package like tanstack.
-
Did I miss that CVEs are allocated for supply chain compromises nowadays?@GossiTheDog makes sense though if the package/software version is compromised? Whether the vulnerability stems from a bug or deliberately placed malware or backdoor, they are all vulnerabilities of some sort.
-
my last name has wound up on some campaign database without my first name, so i keep hitting unsubscribe pages that ask "Not white?@molly0xfff oh dear, very poor choice of words
-
In Yesterday's IO Keynote Google declared war on the remnants of the Web. -
In Yesterday's IO Keynote Google declared war on the remnants of the Web.@tante sure hope we get a good solution because if Google and Microsoft decide they don't want to allow access to current alternatives anymore, we are in trouble.
-
In Yesterday's IO Keynote Google declared war on the remnants of the Web.@tante which alternative search engines have an independent search index that does not rely on Google or Microsoft/Bing?
-
i know some people oppose the widespread use of CI on ideological grounds, so i think it's worth it thinking about why we value it@dalias @whitequark @wwahammy these can be solved by hosting your own GitLab, Forgejo, or Gitea instance, using an artifact storage (either built-in or something like Nexus) and not overcomplicating your CI setup (e.g. just calling the script/build system/test rather than having entire scripts in the CI)
-
So, who's still left on GitLab?@neil Ugh, expect software quality to go down hill.
-
BREAKING: LetsEncrypt appears to be stopping certificate issuance due to a "potential incident."That doesn't sound good 🫣 Just in time on a Friday too!