VissJul 16, 2025
if you put a webserver up on the internet. anywhere, hosting anything, you will see "the background radiation of the internet", and it looks like this:
Show threadVissJul 16, 2025

and what you can take away from this log is that the reason they are blasting the entire internet, every webserver with these requests - most of which are 'im gonna hit myself in the face with a brick now' level of bad from a config/dev/admin perspective - is squarely because it has worked for them enough times that they feel spraying the internet will nab them more.

look.
just look at the shit they're collecting and how easily theyre doing it.

this is because docker
this is because k8s

Show threadVissJul 16, 2025

this is because everywhere has gone "DX" - or "optimizing for the developer experience above all else, at the cost of everyone else. "

make things as easy as possible for the devs/devops, we dont care how bad the security becomes, how many layers of abstraction get installed, how many dozen new js frameworks appear this afternoon, how public the data is, how bad the architecture is - burn the building down

just make sure the devs are comfy

Show threadJames Andrews
@Viss I agree with the sentiment but also sometimes it’s the security orgs that don’t expose the tools or processes to help remediate. They do the scans and tests but don’t provide a good way for devs to remediate. Even this isn’t necessarily the security orgs fault because security tooling is ridiculously expensive and is often last on the shopping list because it “adds no immediate value” finally we have to walk in the Devs shoes for a bit as well. The ever increasing demands we push on devs to add value means they often have no runway for “extra” concerns like deep security work. We make it worse by trying to turn devs into DevOps people and loading them up with more responsibility.
Jul 17, 2025 at 6:03amWeb