The AI Security Shakedown

- Matthias Ott shared a link to a post from Anthropic titled “Disrupting the first reported AI-orchestrated cyber espionage campaign”, which I read because I’m interested in the messy intersection of AI and security. I gotta say: I don’t know if I’ve ever read anything quite like...

Grok is enabling mass sexual harassment on Twitter

An uncomfortable but necessary discussion about the Debian bug tracker

- Note: this post represents my personal opinions as a Debian maintainer of a single package (Meson). It is not my intention to throw anyone involved in the service under a bus, but some things about it are not good and need to be spoken aloud (in my opinion anyway, other people...

Leading Global Research and Advisory Firm Recommends Against Using AI Browsers

- I recommended against using an AI browser unless you wanted to participate in a global experiment in security. My recommendation did come with a caveat: But probably don’t listen to me. I’m not a security expert Well, now the experts (that you pay for) have weighed in. Gartner,...

CSRF Protection without Tokens or Hidden Form Fields

- A couple of months ago, I received a request from a random Internet user to add CSRF protection to my little web framework Microdot, and I thought it was a fantastic idea. When I set off to do this work in early November I expected I was going to have to deal with anti-CSRF...

Minification isn't obfuscation - Claude Code proves it

- This is the first in a series of three articles I'm going to be releasing over the holiday season, on how I think agents are completely reshaping software engineering beyond pure productivity enhancements. If you'd like to get notified when they come out, please subscribe to my...

How to Securely Store Secrets in Environment Variables

- You may have seen the recent reports of a malware that stole API keys, tokens and other secrets from a large number of developers. From where were these secrets stolen from? You guessed it, they were mostly stolen from environment variables. We use environment variables to...

Go feature: Secret mode

- Automatically erase memory to prevent secret leaks....

Malicious Traffic and Static Sites

- I wrote about the 404s I serve for robots.txt. Now it’s time to look at some of the other common 404s I serve across my static sites (as reported by Netlify’s analytics): /wp-login.php /wp-admin /news/wp-includes/wlwmanifest.xml /login/ /wp-includes/wlwmanifest.xml...

Podcast Notes: Feross Aboukhadijeh on The Changelog

- I enjoyed listening to Feross Aboukhadijeh, founder and CEO of the security firm Socket, on the Changelog podcast “npm under siege”. The cat-and-mouse nature of security is a kind of infinite source of novel content, like a series of heist movies that never produces the same...

How I use Claude Code to manage sysadmin tasks

- A practical approach to managing production infrastructure using git-tracked markdown files and Claude Code for small teams...

Claude is listening

Messing with bots

- Markov chain babblers, bogus php files, and more!...

New prompt injection papers: Agents Rule of Two and The Attacker Moves Second

Aggressive bots ruined my weekend

- The web-scraping arm race continues...

Agentic AI and Security

- Agentic AI systems are amazing, but introduce equally amazing security risks. Korny Sietsma explains that their core architecture opens up security issues through what Simon Willison named the “Lethal Trifecta”. Korny goes on to talk about how to mitigate this through removing...

AI Browsers: Living on the Frontier of Security

- OpenAI released their new “browser” and Simon Willison has the deets on its security, going point-by-point through the statement from OpenAI’s Chief Information Security Officer. His post is great if you want to dive on the details. Here’s my high-level takeaway: Everything...

Dane Stuckey (OpenAI CISO) on prompt injection risks for ChatGPT Atlas

Living dangerously with Claude

Fragments and Links

- Mathias Verraes writes about the relationship between Domains and Bounded Contexts in Domain-Driven Design. It’s a common myth that there should always be a 1:1 relationship between them, but although it’s sometimes the case, deeper modeling often exposes a more interesting...

How I Almost Got Hacked By A 'Job Interview'

- I was 30 seconds away from running malware, Here's how a sophisticated scam operation almost got me, and why every developer needs to read this....

Notes on OpenAI's AppSDK

- OpenAI's dev day was today. While I wrote up a short summary of what was announced on bluesky, one of the major announcements was the AppSDK for ChatGPT. It looks like OpenAI plans to position ChatGPT as a platform for the future not unlike the Google Play and...

Notes from MCP Dev Summit Europe: Where the Protocol Is Headed

- Insights from MCP Dev Summit Europe on agentic discovery, client compatibility challenges, and the emerging field of agentic experience design...

Apple's Antitrust Playbook

- Contents Lies by Any Other Name Great Artists Steal Dear Tech Reporters: Access Is Not A Beat This blog is failing on several levels. First, September 2025 is putting the “frequent” in “infrequently”, much to my chagrin. Second, my professional mission is to make a web that's...