Mike Williamson

@[email protected]
284 Followers
424 Following
1.4K Posts

Digital Transformation = Agile + APIs + AppSec

Security Architect at the Public Health Agency of Canada. Formerly TBS Cyber security & part of the team that launched the Canadian Digital Service.

bloghttps://mikewilliamson.wordpress.com
githubhttps://github.com/sleepycat
Mike WilliamsonMar 18

"The invisible #Unicode characters were devised decades ago and then largely forgotten. That is, until 2024, when hackers began using the characters to conceal malicious prompts fed to AI engines. While the text was invisible to humans and text scanners, #LLMs had little trouble reading them and following the malicious instructions they conveyed."

https://arstechnica.com/security/2026/03/supply-chain-attack-using-invisible-code-hits-github-and-other-repositories/

Supply-chain attack using invisible code hits GitHub and other repositories

Unicode that's invisible to the human eye was largely abandoned—until attackers took notice.

Ars Technica
Mike WilliamsonMar 18

"2025’s exploited vendors followed the same pattern we observed last year, with big tech experiencing the most zero-day exploitation and security vendors following directly behind.
...
#Cisco and #Fortinet remain commonly targeted networking and security vendors, while #Ivanti and #VMware continue to see exploitation that reflects the high value threat actors place on VPNs and virtualization platforms."

https://cloud.google.com/blog/topics/threat-intelligence/2025-zero-day-review

Look What You Made Us Patch: 2025 Zero-Days in Review | Google Cloud Blog

Our analysis of 90 zero-day vulnerabilities tracked in 2025, focusing on techniques and how AI will accelerate the vulnerability landscape.

Google Cloud Blog
Mike WilliamsonMar 8
LobstersMar 8
If It Quacks Like a Package Manager https://lobste.rs/s/hekrwd #devops
https://nesbitt.io/2026/03/08/if-it-quacks-like-a-package-manager.html
If It Quacks Like a Package Manager

0 comments

Lobsters
Mike WilliamsonMar 7
Quantum ⊂ AIMar 7
They're threatening us with a good time again
Mike WilliamsonMar 7
Ada  Mar 7

Dutch government: Release report on dangers of using American hosting

Also Dutch Government: Signs contracts with American hosting companies

Still the Dutch Government: removes their own report on American hosting services, because it now makes them look bad.

Nieuwe kabinet, dezelfde onzin  

#thenetherlands #nederland #netherlands

Dutch gov't pulls report on dangers of American cloud service after criticism

The Ministry of Justice and Security removed a report on the risks of Amazon’s “European Sovereign Cloud” service shortly after publishing it. This followed critics saying that the report underestimates the service’s dangers and illustrates the government’s tunnel vision regarding American big tech, the Volkskrant reports.

NL Times
Show threadMike WilliamsonMar 7
#Centralization is the only idea in government
Show threadMike WilliamsonMar 7

Meanwhile in the UK:

"The government’s previous shared services strategies failed to deliver their intended cost savings and other benefits. Its new Shared Services Strategy is highly ambitious..."

#gcdigital #sharedservices

https://www.nao.org.uk/reports/government-shared-services/

Government Shared Services - NAO report

The Government has made progress delivering its latest strategy to share back-office services across Whitehall departments in the past year, but remaining barriers will need to be addressed for it to deliver its plans by 2028 and achieve value for money, according to the National Audit Office.

National Audit Office (NAO)
Mike WilliamsonMar 7

Austrailia's early 2000s experiment with a #SharedServices organization is super interesting.

Super impressed that they actually checked that their #centralization effort was delivering on it's claims.... and it wasn't.

The original business case was "fundamentally flawed" and has "resulted in a total cost to the State of $473 million" instead of the expected savings of $68 million/year.

* 91 per cent of sampled agencies comment that service delivery has deteriorated upon transitioning to shared
services.
* Over 80 per cent of the sampled agencies reported that processing timeframes have worsened
* rolling-in to the DTFSSC has had a detrimental impact on the operations of the majority of rolled-in agencies

"The Authority concludes that the current structure of the DTFSSC is problematic. It is a monopoly provider, with a mandated client base and a lack of meaningful service level agreements. This means that there are minimal incentives for DTFSSC to improve service delivery and few ways in which client agencies can hold DTFSSC accountable"

#gcdigital

https://www.erawa.com.au/sites/default/files/Final%20Report%20-%20Inquiry%20into%20the%20Benefits%20and%20Costs%20Associated%20with%20the%20Provision%20of%20Shared%20Corporate%20Services%20in%20the%20Public%20Sector%20-%2010%20June%202011.PDF

Mike WilliamsonMar 3
MDN Web DocsMar 3

🍪 CookieStore API offers a modern, promise-based way to read, write, update, and delete cookies, all without parsing strings manually.

It brings,
✅ Async operations
✅ Structured data
✅ Service worker support

Learn more 👇
https://developer.mozilla.org/en-US/docs/Web/API/CookieStore

CookieStore - Web APIs | MDN

The CookieStore interface of the Cookie Store API provides methods for getting and setting cookies asynchronously from either a page or a service worker.

MDN Web Docs
Mike WilliamsonFeb 28
LobstersFeb 28
Stop Putting Secrets in .env Files https://lobste.rs/s/eai9st #security
https://jonmagic.com/posts/stop-putting-secrets-in-dotenv-files/
Stop Putting Secrets in .env Files

2 comments

Lobsters