Preach it, Gemini.
Today I'd like to thank Chase bank for sending me a real email from a secondary subdomain asking me to visit their site and enter in banking, routing, and account information - exactly the things security awareness notifications say they'll never do.
I can't emphasize enough about how important it is for cybersecurity/tech folks to have an enjoyable hobby outside of tech (a physical one, if possible). It's amazing how one good solid firefighting drill day (or call!) improves my mood and attitude for _days_ afterward.
I have to say, gemini-cli makes catching up to technical debt (such as upgrading my personal colo box several OS versions in one go) SO much easier. Today's post-upgrade prompt, and its output. "Fix all problems found" is next, and then things are good to go.
Gemini, Anthropic: Sleek modern saws w/ sawstop safety blade; might be annoying if the wood is wet
OpenAI: First-to-Market saw that's still riding its name recognition
Grok: Table saw hooked up to a two stroke boat motor, no blade guards whatsoever, sales guy missing a finger
Ok friends: You see this on the menu. Do you assume it will come covered in sour cream?
A while back I resolved to reduce my "mindless" screen time by keeping my hands occupied when I'm idle - so I bought a guitar & kept it near the sofa & my desk.
I can't say I have effectively reduced my screen time very much, but I DO know how to play guitar now, so that's nice.
This is a legendary performance but, Caption writer, I have a bone to pick with you about "nothing but his voice and guitar". It's a different sound without Bryan Gibson!
PSA for AI "Vuln researchers" - please do not spam our nonprofit parrot rescue asking for bug bounties for website "best practice" improvements. Unless you're interested in spray millet or colorful wooden blocks to chew on, both of us will be very disappointed in the experience.
I asked my gemini-sysadminhelper to assess the migration path for me today for a very old FOSS tool I need to swap out to get modern OAUTH2. Instead, it hot-patched the source to handle OAUTH2 because that's easier than migrating. I now wonder whether my tech-debt problem will improve because the agent can autonomously handle step-upgrades and I won't accrue the tech debt, or whether it will worsen because to the agent it's just as easy to refactor and hot-patch as it is to apply updates.
Given the big PyPI, Node and Github supply chain attacks in the last month or two I am *very* curious:
Orgs who have walked far down the SBOM path - are you feeling pretty good about that right now? Is it genuinely helping you respond to supply chain attacks?
