| Website | https://beny23.github.io |
| Github | https://github.com/beny23 |
| https://twitter.com/giskard23 |
Guess where I am today? Last minute addition to BSides Lancashire where I’ll talk about “when Ralph Wiggum hacked the Juice Shop” in two hours. Best go and create those slides then.
This week it gets all too depressing. AI didn’t change everything but made it more important to do it right. Politicians lack understanding. And one orange one is the ignoramus in chief and how we laugh at McKinsey for going all in on the metaverse. #WeaklyLink
This week it gets all too depressing. We start by the fact that AI didn’t in fact change everything but just made it more important to do the right thing. How politicians may not have the right kind of understanding to make decisions that actually make sense. How one (orange) politician doesn’t understand how the world actually works and how we can all laugh and point at McKinsey for when they predicted how essential it was to go all in on the metaverse.
This week we're looking at zero days, zero reason for wearing Meta Glasses, zero reason to like AI slop.
Let's dive in.
This week we’re looking at zero days, zero reason for wearing Meta Glasses, zero reason to like AI slop. Let’s dive in. Look What You Made Us Patch The Google Threat Intelligence Zero-Day review came out at the beginning of March and I thought it was interesting for a good few reasons: The number of zero days actively exploited looks to be fairly steady over the last few years Security and Networking technologies are about half of the enterprise-related targets.
This week we’re looking at how some of the traditional thinking on security (detect it, patch it, monitor it) is no longer quite cutting it. It is interesting how cyber threats have very much moved on from malware. In my opinion, the latest CrowdStrike threat report can be used to argue that security is not something that can be fixed by buying a shiny security tool. It’s not a technology problem, it’s a social (engineering) problem… #WeaklyLink
This week we’re looking at how some of the traditional thinking on security (detect it, patch it, monitor it) is no longer quite cutting it. It is interesting how cyber threats have very much moved on from malware. In my opinion, the latest CrowdStrike threat report can be used to argue that security is not something that can be fixed by buying a shiny security tool. It’s not a technology problem, it’s a social (engineering) problem…
Dependabot security alerts have terrible signal-to-noise ratio, especially for Go vulnerabilities. That hurts security!
Just turn it off and set up a pair of scheduled GitHub Actions, one running govulncheck, and the other running CI against the latest version of your dependencies.
Less work, less risk, better results!
This weak we’re looking at supply chains. We look at how AI is both a blessing and a curse for open source, how there’s a new sandworm attacking the npm ecosystem, how de-Americanisation of cloud is not easy and we also learn about an exciting new Agile certification. Sarcasm may be involved. #WeaklyLink
This weak we’re looking at supply chains. We look at how AI is both a blessing and a curse for open source, how there’s a new sandworm attacking the npm ecosystem, how de-Americanisation of cloud is not easy and we also learn about an exciting new Agile certification. Sarcasm may be involved. Semantic Ablation But let’s start with something that puts a name to that feeling you get when you read an AI-generated wall of text and at the end of it, you feel like there has been relatively little meaning in what you’ve just read.
This week we’re looking at the impact of drugs on viruses, drugs on AI models, drug-addled bot behaviour and how the mainstream is catching up with AI Agent concerns. Oh, and some badly-drawn horses. #WeaklyLink
This week we’re looking at the impact of drugs on viruses, drugs on AI models, drug-addled bot behaviour and how the mainstream is catching up with AI Agent concerns. Oh, and some badly-drawn horses. Drugs The first bit of news comes from over the pond, where it looks like the Trumpian regime is looking to piss away vaccine advances. Flu vaccines are saving millions of lives, and an improvement in efficacy would be a good thing.
This week, we’re having a bit of a wild west theme to the GenAI related links. There’s continuing hype around OpenClaw - though it looks more like a hangover than a party. We’ve also got some interesting use cases for GenAI that are directly not related to coding and we’ll end up with a cryptic warning from a siren. The Good I’d like to start off with a couple of links relating what is feasible with GenAI:
This was the week when the autonomous AI bots went a bit crazy and decided to burn tokens on social media. Moltbook is so hot it leaves behind molten agents. Well, no, stop there Gerald, people will start thinking you are using an LLM to do your writing. Of course, there’s a decent sprinkling of security issues where once again the usual suspects prove that security vendors are bad at securing software.
Mike Sheward
Filippo Valsorda