Beware of weird branch names
Sanitize your inputs
Some references for the #ultralytics attack, which saw a crafted branch name inject a crypto miner into a PyPi package via unsanitized Github Actions variables.
https://vielmetti.typepad.com/logbook/2024/12/ultralytics-github-actions-plugin-compromised-by-git-branch-name-shell-injection-attack.html
[#]github #infosec
cc @990000 @neilk
=> More informations about this toot | View the thread
Unfollowing some people who I otherwise really like on Mastodon because they are too noisy and overrun my feed.
I wish the user interface had something more subtle than "mute" or "unfollow" to cope with this, because in truth I do occasionally want to hear from them.
=> More informations about this toot | View the thread
The key observation: the half-life of a toot is measured in minutes, but problems take days or weeks to solve, and interesting things in a narrow field stay interesting for months or years.
=> More informations about this toot | View the thread
The instant publication of a toot is very appealing, with a quick hit of dopamine possible if you happen to get really lucky and write something that triggers a quick response. That's great, in the same way that a rat pressing a lever thinks that getting fed is great.
=> More informations about this toot | View the thread
I am running Home Assistant at home. It kind of works, in a kind of haphazard way as if you had an old-school Lego set with no instructions and you just puttered around building things until you were bored or done.
Is there any organized, methodical, "here is how you do it well" guide to HA? Principles of operation, design guidelines, some reasonably well worked out non-trivial examples, suggestions for what not to do, etc?
I will summarize replies.
=> More informations about this toot | View the thread
Listening to KPSU, "Portland's College Radio", outside the Smith Memorial Student Union on the Portland State University Campus. "Montgomery Plaza" is one block of street that forms a piece of a good-sized pedestrian way.
https://kpsu.org/player/
Yesterday there was a farmers market a block from here, and the FOSSY conference has been here since Thursday.
https://2024.fossy.us
I'll be following the "FOSS Funding and Economics" track today
https://2024.fossy.us/schedule/
[#]fossy #fossy24
=> More informations about this toot | View the thread
Talking to @paigerduty after her #FOSSY24 talk "The Art of Asking" about the old ways of Usenet and "Frequently Asked Questions" we used to carefully tend that got reposted periodically so that when the local news spool got purged after a few weeks there was still continuity in the newsgroup about what people knew and how to get more info.
https://www.slideshare.net/slideshow/the-art-of-asking-fossy-2024-pdx-paige-cruz/270708495
It was a great talk, hoping for a longer format version (zine? book?) with some additional examples.
[#]fossy #fossy2024
=> More informations about this toot | View the thread
Also looking forward to @darius talking about community governance for smallish Mastodon servers at #FOSSY
https://2024.fossy.us/schedule/presentation/250/
328 | Fri 02 Aug 5:30 p.m.–6:15 p.m.
"The research sought to identify current server administrators’ most promising models for mitigating those risks and outline the biggest and most important gaps in risk mitigation, with the aim of helping the broader Fediverse level up governance quickly, safely, and collaboratively."
[#]fossy2024 #fossy24
cc @instance
=> More informations about this toot | View the thread
Super looking forward to the talk this afternoon by @paigerduty at #FOSSY on "The Art of Asking"
https://2024.fossy.us/schedule/presentation/248/
Room 328 | Fri 02 Aug 3 p.m.–3:45 p.m.
from the abstract
"Between instant messaging platforms, mailing lists, social media accounts, wikis, repos, and meetups there are a lot of ways to connect and engage with an open source community/project and who you ask, when you ask, where and how can all affect the answers you get."
[#]fossy24 #fossy2024
=> More informations about this toot | View the thread
These are recommendations that I have for #fossy near Portland State University
Sesame Donuts
Urban Farmer Donuts
Departure Restaurant & Lounge
Raven's Manor
Tokyo Sando
Pelmeni Pelmeni
Cowbell LLC
Hopscotch Portland
Dough Zone Dumpling House
Duck House Chinese Restaurant
any other suggestions from #pdx locals or travelers?
thanks to a boss of a @workantile coworking coworker for the list
[#]fossy2024 #food
=> More informations about this toot | View the thread
I packed some stickers for #fossy - these come with a story (and a threat of a $10000 municipal fine for unauthorized use)
From 2019, this Ann Arbor Observer story about municipal overreach in trying to copyright things they can't copyright
https://annarborobserver.com/seal-of-disapproval/
[#]a2gov #fossy2024
=> More informations about this toot | View the thread
Detroit, Michigan is in the Eastern time zone.
[#]dtwcarpet
Flight #dl572 #dtw to #pdx for #fossy
Looking forward to seeing folks there. I am speaking on Thursday
https://2024.fossy.us/schedule/presentation/195/
[#]fossy2024
=> More informations about this toot | View the thread
Very interested to see testing and support for the new "multicores edition" of #LZ4 compression
https://github.com/lz4/lz4/releases/tag/v1.10.0
Measured speedup on compression is near-linear on 8-core systems, looking forward to testing on 80-core systems to see how far this can be pushed. Also interested to see this picked up by distros.
=> More informations about this toot | View the thread
=> This profile with reblog | Go to w8emv@hachyderm.io account This content has been proxied by September (ba2dc).Proxy Information
text/gemini