Paul J Stevens

@pjstevns
96 Followers
586 Following
368 Posts
Staff engineer @ labdigital.nl
Flamenco guitar aficionado
History and cultural anthropology geek
previousDBMail, Plone, Django
techpython, c, rust, typescript, aws, azure, terraform, neovim
politicsBIJ1 intersectional justice
Paul J Stevens2d ago
Kevin Beaumont2d ago

It looks like Microsoft's DevOps libraries for Azure Functions might have been compromised. No statement yet but Github is nuking Microsoft's own repos.

https://opensourcemalware.com/blog/miasma-reaches-azure

The Blight Reaches Microsoft: 73 Repos Disabled in 105 Seconds

GitHub disabled 73 Microsoft repositories across four of its GitHub organizations — the entire Azure Functions org, the whole Durable Task family, and a row of AI sample apps — in a 105-second sweep on June 5. The recompromised durabletask package sits at the center, and the fingerprints point at the open-sourced Miasma worm.

Paul J Stevens2d ago

RE: https://cyberplace.social/@GossiTheDog/116699661945921760

this explains the suspension notice we received yesterday on one of our #opensource #github repos which targets azure functions.

I suspect we have some serious mitigation to do next monday on our projects running #azure functions with deployment pipelines being down.

Paul J Stevens5d ago
Jan Wildeboer 😷6d ago
The dutch ministry of economic affairs and climate has joined the #Fediverse! Welcome, @MinisterieEZK
Paul J StevensMay 30
nixCraft 🐧May 30

rsync: Security fix breaks --link-dest via rsync daemon #915 https://github.com/RsyncProject/rsync/issues/915

Damn. The devs are breaking rsync using AI. This tool is such a crtical tools for backups and used by so many Linux, Unix, macOS, *BSD users or IT pros.

Security fix breaks --link-dest via rsync daemon · Issue #915 · RsyncProject/rsync

I usually perform backups via rsync daemon or to local disks, maintaining a history with hard links. With the latest security backports in version 3.2.7 (3.2.7-0ubuntu0.22.04.6 on Ubuntu 22.04.5 LT...

GitHub
Paul J StevensMay 27
Show threadAkaSci 🛰️May 27

Ed Zitron:

"LLMs impress the writers who do not want to write, the coders who don’t want to code, the researchers who don’t want to research, and the lawyers that don’t want to actually understand case law. Those that desperately tell you how powerful AI is and that you simply must use it are looking for you to validate their own laziness or distaste for effort, and those who are impressed with LLMs’ outputs tend to be people with low standards."

https://www.wheresyoured.at/the-revenge-of-the-business-idiot/
2/n

Revenge of The Business Idiot

If you liked this piece, you should subscribe to my premium newsletter. It’s $70 a year, or $7 a month, and in return you get a weekly newsletter that’s usually anywhere from 5,000 to 18,000 words, including vast, detailed analyses of NVIDIA, Anthropic and OpenAI’s

Ed Zitron's Where's Your Ed At
Paul J StevensMay 27
Natasha 🇪🇺May 27
Paul J StevensMay 23
Kees van der LeunMay 23
Microsoft - a preferred supplier of Dutch government - and Meta shared names of civil servants and scientists involved in European regulation on tech companies with the Trump regime.
Scandalous and intimidating, as one of them Claes de Vreese, says.
https://nos.nl/l/2615391
Techbedrijven deelden namen Nederlandse ambtenaren met VS: 'Ontzettend zorgelijk'

Het gaat om ambtenaren die betrokken zijn bij de handhaving van Europese regels om techplatforms te reguleren. De Amerikaanse overheid ziet die regels als censuur.

Paul J StevensMay 17
jbzMay 16

‘No Way To Prevent This,’ Says Only Package Manager Where This Regularly Happens | Kevin Patel

「 “It’s a shame, but what can you do? This is just the price of building modern web apps,” said Senior Frontend Engineer Mark Vance, echoing the sentiments of a community that completely relies on a 40-level-deep nested tree of unvetted packages maintained by pseudonymous strangers to capitalize a single string 」

https://kevinpatel.xyz/posts/no-way-to-prevent-this/

#npm #satire #cybersecurity

‘No Way To Prevent This,’ Says Only Package Manager Where This Regularly Happens | Kevin Patel

Kevin Patel - Application Security Engineer @ NISC

Kevin Patel
Paul J StevensMay 16
🅰🅻🅸🅲🅴 (🌈🦄)May 16
The "smarter" all the devices get, the smarter I feel for not buying them.
Paul J StevensMay 11
Tim Bray 🇨🇦May 11

RE: https://cosocial.ca/@mhoye/116553395984214488

“Summary:

A compromised dependency in the JavaScript ecosystem led to credential theft, which enabled a supply chain attack on a Rust compression library, which was vendored into a Python build tool, which shipped malware to approximately 4 million developers before being inadvertently patched by an unrelated cryptocurrency mining worm.”