Who's asking for these features? Show yourself!
25.07.2025 20:46
π 6
π 3
π¬ 1
π 0
Who's asking for these features? Show yourself!
I just released my edit of "In Praise of 'Normal' Engineers": why the best engineering orgs in the world are the ones where β¨normal engineersβ¨ can consistently move fast, ship code, fix shit, help their users, and move the business forward...a little more, every day.
charity.wtf/2025/06/19/i...
An astronomy professor colleague of mine once relayed trying to explain to his students why it was important that they actually write their class reports themselves. βThe point is not to teach ME about neutron stars,β he said.
"I fought a DDoS and lived to tell the tale" is one of my favourite blog posts. It's been many months since I read it, but I remember it whenever I think of WAF. Give it a read; I promise it will be worth it.
open.substack.com/pub/funkbyte...
Corollary: ICs who believe that AI can replace middle management think that it would result in them having more power and freedom, not realizing that it would mean taking an infinite stream of vibes-driven AI-generated tickets from their exec overlords
Hypothesis: The belief that AI can replace middle management is actually the wish of execs who never gave up on "command and control" models of leadership and just didn't feel able to execute them at scale, but now believe that the machines will allow them to do so
Thank you this is really helpful
Every tech company* has platform teams trying to build:
1. Heroku, except hand-rolled
2. One giant shared database, so engineers can ignore analytics without consequence
3. If they have a monolith, microservices. If microservices, a monolith
4. A solution to the halting problem
* Hyperbole. I hope
# avoid the nightmare bicycle
Does this include updating old/vulnerable dependencies? Also, what happens if the signal from the analyzer is a high quality one?
As a security engineer I avoid wasting dev time on low quality findings, but thereβs also the challenge of just enough upkeep to avoid incident-inducing problems
This is such cool analysis of PIN in @haveibeenpwned.com's Pwned Passwords. Scroll through the page and watch the heat map change alongside the explanations of how people are creating (somewhat) predictable PINs: www.abc.net.au/news/2025-01...
Graph showing that programmers who introduce more files tend to have more of those files changed by others. Duh. But also there is variance above and below the trend line.
I'm not anti-metric. I'm anti metric abuse. Data mostly asks questions, not answers them. Here's an example of using data to ask questions about who are influential programmers on a project. tidyfirst.substack.com/p/measuring-...
Always do this prior to going through a security checkpoint or interacting with law enforcement
Angertainment is a great way to describe the emotional experience most social media platforms are optimizing for.
Today at NCSC we published two blogs on our position regarding passkeys - the first is below (links to the second) - they are our future, not perfect but getting better..
.. call to action within!
www.ncsc.gov.uk/blog-post/pa...
This is what frustrates me most about AI companies with opaque language about what they do with data sent to their models - it opens very genuine questions about the ethics of pasting material into the bot to get a summary or explanation
who is this for? that's what I can't wrap my head around - who wants to follow someone who's not real, and is posting about their regular day to day life except none of it is really happening? who is this *for*?
This is well worth a read.
Thanks for this, very timely as weβve experimented with magic links, will definitely check out those links experiment with passkeys. Always been hesitant about passkeys due to transferability issues, with magic links itβs a great match.
TIL how easy it is to ask curl to dump TLS session keys to disk π οΈ
Simply set the environment variable `SSLKEYLOGFILE=/path/to/file` π
Note: it also works for Firefox and Chrome
Extremely useful when combined with Wireshark π
π Oh boy I came here to write exactly this, the painβ¦I imagine there is some supposed sales logic here, but I have no idea what it is.
This is the way
Example: Companies pay big bucks for all sorts of tools that run on desktops, mail systems, servers, etc. instead of deploying FIDO authentication to eliminate password phishing entirely.
The basics are still the basics. But we're in an industry built on misplaced fear and hacklore.
I don't want a video! I want a text writeup! I don't want a video! I want a text writeup! I don't want a video! I want a text writeup! I don't want a video! I want a text writeup! I don't want a video! I want a text writeup! I don't want a video! I want a text writeup! I don't want a video! I want a
The best response to βFounder Modeβ that Iβve seen: charity.wtf/2024/12/17/f...
Thank you @mipsytipsy.bsky.social
Any roles open in the Netherlands? Looks like some great opportunities.
Iβm enjoying the fact that the prevalence of AI tech is leading people to ask βwhat _should_ our tech do for us?β. Should have been asking that all alongβ¦.
If youβre using an iPhone, the likelihood of that being compromised compared to computer is way less, so yes to your original Q. However as youβve pointed out, if you have both on phone then same risk is there, just lower. Safest is to never have both on same device (and take the UX hit).
If you think of risk as likelihood and impact, the impact angle makes this risk go up a lot as popping your 1Password now means insta access to everything. Which is what MFA tries to preventβ¦as someone else has said, I do it for low value accounts, where Iβm ok that trade-off.
greetings gentleblues, I bring you tidings of hot takes and shade
my new post discusses why cybersecurity isnβt special (nor should it be) kellyshortridge.com/blog/posts/c...
plus eight opportunities for security programs to become constructive vs. constrictive