Notices by Viss (viss@mastodon.social)

your opportunity to push to prod has passed.

the window is now closed.

your next opportunity to push to prod is 9pm PST sunday night, before the federal holiday.

RE: https://mastodon.social/@arstechnica/116620572167446503

happy friday

h/t @nyanbinary

so let me get this straight
microsoft defender, the built-in antivirus tool for windows

has a heap based buffer overflow that leads to remote code execution

if you get it to scan a file, and that file is crafted the right way.

the antivirus tool is the carrier for the execution of malware.

https://oddguan.com/blog/second-time-same-sandbox-anthropic-claude-code-network-allowlist-bypass-data-exfiltration/

if you use claude code
anywhere
for anything

do not run it where there are secrets or sensitive files. if claude code has access to things, this is just another way it can ruin your day/week/month/year

https://arstechnica.com/cars/2026/05/moose-proof-and-megacasting-ars-drives-the-new-volvo-ex60

there is such a thing as a moose proof car?

https://news.ycombinator.com/item?id=48201316

so uh

github hacked maybe?

sure ok

#sandiego #hatecrime #activeshooter

https://globe.adsb.fi/?icao=ab2eff

RE: https://mastodon.social/@cmconseils/116597128319352842

this is the gentoo version of a fancy glass door

giving little snitch for linux a shot:

the ui pops in a browser!

so iran is targeting gas stations now i guess?
and its all over the news?

heres a screenshot from my twitter archive from 2014, showcasing open, unauth vnc to a gas station.

its been TWELVE YEARS and even posting shit like this didnt get people to do better.

all that technical debt, refusal to take security seriously etc is all landing now.

@skinnylatte shit tier american hotsauces are 'vinegar and hot', often used to hide the terrible flavor of cheap wings

cue everyone who saw this coming 100,000 miles away

https://www.wired.com/story/thousands-of-vibe-coded-apps-expose-corporate-and-personal-data-on-the-open-web/

it has somehow become friday!
rejoice!

then push to prod

RE: https://mastodon.social/@Viss/116535812794756896

TIL: anthropic does not consider "I can get arbitrary text into your internal slack chatrooms via this injection method" a security risk.

its 'informative'.

the doll catches fire

https://www.stvn.sh/writing/programming-still-sucks-fqffhyp

remember: push to prod friday is tomorrow.

be sure to include ALL THREE privesc kernel bugs that have surfaced in the last two weeks into production!

thats what the stakeholders want!
velocity towards new stuff going live!

exploits count as stuff!
and youre being graded on how many tokens you burn

so tell claude and codex to take all three bugs, rewrite them all into brainfuck, write a new interpreter, build it into a 50 meg go binary and push that to prod along side * // TODO: write code

@xenotar @mr_daemon ill be going to termux. theres a bunch of shit i wanna do with it since it'll give you a local shell. i have a whole suite of tools i wanna build out that'll run in it. remember that group of folks that basically wrapped metasploit up into an app and you could run it on mobile? like 2010, 2012?

@xenotar @mr_daemon oh what?! dude i use juicessh on the daily! i better save the apk

i dont think ive gushed hard enough about btop lately. or at all.
here it is.
its beautiful
i wish it supported the stupid intel gpu on this thing better, but its still glorious