Show threadTSM at WorkJun 13

@thelonelyghost A certain major cloud vendor's #Kubernetes implementation, and what happens when one must deal with both the "old" and "new" authn/authz schemes simultaneously in a cluster. It prefers new, but for best results, configure both for identical results, or at least as close as practical.

It wasn't our own smoking #footguns at the bottom of the #rabbithole, but at least there was a #deterministic answer that didn't require #vendor contact.

Show threadTSM at WorkJun 12

If I get to the bottom of this #rabbithole and I don't find our very own #footguns I shall be very disappointed.

Because that means I shall have to talk to the #vendor and that seldom turns out well.

Maybe the behavior is documented. Technically. Piecewise in several different places, one of which is in a locked file cabinet in a planning office that is only open for one hour at lunch on alternate Thursdays.

wowiamreallyamazed🍉️Dec 13, 2025
Zig needs to add a hard copiler error for using spaces for indentation instead of tabs, because it is a #footgun to use a non-flexible indentation, and also for writing too many comments in one place because if you can't read the code to understand, you already have too many #footguns , and you are a bad programmer, and you have to stop programming, as we have stated in zig zen "Focus on code rather than style.
", this is not about style. #zig #ziglang #Zigtools #programming #codestyle
Gabriel NNov 18, 2025

ugh, in 30 minutes I have seen 35 people expose their .git folder using tailscale funnel

and that was a quick poc, I think I'm only watching one of the CT firehoses

in reality it's probably worse

@danderson , if still have contacts there

I think funnel is a really dangerous footgun which should come with a big warning that whatever you expose will get scanned from the internet immediately

I recall there was a banner in the documentation, but it should be in BIG RED letters when running it

I intentionally only did HEAD requests, but when I exposed my little test server I immediately saw GET requests for .git/config

I assume next step is that they come for .git/HEAD and then pull down everything...

#tailscale #footguns

Hacker NewsJun 21, 2025

Unexpected security footguns in Go's parsers

https://blog.trailofbits.com/2025/06/17/unexpected-security-footguns-in-gos-parsers/

#HackerNews #Unexpected #security #footguns #in #parsers #security #GoLang #programming #cybersecurity #softwaredevelopment

Unexpected security footguns in Go's parsers

File parsers in Go contain unexpected behaviors that can lead to serious security vulnerabilities. This post examines how JSON, XML, and YAML parsers in Go handle edge cases in ways that have repeatedly resulted in high-impact security issues in production systems. We explore three real-world attack scenarios: marshaling/unmarshaling unexpected data, exploiting parser differentials, and leveraging data format confusion. Through examples, we demonstrate how attackers can bypass authentication, circumvent authorization controls, and exfiltrate sensitive data by exploiting these parser behaviors.

The Trail of Bits Blog
robrichNov 8, 2023
https://noyaml.com/ - #YAML has lots of #FootGuns - e.g. it's easy to make mistakes by accident. Great site with lots of puns and wisdom https://linkedin.com/in/geoffreyhuntley.
🚨🚨 That's a lot of YAML 🚨🚨

No body wants to write YAML. A lovingly curated list of YAML pain.

Show threadurigMay 8, 2023

If I could have things my way, I would change MySQL to let users "fall into the pit of success". I.e., I would make it throw an error on both examples.

An INNER JOIN doesn't make any sense without an ON clause much the same way a CROSS JOIN with one makes no sense.

Sometimes throwing an error is the best thing you can do for your users.

#footguns