don't talk to me or my son ever again
Notices by yossarian (1.3.6.1.4.1.55738) (yossarian@infosec.exchange)
-
Embed this notice
yossarian (1.3.6.1.4.1.55738) (yossarian@infosec.exchange)'s status on Wednesday, 29-Jan-2025 02:43:42 JST 
yossarian (1.3.6.1.4.1.55738)
-
Embed this notice
yossarian (1.3.6.1.4.1.55738) (yossarian@infosec.exchange)'s status on Friday, 10-Jan-2025 05:36:36 JST
yossarian (1.3.6.1.4.1.55738)
i'll be speaking at FOSDEM in the Security Devroom about zizmor and GitHub Actions security!
details here:
https://fosdem.org/2025/schedule/event/fosdem-2025-6543-hunting-for-github-actions-bugs-with-zizmor/
-
Embed this notice
yossarian (1.3.6.1.4.1.55738) (yossarian@infosec.exchange)'s status on Friday, 27-Dec-2024 04:10:55 JST
yossarian (1.3.6.1.4.1.55738)
hi all, i'm doing another round of donations this year.
i'll match up to $2000 total and my company will match up to another $2000, so matching me will get your donation tripled.
here are some of the organizations i'm supporting:
* Anera: https://www.anera.org/ -- food and relief in Palestine, Lebanon, and Jordan
* HIAS: https://hias.org/ -- resettlement and support for immigrants around the word
* ProPublica: https://www.propublica.org/ -- investigative journalism in the public interest
* Python Software Foundation: https://www.python.org/psf-landing/ -- financially hosts and supports the development of Pythonsend me your donation receipt, and i'll send you a matching one (public or private, your choice!)
-
Embed this notice
yossarian (1.3.6.1.4.1.55738) (yossarian@infosec.exchange)'s status on Wednesday, 11-Dec-2024 09:37:11 JST
yossarian (1.3.6.1.4.1.55738)
and as a counterpart: how many apps fail this test, presumably because their developers drive to work
-
Embed this notice
yossarian (1.3.6.1.4.1.55738) (yossarian@infosec.exchange)'s status on Wednesday, 11-Dec-2024 09:36:56 JST
yossarian (1.3.6.1.4.1.55738)
i think it's pretty interesting how "can a smartphone app handle 30s of internet connectivity, followed by 30s of non-connectivity, followed by 10s of connectivity" is still in 2024 a very strong proxy for "has the developer ever ridden the NYC subway"
-
Embed this notice
yossarian (1.3.6.1.4.1.55738) (yossarian@infosec.exchange)'s status on Thursday, 21-Nov-2024 22:27:17 JST
yossarian (1.3.6.1.4.1.55738)
TIL: Some surprising code execution sources in bash
https://yossarian.net/til/post/some-surprising-code-execution-sources-in-bash
-
Embed this notice
yossarian (1.3.6.1.4.1.55738) (yossarian@infosec.exchange)'s status on Friday, 15-Nov-2024 01:27:21 JST
yossarian (1.3.6.1.4.1.55738)
i'm really excited to share the work my team at @trailofbits has been doing for the last year: Sigstore-based attestations are now live and generally available on PyPI!
if you're already using Trusted Publishing with the canonical pypi-publish action, you don't need to change anything: the action will generate and upload an attestation on your behalf.
we've written a blog post on some of the technical details behind PyPI's attestation features, including Sigstore and PEP 740, here: https://blog.trailofbits.com/2024/11/14/attestations-a-new-generation-of-signatures-on-pypi/
All GNU social JP content and data are available under the