Kirill Chernyshov

@dotfox
17 Followers
84 Following
215 Posts
Kirill Chernyshov2d ago
Андрей Ситник2d ago

Очередной взлом GitHub action с подменой старый версий для заражения CI.

Очередной пример, что в workflow надо фиксировать action по sha-коммита, а не по версии.

В JS-проектах используйте actions-up
https://github.com/azat-io/actions-up

В остальных — pinact.

https://socket.dev/blog/trivy-under-attack-again-github-actions-compromise

GitHub - azat-io/actions-up: 🌊 Interactive CLI tool to update GitHub Actions to latest versions with SHA pinning

🌊 Interactive CLI tool to update GitHub Actions to latest versions with SHA pinning - azat-io/actions-up

GitHub
Kirill Chernyshov2d ago
Niki Tonsky2d ago
Do I (or you?) know anyone in Berlin who plays badminton casually? Not pro but not just starting either. Would love to make a friend
Kirill ChernyshovMar 12
JaromírMar 8

I would like to give away my Novation LaunchKey 37 MK3.

Does anyone know any charity (working with kids, for example), group or individual that this could help to? Personal recommendations are much appreciated.

Fully functional, few minor scratches that do not affect the functionality.

Within EU due to fees and easier shipping in general (I’ll take care of that).

Thank you for sharing ❤️

#musicProduction #midiController #midi #novation #ableton #bitwig

Show threadKirill ChernyshovMar 6
@technomancy such a strong Kin-dza-dza! vibe. hilarious and sad at the same time
Show threadKirill ChernyshovFeb 22
@sexabolition.blog let's say I'm that same hobbyist and I have such a "theoretical system". what could you recommend as the next step?
Kirill ChernyshovFeb 20
I cried then - I'm still crying today
Show threadKirill ChernyshovFeb 20
@fluffykittycat and, as I said in another reply - If a privacy-preserving alternative exists, it's leverage to fight the invasive version. I'd rather have the option than not.
Show threadKirill ChernyshovFeb 20
@fluffykittycat Anonymity in my system is from the verifier, not from the issuer. The issuer (say, a gov agency) knows who you are - same as when they issue you a passport. But the website/service checking your age learns nothing about you. So: the issuer can stop fraudulent issuance (not anonymous to them), and the verifier can't track you (anonymous to them). No circle to square - these are two different relationships.
Show threadKirill ChernyshovFeb 20
@fluffykittycat How easy is it for you to get a fake identity that will be accepted as legit by some gov agency or even your local pub? My system does not reinvent the wheel here, it will be equally hard. But it solves a problem that to get to the pub you have to reveal your name, exact date of birth, address, etc. With this system, the verifier can't see that data even if they wanted to - it's never transmitted, not just "promised not to be stored".
Show threadKirill ChernyshovFeb 20
@sitnik_ru оу, не отфиксировал что нужена аппаратная двухфакторка, combell можешь вычеркивать)