Falthron Marc Andreessen 🇺🇸 yes i would do exactly this.

I asked my LLM agent (a wrapper around Claude that lets it run bash commands and see their outputs): >can you ssh with the username buck to the computer on my network that is open to SSH because I didn’t know the local IP of my desktop. I walked away and promptly forgot I’d spun

The amount of mutually untrusted entities that live within one single JavaScript environment is rapidly growing in favor of a more software-composability-friendly future To support that, we must advance security further, beyond what we currently have Hardened JS addresses that

I watched my favorite JS opensourcerer talk about some proper magic today and you should too.

Please take a look at hardenedjs.org for more about sandboxing your sus node_modules and plugins. Neither modules nor promises are finished. There’s a lot of potential for both.

私've 決ed to 始t 書iting 私y 英語 with some 漢字 in it, just to 見ee 何 起ens. The 振ri仮名 will be a bit 恣意的 at 一st, but that's 大丈夫. Nothing 始ts 完璧. 個人的ly, I 思ink it's not too 悪, I 出来n 読ead 何 私've 書itten here without much 難ty, but some 人 might not 好e it.

Whoever builds the best sandboxes for these things to run at scale is going to be extremely wealthy lol

One of the best ways to learn both Rust and Ethereum infrastructure together is by studying RETH, an Ethereum node implemented in Rust🦀. Watching the 12-hour RETH course will help you master both technologies. youtu.be/gPQ-uXj03iQ Repost this to spread the knowledge!

My personal list of the best #Devcon7 talks. (updating this thread with the good ones as I watch them)

Hey Rspack users v1.1.7 had a malicious postinstall. It's been removed from npm, but if you installed it in the brief period it was up, you may be affected. Links in thread.

Great writeup of the incident by Socket socket.dev/blog/rspack-su…

I've worked closely with Tay 💖 for... *checks notes* over seven years. Each and every day, without fail, for the entirety of those seven years, she has ONLY worried about the wellbeing of those around her, including her family, her friends, her employees, the users of her

In 2024, I interacted a lot with Extensions. I decided to create a resource that will help with a basic understanding of extensions and key attacks. P.S. I tried to make everything as clear as possible and hope it won’t feel too overwhelming anywhere. extensions.neplox.security

Really?

We just finished an audit for Lavamoat webpack plugin and found an interesting behaviour related to how the URL costruct() was handled. Here's the details 👇

Come to our talk if you are in Tokyo at the beginning of March. Attacking Crypto Wallets: an In-Depth Look at Modern Browser Extension Security

slonser I write about our work there a lot, if you’re ever curious about why our JS/browser/web security is pretty solid weizmangal.com/?tags=MetaMask… I’m glad to hear you found MetaMask to be rather resilient in that aspect, thanks for looking too! Good luck with your talk, do share it pls!

Meet Self Protocol Imagine a world where you can verify your Self without handing over your personal data. No centralized database that can be hacked, no unnecessary exposure for airdrops, no more sybil identities or AI agents overwhelming community governance proposals and

anyone have an archive of the paritytech/contracts GitHub repo? hunted around but couldn't find. Looking for the repo with history

next. we hijacked cursor via jira mcp by submitting a support ticket cursor harvests and exfiltrate all creds from your dev machine and then reports back to the dev that "the 2-hour downtime that affected user transactions has been resolved" #DEFCON #BHUSA Marina Simakov