mhoye

I see that today @andrewnez has chosen violence.

https://nesbitt.io/2026/02/03/incident-report-cve-2024-yikes.html

Incident Report: CVE-2024-YIKES

A series of unfortunate events.

Andrew Nesbitt
May 11 at 1:41amWeb
Show threadjbaggsMay 11
@mhoye @andrewnez Seems reasonable.
Show threadViolet/MultiMay 11
@jbaggs @mhoye @andrewnez We should research more goat farming.
Show threadSkyrMay 11
@mhoye @andrewnez I don't know what made me laugh more: The satiric CVE or the obviously automatically AI-generated renarration on some vendor's blog 🤣🤣🤣
https://sesamedisk.com/cve-2024-yikes-supply-chain-attack/
CVE-2024-YIKES: A Supply Chain Attack Exposed and How to Prevent It

Learn about the CVE-2024-YIKES supply chain attack, its analysis, root causes, and strategies to prevent similar cybersecurity incidents in software ecosystems.

Sesame Disk
Show threadAndrew NesbittMay 11
@skyr @mhoye 🤦‍♂️
Show threadSkyrMay 11
@andrewnez @mhoye and another one 😂
https://thecodersblog.com/cve-2024-yikes-incident-report-2026/
"This isn’t a theoretical exercise; it’s a wake-up call" *GASP* can't.... breathe... 🤣🤣🤣
Security Alert: Analyzing CVE-2024-YIKES Incident | The Coders Blog | Home

Deep dive into CVE-2024-YIKES: understand the exploit, impact, and remediation steps for robust protection.

The Coders Blog | Home
Show threadAndrew NesbittMay 11
@skyr @mhoye and people say that the security industry is dead, look at how fast these companies are responding!
Show threadVysogotaMay 11
@skyr @andrewnez @mhoye this one smells like slop..
Show threadSkyrMay 11
@petko that whole site feels slop-py
Show threadVysogotaMay 11
@skyr oh, sorry, didn't see the rest of the thread. The joys of fedi :)
Show threadSkyrMay 11
@petko no prob 😊
The whole issue made me think of a project:
- conspirators post easily recognicable BS on their sites
- wait for slop sites repeating the shit
- collect them on a blacklist
- browser plugin blocks sites and removes them from search results
🎉
Show threadAndrew NesbittMay 11
@skyr @mhoye this does give me a great idea for a follow up though 🤔
Show threadDavid FetterMay 11
@mhoye @andrewnez nah. Violence chose them.
Show threadFDA approved  lycheeMay 11
@mhoye @andrewnez
Me: lol -> wait is this real -> lol what was I thinking it is satire -> wait is this real (repeat 15 times)
Show threadBruno NicolettiMay 11
@PaintedDurian @mhoye @andrewnez You are not alone.
Show threadJérôme PetazzoniMay 11
@PaintedDurian @mhoye @andrewnez it's becoming harder and harder to distinguish reality from fiction
Show threadIvor HewittMay 11
@mhoye @andrewnez as all excellent satire, just slightly too close to the bone. 🤣
"The #incident-response Slack channel briefly pivots to a 45-message thread about whether “compromised” should be spelled with a ‘z’ in American English"... along with the Cambridge vs Oxford English factions pivoting to a separate argument whether compromise is actually derived from Greek.
Show threadMoth May 11
@mhoye @andrewnez I know that's the point but this post just feels like a documentary 😭
Show threadMoth May 11
@mhoye @andrewnez "Hope for benevolent worms" Honestly, how I'm living my life in general. Also already in portugal so half-way there on the goat farming plan.
Show threadmsxMay 11
@mhoye @andrewnez wtf did i just read? It really happened?
Show thread𝚊𝚎𝚗𝚘 ⌨️May 11
@msx @mhoye @andrewnez I'd just say it is "inspired by true events" 
Show threadMitsunee | 光音May 11
@mhoye @andrewnez most hilarious read-up I've read in quite a while. Also jokingly said to myself "shoulda just used pnpm and/or disabled postinstall scripts", triple-checked that both Konsole and KiTTY are still on bash and not fish (I do update globally installed npm packages weekly after all) and yeah, had a good laugh ​
Show threadMaeMay 11
@mhoye @andrewnez
> The legitimate maintainer has won €2.3 million in the EuroMillions and is researching goat farming in Portugal.

Move over bus factor, time for winning-a-lottery factor