This week
- Herman's blog Home Now Projects Blog 24 Feb, 2026 A few days ago some 4 or 5 OpenClaw instances opened blogs on Bear. These were picked up at review and blocked, and I've since locked down the signup and dashboard to this kind of automated traffic. What was quite funny is that I...
- Do you want to run OpenClaw? It may be fascinating, but it also raises significant security dangers. Jim Gumbley, one of my go-to sources on security, has some advice on how to mitigate the risks. While there is no proven safe way to run high-permissioned agents today, there are...
about 2 months ago
- New from Anthropic today is Claude Cowork, a “research preview” that they describe as “Claude Code for the rest of your work”. It’s currently available only to Max subscribers ($100 …
- Matthias Ott shared a link to a post from Anthropic titled “Disrupting the first reported AI-orchestrated cyber espionage campaign”, which I read because I’m interested in the messy intersection of AI and security. I gotta say: I don’t know if I’ve ever read anything quite like...
2 months ago
- Note: this post represents my personal opinions as a Debian maintainer of a single package (Meson). It is not my intention to throw anyone involved in the service under a bus, but some things about it are not good and need to be spoken aloud (in my opinion anyway, other people...
- I recommended against using an AI browser unless you wanted to participate in a global experiment in security. My recommendation did come with a caveat: But probably don’t listen to me. I’m not a security expert Well, now the experts (that you pay for) have weighed in. Gartner,...
- A couple of months ago, I received a request from a random Internet user to add CSRF protection to my little web framework Microdot, and I thought it was a fantastic idea. When I set off to do this work in early November I expected I was going to have to deal with anti-CSRF...
- This is the first in a series of three articles I'm going to be releasing over the holiday season, on how I think agents are completely reshaping software engineering beyond pure productivity enhancements. If you'd like to get notified when they come out, please subscribe to my...
- You may have seen the recent reports of a malware that stole API keys, tokens and other secrets from a large number of developers. From where were these secrets stolen from? You guessed it, they were mostly stolen from environment variables. We use environment variables to...
3 months ago
- Automatically erase memory to prevent secret leaks....
- I wrote about the 404s I serve for robots.txt. Now it’s time to look at some of the other common 404s I serve across my static sites (as reported by Netlify’s analytics): /wp-login.php /wp-admin /news/wp-includes/wlwmanifest.xml /login/ /wp-includes/wlwmanifest.xml...
- I enjoyed listening to Feross Aboukhadijeh, founder and CEO of the security firm Socket, on the Changelog podcast “npm under siege”. The cat-and-mouse nature of security is a kind of infinite source of novel content, like a series of heist movies that never produces the same...
- A practical approach to managing production infrastructure using git-tracked markdown files and Claude Code for small teams...
4 months ago
- Markov chain babblers, bogus php files, and more!...
- The web-scraping arm race continues...
- Agentic AI systems are amazing, but introduce equally amazing security risks. Korny Sietsma explains that their core architecture opens up security issues through what Simon Willison named the “Lethal Trifecta”. Korny goes on to talk about how to mitigate this through removing...
- OpenAI released their new “browser” and Simon Willison has the deets on its security, going point-by-point through the statement from OpenAI’s Chief Information Security Officer. His post is great if you want to dive on the details. Here’s my high-level takeaway: Everything...
- Mathias Verraes writes about the relationship between Domains and Bounded Contexts in Domain-Driven Design. It’s a common myth that there should always be a 1:1 relationship between them, but although it’s sometimes the case, deeper modeling often exposes a more interesting...
- I was 30 seconds away from running malware, Here's how a sophisticated scam operation almost got me, and why every developer needs to read this....
Rows per page
