Birthday training be like:
Curcuit training, 1 round - 5 pull-ups, 10 push-ups, 15 squats
30 minutes, 10 rounds, not died (but it was close)
Anyway, not bad for an old man
| Matrix | @caverat:matrix.org |
@caverat
- 6 Followers
- 33 Following
- 205 Posts
SecOps and family values
BleepingComputerMore than 400 packages in the Arch User Repository (AUR) are distributing a Linux rootkit and infostealer malware targeting credentials and access tokens.
> the cost question came up quite suddenly
Quite suddenly my ass
And even this was not the end! Daughter got a heatstroke. She’s ok, but still
Not happy x2
And this was not the end! After leaving, my bike’s chain jammed, because I was kinda distracted (wonder why) and I can’t het used to long hear switch. Not happy
Morning started not with coffee, but with kids, stove and a lid, laying on an oven. With plastic handel.
Long story short - while we were on a bathroom with daughter, kids were with grandma (she’s visiting to help with kids). And they managed to turn on the stove. Results? Plastic all over the stove, air smells like chemical plant, I am fully awake and already regret getting out of bad
Long story short - while we were on a bathroom with daughter, kids were with grandma (she’s visiting to help with kids). And they managed to turn on the stove. Results? Plastic all over the stove, air smells like chemical plant, I am fully awake and already regret getting out of bad
Mysk🇨🇦🇩🇪On iOS and macOS, WhatsApp stores chat databases unencrypted in an app group container accessible to apps from the same developer. So all Meta apps on the same iPhone (e.g., Facebook) can read WA chats in plaintext without permission, and users wouldn't be notified.
This is a demo we prepared recently to show a macOS bug that allowed unrestricted access to protected app containers. WhatsApp stores data at rest without encryption.
Kevin Beaumont
Lukasz OlejnikLinux kernel security list is drowning in duplicate AI-flagged bugs; same issues, with same tools, but different names of human submitters. Maintainers have now formalized the obvious - AI-found bugs are public by definition. New docs define 5 failure modes for AI-assisted reports: too long, Markdown-heavy, threat model-ignorant, reproducer-free, patch-free. Non-compliant reports risk being ignored. Most AI-flagged issues aren’t even real vulnerabilities anyway. 500 submitters, 1 CVE, 0 patches?
Mitchell HashimotoI strongly believe there are entire companies right now under heavy AI psychosis and its impossible to have rational conversations about it with them. I can't name any specific people because they include personal friends I deeply respect, but I worry about how this plays out.
I lived through the great MTBF vs MTTR (mean-time-between-failure vs. mean-time-to-recovery) reckoning of infrastructure during the transition to cloud and cloud automation. All those arguments are rearing their ugly heads again but now its... the whole software development industry (maybe the whole world, really).
It's frightening, because the psychosis folks operate under an almost absolute "MTTR is all you need" mentality: "its fine to ship bugs because the agents will fix them so quickly and at a scale humans can't do!" We learned in infrastructure that MTTR is great but you can't yeet resilient systems entirely.
The main issue is I don't even know how to bring this up to people I know personally, because bringing this topic up leads to immediately dismissals like "no no, it has full test coverage" or "bug reports are going down" or something, which just don't paint the whole picture.
We already learned this lesson once in infrastructure: you can automate yourself into a very resilient catastrophe machine. Systems can appear healthy by local metrics while globally becoming incomprehensible. Bug reports can go down while latent risk explodes. Test coverage can rise while semantic understanding falls. Changes happens so fast that nobody notices the underlying architecture decaying.
I worry.