the NSA just published a post-hoc threat model for a protocol that shipped without one. that's the whole problem in one PDF. the security design work should've happened before MCP went into production, not after. its why we exist.
Japan coming out at third place in Olympics overall ranking, without a single Japanese athlete reaching social media stardom, is the most Japanese thing that has happened this year #olympics#memes
this is not an isolated incident. LLMs are not only changing "how" we write code, they are also changing "what" we write. engineers know that at some point in the future, they will use LLMs to search, reason, debug, expand their code, so
approach A is just as good as approach B, but it is easier for LLMs to understand and reason about, so let's go with A. I could not have been convinced faster 🚀
co-founder and i were discussing implementation details for a new feature this morning. we were debating two alternatives, and neither of us had a strong preference. he finally says:
I'm actually more impressed by Crowd's ability to do a global rollout so quickly that they did not even realize they were crashing the modern world's infra before we had already lost contact with a few countries 😂
It’s absurd how much energy and money is spent on securing software supply chain and open-source software on the end-user (devs) side, but not nearly enough on strengthening the first line of defense (maintainers).
hey, remember way back when the real cause of the xz incident was people bullying the maintainer into abdicating his own project, and we all decided that maintainer mental health, and kindness, were the most important things for Open Source security?
This is why we can’t have nice things 🥲
Databases are meant to be “set it and forget it” type of infrastructure. But in reality, there is so much that needs to be done to keep them running at scale, efficiently. OtterTune was supposed to change that, and it’s sad that the business model did not work.
I'm to sad to announce that @OtterTuneAI is officially dead. Our service is shutdown and we let everyone go today (1mo notice). I can't got into details of what happened but we got screwed over by a PE Postgres company on an acquisition offer. https://t.co/uPg9JDKMlz
Many cybersecurity solutions pride themselves in finding "the largest number of vulnerabilities". But, are more “findings” produced by a tool a good thing or a bad thing?
Tailoring tests to a business's unique circumstances, as opposed to blindly following "best practices," is the way to go. This can only be achieved by using a security plan (or threat model) to inform the security review and checks.