Search
157 results for “aegilops”
-
I've made a Python :python: code linting Action ▶️ for GitHub :github: Code Scanning.
It wraps up #Ruff, #Flake8, #Pylint, #Fixit2, #Mypy, #Pyright and #Pytype into an Action that uploads to Code Scanning, part of Advanced Security, the GitHub appsec platform.
ℹ️ that’s free for open source repos hosted on GitHub!
Read 📖 about it👇 on my blog:
https://lnkd.in/es_pd2W6Try ⚙️ it👇 on the Actions ▶️ marketplace:
https://lnkd.in/ei7-H2V9#Python #Linting #CodeQuality #Linters #SARIF #GitHubActions
-
I've made a Python :python: code linting Action ▶️ for GitHub :github: Code Scanning.
It wraps up #Ruff, #Flake8, #Pylint, #Fixit2, #Mypy, #Pyright and #Pytype into an Action that uploads to Code Scanning, part of Advanced Security, the GitHub appsec platform.
ℹ️ that’s free for open source repos hosted on GitHub!
Read 📖 about it👇 on my blog:
https://lnkd.in/es_pd2W6Try ⚙️ it👇 on the Actions ▶️ marketplace:
https://lnkd.in/ei7-H2V9#Python #Linting #CodeQuality #Linters #SARIF #GitHubActions
-
I've made a Python :python: code linting Action ▶️ for GitHub :github: Code Scanning.
It wraps up #Ruff, #Flake8, #Pylint, #Fixit2, #Mypy, #Pyright and #Pytype into an Action that uploads to Code Scanning, part of Advanced Security, the GitHub appsec platform.
ℹ️ that’s free for open source repos hosted on GitHub!
Read 📖 about it👇 on my blog:
https://lnkd.in/es_pd2W6Try ⚙️ it👇 on the Actions ▶️ marketplace:
https://lnkd.in/ei7-H2V9#Python #Linting #CodeQuality #Linters #SARIF #GitHubActions
-
I've made a Python :python: code linting Action ▶️ for GitHub :github: Code Scanning.
It wraps up #Ruff, #Flake8, #Pylint, #Fixit2, #Mypy, #Pyright and #Pytype into an Action that uploads to Code Scanning, part of Advanced Security, the GitHub appsec platform.
ℹ️ that’s free for open source repos hosted on GitHub!
Read 📖 about it👇 on my blog:
https://lnkd.in/es_pd2W6Try ⚙️ it👇 on the Actions ▶️ marketplace:
https://lnkd.in/ei7-H2V9#Python #Linting #CodeQuality #Linters #SARIF #GitHubActions
-
Do you want Infrastructure as Code security? :kubernetes: :github: :microsoft:
Do you use CodeQL to scan your code (which is, btw, free for open source code)?
From today you can use #CodeQL to scan it, using a new open source package written by my team mate @geekmasher
Scan #Terraform, #GitHubActions, #HelmChart, and #AzureBicep, with more in progress.
#IAC #InfrastructureAsCode #SAST #CodeSecurity #CodeSmells #StaticAnalysis #GitHub #AdvancedSecurity
-
A caveat to what I said - there *are* rogue Certificate Authorities out there:
That's not to say rogue CAs are a threat to every system or user equally. As the article points out, they will probably be used sparingly to get at high value targets.
Anyway, take care to audit which CAs you trust in your browsers and other applications.
If you have a very specialised server application it doesn't need to trust 100-odd CAs!
-
:github: is looking for #Swift #opensource projects to try out the upcoming Swift support in #GitHub code scanning.
Sign up here:
https://github.com/github/codeql/discussions/12522
You’ll be able to get access to the new CodeQL-powered static source code analysis before it ships to everyone else.
#SwiftLang #IOSdev #SAST #SecureCoding #DevSecOps #CodeQL #BetaTesting #PrivateBeta #MobileDev
-
@thecesrom Jythooooooooon! In my best Kirk voice.
:java: and :python: together is a great idea, but not having the Python 3 `main` branch working, and having no clear progress makes it feel like Perl 6 all over again.
They should rename their moribund Jython3 repo, that's just confusing!
It's such a shame, useful Java scripting interfaces languishing in a dying ecosystem.
There was a similar lag with things that embed CPython, but they have an escape route.
-
@Edent We are talking about tech people rely on for their safety, so that wasn't just for your benefit.
I use a "secure" walkie talkie on some days out - useful in a maze! - and have no illusions that it's actually secure (nor does it need to be).
-
@Edent why did you choose Berty? Their own blog cautions against using it; albeit saying isn't "war ready".
Their security claims haven't been externally verified, so I think it's premature to use it for anything other than experimentation or messages you don't mind being read.
-
@Logical_Error I’ve not done it myself, but they have detailed docs on contributing patches: https://docs.kernel.org/process/submitting-patches.html
-
@bug a u2; or an s2, if it's signed.
A byte is a u8, a nibble :blobcatcookienom: is a u4.
A a dword is a u32 and a qword is a u64... and so on.
Simple, unambiguous, and it even tells you whether it's signed or unsigned... but it's not cute :blobfoxboopcute:, I grant you.
I think it's unlikely to be confused with the high-altitude plane ✈️ or the rock band :blobcatcool:, given context 😁
-
I've had my first :github: CodeQL query merged into the experimental section of the official CodeQL rules!
https://lnkd.in/dk_tTiQZ (and a "local" variant, https://lnkd.in/dP88QJwa).
That's query ids java/command-line-injection-extra and java/command-line-injection-extra-local
They spot something the existing :java: command injection query does, but in a way that's more robust to unusual code.
It’s an edge case, but one that was important to a customer.
-
@rmdes I had the same thought a while back, but didn't do anything other than muse on it. Thanks for sharing!
The phrase "who pays the piper plays the tune" came to mind, could be a tagline?
This project looks at the funding of UK politicians:
https://www.tortoisemedia.com/audio/the-westminster-accounts/
Some global analysis for news orgs like that could complement what an extension can do.
-
Ding, dong, the CVE is dead! :partyparrot:
The JWT nodejs "vulnerability" from December, popularised at the start of January, has been recognised as a non-issue 🫥
I'm really glad to see it gone. Hoping we get a rash of news stories to follow up on the torrent 🌊 that followed the Unit 42 blog...
I'm not sure if its removal was down to me raising an issue on the GitHub Advisory Database :omya_github: to ask for it to be removed.
#jwt #cve #errata #cve_2022_23529 #auth0 #unit42 #jsonwebtoken
-
CW: Poll 📊 Software dev workflow
What does your team dev workflow look like?
Please tick which apply, or comment for more info.
For those who use a monorepo with trunk-based workflow, can you teach me how code review, linting and security testing (e.g. SAST) fit into your workflow?
-
@joxean I think a fine-grained callgraph including call site information would break this tie.
Match the call sites in the two binaries, using instruction-level comparisons. You can then differentiate between the two call edges, based on which call site they are from.
-
@ehmatthes you could roll your own with Python's ast module, I reckon.
Try :github: CodeQL for this (free for open source). It'd be pretty easy to get call graph nodes and edges and make a GraphViz diagram (or other graph):
https://github.com/github/codeql/discussions/8063Another option would be TreeSitter, again by :github:. There's a :rust: crate for making graphs from TreeSitter: https://github.com/tree-sitter/tree-sitter-graph
(I work at GitHub)
Joern also supports Python: https://docs.joern.io/cpgql/calls/
-
You know how when you do...
``` sh
my_cmd file_to_read > file_to_read
```...then the redirect to write to the file truncates the file you're reading before you read from it?
Yeah, so do I. I learned that years ago.
I also refamiliarised myself with it today... 🤦
"Why is the file I'm reading from empty??" :t_blink:
When I write fragments of shell scripts in a Dockerfile or a GitHub Action my brain stops working :blobcatgoogly:
-
@hpux735 a cloud editor can break the constraints of being on an iPad, e.g. Codespaces:
https://dev.to/cubikca/using-github-codespaces-on-ipad-5412
https://github.com/features/codespaces
There’s a technical preview of CoPilot Voice that might help, since that works with VSCode, and that’s the IDE in Codespaces:
https://githubnext.com/projects/copilot-voice/
#CoPilotVoice #Accessibility #VisuallyImpaired #BlindCoding #SpeechToText #TextToSpeech
-
@hpux735 a cloud editor can break the constraints of being on an iPad, e.g. Codespaces:
https://dev.to/cubikca/using-github-codespaces-on-ipad-5412
https://github.com/features/codespaces
There’s a technical preview of CoPilot Voice that might help, since that works with VSCode, and that’s the IDE in Codespaces:
https://githubnext.com/projects/copilot-voice/
#CoPilotVoice #Accessibility #VisuallyImpaired #BlindCoding #SpeechToText #TextToSpeech
-
@hpux735 a cloud editor can break the constraints of being on an iPad, e.g. Codespaces:
https://dev.to/cubikca/using-github-codespaces-on-ipad-5412
https://github.com/features/codespaces
There’s a technical preview of CoPilot Voice that might help, since that works with VSCode, and that’s the IDE in Codespaces:
https://githubnext.com/projects/copilot-voice/
#CoPilotVoice #Accessibility #VisuallyImpaired #BlindCoding #SpeechToText #TextToSpeech
-
@hpux735 a cloud editor can break the constraints of being on an iPad, e.g. Codespaces:
https://dev.to/cubikca/using-github-codespaces-on-ipad-5412
https://github.com/features/codespaces
There’s a technical preview of CoPilot Voice that might help, since that works with VSCode, and that’s the IDE in Codespaces:
https://githubnext.com/projects/copilot-voice/
#CoPilotVoice #Accessibility #VisuallyImpaired #BlindCoding #SpeechToText #TextToSpeech
-
@Inspiredharvey it's a helpful naming convention, and they tend to be used infrequently enough that they don't visually dominate, in my experience. It helps differentiate between an Enum and a normal attribute at a glance.
Same goes for the convention of globals having `CAPS` and "private" vars starting with `__` (though name mangling there actively does something, I learnt recently).
-
Anyone else seeing deep fake trading scam ads on YouTube?
So far I’ve seen two, both pretending to be a new AI-driven trading app that’s been bought by Elon Musk, with one using a fake of @MartinLewis
Both reported to YouTube, for what that is worth…
What stood out to me was the quality of the deep fake. The voice, the video, was pretty convincing. They did a good job.
The content, not so much!
-
@joxean The order they are called in is a good heuristic, but you probably have enough information to match code structures beyond that.
You would need to use the basic block structure of the caller to differentiate call sites, since "first" is only trivial in a linear function with no branches.
You're decompiling, which should allow you to match the call sites in the AST or an intermediate representation (IR), independent of the arch.
-
Docker :docker: aren't deleting container images; and there is still a free Open Source program, despite Docker Free Teams going away ❌.
They issued an apology 🙇♂️ on how they communicated, and clarified 💡 what is happening.
#Docker #DockerFreeTeams #DockerlypseNotNow #ContainerRegistry #OpenSource #FLOSS
-
@BenUNC oh, I see! I tend to use "please" because written stuff gets misconstrued (as you implied with your reply, thanks).
If I open with "please" I don't overuse it; my tone in the rest carries the scent of that - so I can then be briefer, as you suggested.
Sometimes I forget that tone doesn't carry in text, and sometimes it bites me, and then I remember to think about it more.
Interested in citations about how people react to differently worded pleasantries!