//
sign in
Profile
by @danabra.mov
Profile
by @dansshadow.bsky.social
AviHandle
by @danabra.mov
AviHandle
by @dansshadow.bsky.social
ProfileHeader
by @dansshadow.bsky.social
ProfileHeader
by @danabra.mov
ProfileHeaderAlt
by @jakesimonds.com
ProfileMedia
by @danabra.mov
ProfilePlays
by @danabra.mov
ProfilePosts
by @danabra.mov
ProfilePosts
by @dansshadow.bsky.social
ProfileReplies
by @danabra.mov
Record
by @atsui.org
Skircle
by @danabra.mov
StreamPlacePlaylist
by @katherine.computer
+ new component
ProfilePosts
Loading...
In my 2023 ACM talk, to illustrate how supply chain security is more than just build deps graphs, I showed a graph of the servers involved in building and serving Go releases. Has anyone done something like this but for GitHub Actions? We have examples now of attacks moving between actions.
"Cognitive surrender". www.nytimes.com/2026/03/29/o...
For example, in 2025, a successful attack on the GitHub Action reviewdog/action-setup was used to infect the Action tj-actions/changed-files, with an ultimate target of coinbase/agentkit. www.wiz.io/blog/new-git...
If this podcast episode is the only good thing that comes of AI, it will have been worth it—
Build deps get attention largely because they are easily computed. Other relevant dep graphs that are harder to compute are ignored. The GitHub Actions graph is clearly relevant to attacks and should be easily computable from public repos. What are the 'is-even's of GitHub Actions? Who owns them?
“Pulling a New Proof from Knuth's Fixed-Point Printer” Happy 88th Birthday to Don Knuth! And thanks again to @robpike.io for Ivy. research.swtch.com/fp-knuth
Are you still hiding if no one is looking? People aren't reading the code at all—they'd see the weird decoder+eval—and machines can see that and also the private use code points. Also, it's been public since May 2025 and GitHub/NPM/Microsoft have done nothing. www.aikido.dev/blog/glasswo...
1d
1d
1d
1mo
1d
2mo
“Floating-Point Printing and Parsing Can Be Simple And Fast” The fastest known floating-point printer and parsing algorithms - fixed-width printing, shortest-width printing, and parsing, all in 400 lines of Go. research.swtch.com/fp research.swtch.com/fp-proof
14d
2mo
Russ Cox
Russ Cox
Russ Cox
rob pike
Russ Cox
Russ Cox
Russ Cox
Russ Cox
1d
It may or may not be true that whether or not you race to use AI heavily right now will determine whether you’re part of a future wealthy elite ruling class or are left behind in poverty and powerlessness. But if it is true, this strikes me as a deeply immoral future worth fighting hard against.
bethmathews.substack.com/p/why-so-man...
Last summer, Bryan Vance found himself in an argument with a stranger on Reddit. Vance, a Portland-based journalist who runs Stumptown Savings, a newsletter covering local grocery deals, had been accu...
99percentinvisible.org
The Em Dash - 99% Invisible
3d
www.nytimes.com
Opinion | I Saw Something New in San Francisco
Russ Cox
The Color Theory Behind Industrial Seafoam Green
bethmathews.substack.com
Why So Many Control Rooms Were Seafoam Green
James Grimmelmann