Joined October 2023
- Tweets 12,504
- Following 738
- Followers 1,109
- Likes 54,181
993 Photos and videos
Jun 12
VS Code now includes a configurable delay for extension auto-updates 👀
This is useful to protect against supply-chain attacks on extensions..
1
3
83
Jun 12
Tune in to ContinuumCon YT channel today and tomorrow if you're curious about security 🫠
They have some of the best security superstars there!
Jun 11
This Saturday at 3:45 ET I’ll be presenting a live intro to my security engineering course there (practical guide to SAST, DAST, etc)
1
75
LLMs are so bad for Java!
..which is surprising, given how much Java code exists.
Just goes to show they aren't really good at more complex and verbose languages, despite being statically-typed 🤔
14
17
2,124
May 28
VS Code-based editors like Cursor don't provide a way to always install extensions older than X days
This would really help GitHub avoid the breach they suffered.
So I prototyped my own pure-Go solution, based on a lightweight proxy that you can run locally.
Just replace the "extension gallery URL" with the local proxy URL in IDE settings, and you're all set!
Ironically, VS Code itself doesn't provide an easy way to override this URL 🥺
This project is still in beta, so use at your own risk, and feel free to fork please, so you're not supply-chain-dependent on mine 😅
2
2
11
1,460
May 22
When you're in New York and they tell you not to post about it 😝
5
167
May 13
Dad reading daily morning newspaper
on supply-chain vulnerabilities 🥲
4
219
May 13
As much as I like Wiz, to solve supply chain security we can't rely only on detection 🥲
We need secure package managers and rich standard libraries, with Go as the gold standard.
(yea I hate to sound so "formal" but it needs to be said)
May 12
Goooood morning Europe!
Our threat research team has been tracking the new mini-shai-hulud wave overnight.
If you're not using cooldowns with tanstack, uipath, mistralai, @opensearch-project/opensearch, more --- time to dig in 🕳️
wiz.io/blog/mini-shai-hulud-…
1
238
May 10
This is a good PSA for security-minded Rust developers.
Rust has an RFC to handle this natively, but in the meantime I built an equivalent proxy until I just discovered this publicly operated one 🫡
Link in comment 👇
1
4
361
May 10
2
4
108
Apr 29
Indiehackers only want one thing and it's disgusting! XD
Apr 29
I want to take some shots of my laptop while out and about
You know the type
Digital nomad
Fancy cafe
Loads of coffee
However, big issue!
My laptop keyboard is disgusting!
5
230
Apr 27
Sunday project to calibrate my @FrameworkPuter 16 display 😅
It was quite easy using Calibrite Display Pro, and I found out Hyprland support for ICC profiles has just been merged, but not released yet 🥹
So hopefully will be able to test it soon!🤞
1
12
907
Apr 25
The time has come.
I thought I had no time for anything, and now I do 😁
@ThePeterMick what a time to be alive! 😅
4
16
3,928
Apr 23
If you don't have a Password Book yet, you're falling behind!
Seriously, this is the new alpha in supply chain security 😎
2
4
378