paper: “Nobody knows how this phenomenon works, so we just have to measure it”

me: “Surely someone has thrown these measurements on a plot to look for a pattern, right?”

paper: *shrugs*

me: “So you’re telling me I’m either looking at something novel or something nobody’s confident enough to publish?”

paper: *shrugs*

CircleCi is reporting a “security incident,” but the wording used and and actions advised suggests it’s probably a full blown breach:

https://circleci.com/blog/january-4-2023-security-alert/

“At this point, we are confident that there are no unauthorized actors active in our system.”

actions advised:

“Immediately rotate any and all secrets stored in CircleCI. These may be stored in project environment variables or in contexts.
We also recommend customers review internal logs for their systems for any unauthorized access starting from December 21, 2022 through today, January 4, 2023, or upon completion of your secrets rotation.”

Host my own password vaults?

I'm an infrastructure security engineer with experience building and maintaining my own services, and that's still a hard no

Is their security posture on average likely to be better than mine? Nope! — but the variance on that is enormous, unless I put a huge amount of effort into carefully designing and maintaining it

That's not where I want to put my time and energy

Besides, someone could just break a window and steal my post-it notes on my screen

A full rotation of the Moon in high resolution created from photos captured by the Lunar Reconnaissance Orbiter spacecraft.

Source: https://apod.nasa.gov/apod/ap200719.html

Credit: LRO/ASU/NASA