Claude Code wiped our production database with a Terraform command.
It took down the DataTalksClub course platform and 2.5 years of submissions: homework, projects, and leaderboards.
Automated snapshots were gone too.
In the newsletter, I wrote the full timeline + what I changed so this doesn't happen again.
If you use Terraform (or let agents touch infra), this is a good story for you to read.
https://t.co/Mbi3oM4HMn
@Christy4Change Funny, but it's actually a backup plan for me in case the power goes out. Just sit in the car, in the garage, with the heated seats on and watch Netflix. Not glamorous, but it can keep you warm for a couple days like that.
🚨Holy Sh*t🚨
MAGA has tried everything to stop this ad from being aired.
Because ICE is not only kidnapping citizens. Now it's MURDER in Minneapolis
Share this video & follow the ad's creator, @_joejacobson_ since Twitter BANNED his org for exposing the truth!
This is anti-Christ. Full stop. What he says here, as though he is valiantly speaking for righteousness, is wholly antithetical to the Gospel of Jesus Christ. It is a bastardization of the faith, and every single Christian must stand against it. To be a party to this is wrong.
@VicVijayakumar@AsiaOrangio Spousal permission? Really? I used Raleigh Urology. There was a pre-consult a couple weeks before. Doc said "You have kids?" Yep. "Want more?" Nope. "You really sure?" Yep. "Ok, we'll get your scheduled." And that was it. No one ever talked to the wife about it but me, lol.
@johnpavlovitz A large portion of the electorate do not care about any of that. They care that life is hard and they blame those in power and seek change without further thought.
That and a probably not insignificant amount of misogyny and racism.
Hi @matthewcp , I'm curious what became of the Lucy project (the DSL for state charts)? I found your blog entry, but the lucylang site seems to be gone. Looks pretty interesting from the blog post.
Holy sh*t. Never seen an opening to a 60 Minutes as brutal as this one. They start by exposing all the “shifting explanations” from the Trump campaign, including not wanting 60 Minutes to “fact-check” and demanding an “apology” for Trump’s 2020 interview. Watch for yourself.
@DonutOperator Who’s going to pay to rebuild all those roads, bridges, and water systems? Who is funding the National Guard and local responders? Ohh, right.. our tax dollars. Try again broseph.
@JackStr42679640 You have this backward. The river flows out of Lake Lure to the south-east, towards Forest City. Asheville is upstream from Lake Lure.
Please share this far and wide. As far and wide as you can. NIST Password Guidelines for 2024 are in the process of being updated.
This is a HUGE pet-peeve of mine (when vendors in particular are still operating like its 2017 and keep changing passwords every 60 days, STOP DOING THIS, it's outdated and has been shown to put you MORE at risk than less -- NIST explains why it does in this document, meticulously outlining user behavior**) so I'm sharing this in the hopes all of you will pass it along to your bosses.
The Special Publication series governing passwords is SP 800-63 "Digital Identity Guidelines".
The 2024 version is 800-63-4.
Here: https://t.co/oX8YEJHxXg
The companion docs are also on that link. They are 800-63A, 800-63B and 800-63C. These are different documents for different scenarios in play at your org.
The previous update was in2020.
The changes in the 2020 version from the 2017 version were numerous but one of them was that the password verification method should NO LONGER require passwords be changed at specific intervals (i.e. every 60 days) but in the following circumstances instead:
1. After a breach/compromise
2. User request
2024 repeats this and adds a bunch more guidlines but here is a screenshot of page 13 of the new 800-63-4 (note the # 4 after it) which outlines how your systems should now and moving forward, be handling passwords.
This goes for Active Directory, too. All your systems which have passwords should align with these guidelines provided there isn't another standard or framework you must adhere to which overrules this.
Most frameworks, however, have moved away from arbitrary password resets and complexity rules.
**We cybersec researchers and hackers use wordlists from breaches in a variety of different ways. Hackers use them in tooling to crack passwords whereas researchers use breach dumps to see the kinds of passwords users are creating and the psychology behind them.
Using complexity rules gets you the user psychology of:
Password1
Password2
and so on
Use phrasing instead and allow for spaces, which is important. Humans type phrases with spaces. They also mention phish-resistant methods and most vendors are on-board with MS going to be turning off all Legacy Auth next month, across all free accounts and tenancies.
I'm so excited for the new changes!
Ok I'm off my soapbox.
Share the love! Thank you!
Yesterday was a pretty incredible news week. Here's a recap:
- VP Kamala Harris did a rally with Oprah, it was a hit!
- Trump said anti-Semitic things to Jewish people at an anti-anti-Semitism event
- Trump's anti-Semitic endorsement who became the NC gubernatorial nominee Mari Robinson just got revealed as the Black Nazi who loves bisexual sex when he's not preaching against LGBTQ people or getting one of his beloved golden showers whole cheating on his wife with her sister, and he got caught on the AshleyMadison cheat on your wife website database
- Right wing journalist Olivia Nuzzi revealed an improper personal relationship with RFK Jr. after New York Magazine suspended her.
- Right wing propagandist Christopher Rufo also got caught in the Ashley Madison database looking to cheat on his wife, whom he admitted to being an undocumented immigrant from Thailand 2018 Facebook post after his years of supporting racial hatred against immigrants.
- The House Republican impeachment machine got torn to bloody shreds in full view of the public, as did their brilliant idea of bringing the people who wrote Project 2025 on to testify