Kind likes

The feature I most want from @github in response to this: make it MUCH easier to issue OAuth tokens (including personal access tokens) that are scoped to only allow access to specific repositories! twitter.com/githubsecurity…

Post details

GitHub has uncovered evidence that an attacker abused stolen OAuth user tokens issued to two third-party OAuth integrators, Heroku and Travis-CI. Read more about the impact to GitHub, npm, and our users. github.blog/2022-04-15-sec…

GitHub Security (@GitHubSecurity)Fri, 15 Apr 2022 22:53 +0000

Simon Willison (@simonw)Sat, 16 Apr 2022 12:19 +0000

https://twitter.com/simonw/status/1515304808474832897

To my knowledge the way to control per-repo permissions for a given OAuth integration at the moment is to create a dedicated user account - which is both highly non-obvious and presumably costs $48/user/year or more depending on your GitHub plan twitter.com/jpluscplusm/st…

Post details

One thing that I /try/ and convince my clients to do, that could have reduced this attack's severity, is to link 3rd parties into your #GitHub Org with per-party users and not individuals' accounts. This implies curating each 3rd-party's repo access via per-party Teams, which ... twitter.com/GitHubSecurity…

🇪🇺Jönathan💙Matthews🌈 (@JplusCplusM)Sat, 16 Apr 2022 07:21 +0000

Simon Willison (@simonw)Sat, 16 Apr 2022 12:38 +0000

https://twitter.com/simonw/status/1515308609592201216

You can create a github app - you actually don't really need to integrate an app, see examples like wesbos.com/scoped-github-…

Justin Cormack (@justincormack)Sat, 16 Apr 2022 12:46 +0000

https://twitter.com/GitHubSecurity/status/1515101093419646976

If you need to verify the ID of the OAuth application, check the number at the end of the url like github.com/orgs/<org>/policies/applications/145909 coming from the github.com/organizations/<org>/settings/oauth_application_policy page.

chrismo (@the_chrismo)Sat, 16 Apr 2022 02:42 +0000

Glenn loves macaroni night

memes i wish i could tag my cat in (@memesiwish)Sat, 16 Apr 2022 11:15 +0000

Philosophers: the only way to solve the trolley problem is to kill one of these groups of imaginary people. Model railway dads:

Ben Phillips (@benphillips76)Sat, 16 Apr 2022 09:12 +0000

Senior and Staff Engineers are different. Senior: - Focus on their team - Invest in individuals - Evaluated on personal growth Staff+: - Focus on the org or company - Invest in improving systems and processes - Evaluated on functional area growth Staff+ != Senior

Post details

Not Incrementally Better, Fundamentally Different. When it comes to “staff engineering”, the old management saying of “what got you here won’t get you there” applies. Becoming a Staff Engineer is almost like becoming a Manager. It’s a lateral move, It’s a completely new job.

Thiago Ghisi (@thiagoghisi)Sat, 16 Apr 2022 11:08 +0000

Eddie (@EddieHinkle)Sat, 16 Apr 2022 11:27 +0000

Image prediction: hotdog Confidence: 99.71%

neural net guesses memes (@ResNeXtGuesser)Fri, 15 Apr 2022 00:36 +0000

When things are hectic, it's okay to say no or tell someone to ask you again later.

selfcare.tech (@selfcare_tech)Sat, 16 Apr 2022 06:44 +0000

According to an upcoming PETS paper, a bunch of video conferencing apps keep recording sound after you hit the mute button. I look forward to seeing who is on the list. thenextweb.com/news/muting-yo…

Eva (@evacide)Fri, 15 Apr 2022 17:49 +0000

In Zoom, if you’re software muted and make a noise, a little popup appears telling you you are muted. This is why you should invest in a hardware mic with a mute button. A Yeti nano is a reasonably affordable option.

Post details

According to an upcoming PETS paper, a bunch of video conferencing apps keep recording sound after you hit the mute button. I look forward to seeing who is on the list. thenextweb.com/news/muting-yo…

Eva (@evacide)Fri, 15 Apr 2022 17:49 +0000

Emily G (@EmilyGorcenski)Sat, 16 Apr 2022 07:13 +0000

did it hurt? when you realized the reason you struggle to maintain boundaries is your deep-rooted need to be liked

Dani Donovan 👩🏻‍🎨 ADHD Comics (@danidonovan)Fri, 15 Apr 2022 15:03 +0000

https://twitter.com/nytimes/status/1515066200375574529

Grimes isn’t coming back bro 💔

JustinTBrown (@JuuustinBrown)Fri, 15 Apr 2022 20:35 +0000

https://twitter.com/izs/status/1515238458603675648

I once had a conversation with someone on the server where we'd each just edit each other's html files to leave messages. Banging rocks together back in those days.

isaacs (@izs)Sat, 16 Apr 2022 07:59 +0000

The vocabulary we have around burn out is insufficient. It's often framed as too much work (which is definitely one factor), but I see it also stem from misalignment in terms of strategy or values, lack of recognition, and/or sense of belonging.

Sarah Drasner (@sarah_edo)Fri, 15 Apr 2022 23:23 +0000

https://twitter.com/sarah_edo/status/1515108624074358786

If we always approach problem solving from this perspective: it's from too much work => give them less work/time off we'll never really get to the crux of the problem. It's more nuanced than that.

Sarah Drasner (@sarah_edo)Fri, 15 Apr 2022 23:24 +0000

https://twitter.com/fakedannydevito/status/1512284254167781381

this post is for me and the approximately 4 of my followers who also watched misfits

dylan o'brien give me a chance (or $20) (@fakedannydevito)Fri, 08 Apr 2022 04:21 +0000

dylan o'brien give me a chance (or $20) (@fakedannydevito)Fri, 08 Apr 2022 04:20 +0000

On April 12, GitHub Security began an investigation that uncovered evidence that an attacker abused stolen OAuth user tokens issued to two third-party OAuth integrators, Heroku and Travis-CI, to download data from dozens of organizations, including npm. Read on to learn more about the impact to GitHub, npm, and our users.

it’s so funny how santa only gives presents to good kids but the easter bunny is like i don’t give a shit what you did, i just need to offload these fucking eggs

slate (@PleaseBeGneiss)Sat, 16 Apr 2022 02:41 +0000

https://twitter.com/kvlly/status/1515071923423789062

And if you missed the context...

Post details

Some life news: March was the most difficult month of my professional life and I have been struggling with my mental health since the beginning of the year. Being in a leadership role at 2 startups finally caught up with me, and I had to make some difficult decisions.

Kelly Vaughn (@kvlly)Fri, 08 Apr 2022 12:57 +0000

Kelly Vaughn (@kvlly)Fri, 15 Apr 2022 20:59 +0000

Today is my last day at @fromgovalo. I'm SO SO proud of what @rhiankatie and I started and what the entire team has continued to create since we came up with this idea back in May 2021. From co-founder to Govalo's biggest fan - I can't wait to watch Govalo soar. 💜🚀

Kelly Vaughn (@kvlly)Fri, 15 Apr 2022 20:57 +0000

When you experience your first production outage

Molly Struve 🦄 (@molly_struve)Thu, 14 Apr 2022 19:00 +0000

Riddle me this, Batman Why did she tell me she's not ready for a relationship and then get a bf the next day?

The Kino Corner (@thekinocorner)Thu, 14 Apr 2022 17:16 +0000

an extremely undervalued skill for early career developers is learning how to navigate a large codebase. it will be the life or death of you once you start getting urgent bug tickets

milf twink (@SamAllenX)Fri, 15 Apr 2022 19:30 +0000

Sometimes my software dev career feels like knowing a bunch of weird arcane rituals and being able to point out to someone that they’re accidentally going to summon the wrong gods and they need to change one thing if they want rain not fire.

holden karau (@holdenkarau)Fri, 15 Apr 2022 17:03 +0000

I feel comfortable using legal jargon in everyday life.

Joyce Lin (@PetuniaGray)Fri, 15 Apr 2022 02:00 +0000

Contract testing allows quality-checking API producer code and API consumer code in isolation. The contract is the authority. This is faster and cheaper than testing a complete producer-consumer integration. Test results offer concrete discussion points when evolving APIs.

Post details

https://twitter.com/kevinswiber/status/1508847909197942785

How would you define contract testing?

Kin Lane (he/him/it) (@kinlane)Tue, 29 Mar 2022 22:44 +0000

Kevin Swiber (@kevinswiber)Wed, 30 Mar 2022 00:02 +0000

nothing but flowers in my head #aiartwork ⁦@images_ai⁩

KiRsTeNs🎨ArT (@SlowVibesPics)Fri, 15 Apr 2022 19:36 +0000

https://twitter.com/SailorsBen/status/1514985196696834054

I imagine this is an issue for people whose work isn't public. But yes, especially for new engineers, that's often a great place to see their work.

Laurie (@laurieontech)Fri, 15 Apr 2022 15:14 +0000

If you ask me, most interview take-home assessments don't account for you being in multiple interview processes (ignoring personal commitments). And I'm pretty sure this is seen as a feature, not a bug.

Laurie (@laurieontech)Fri, 15 Apr 2022 15:12 +0000

Episode 145 | The Union That Bezos Couldn't Bust

The Pocket Report (@ThePocketReport)Thu, 14 Apr 2022 22:59 +0000

this is funnier to me than it should be

ꪶꪮ᥅ꪖ ✨ (@electrifying)Fri, 15 Apr 2022 12:28 +0000

coagulating carbon @midjourney #midjourney @images_ai #DigitalArt #aiartist #AIart #surrealism #machinelearning #aiartcommunity #generativeart #fantasyart

New Age Hardcore (@NewAgeHardcore)Fri, 15 Apr 2022 19:45 +0000

may i present to you, ✨her✨

cassie (@cassiedakota_)Fri, 15 Apr 2022 07:56 +0000

https://twitter.com/fluffy/status/1514677592376295432

This is your regular reminder that IndieWeb principles and practices aren't just for nerds. Having your own website that you maintain (and ideally pay for yourself) gives you so much more on the web than relying on the currently-popular social media silos.

@fluffy@plush.city (@fluffy)Thu, 14 Apr 2022 18:52 +0000

https://twitter.com/fluffy/status/1514678013698453507

Also IndieWeb doesn't necessarily mean "a blog" or the like, and it doesn't mean having to go down the rabbit hole of supporting the various push protocols. At its core, it just means: 1. Have your own web address 2. Publish something, *anything*, to it

@fluffy@plush.city (@fluffy)Thu, 14 Apr 2022 18:53 +0000

Jack Rhysider (@JackRhysider)Fri, 15 Apr 2022 15:03 +0000

when a therapist goes to therapy

ely kreimendahl (@ElyKreimendahl)Wed, 22 Sep 2021 17:52 +0000

@vercel new swag, who dis? 😍

rizwana akmal khan 🧣 (@rizbizkits)Thu, 14 Apr 2022 13:40 +0000

it occurs to me that a lot of the problem lately is a surplus of fucking around and a deficit of finding out

shauna (@goldengateblond)Sat, 09 Apr 2022 22:29 +0000

Elon Musk (@elonmusk)Sat, 04 Dec 2021 01:29 GMT

If I had a database that was handling 90% reads and 10% writes, I'd optimise it for reads. On a totally unrelated note, software developers spend 10x as much time reading code as they do writing it.

Jason Gorman (@jasongorman)Thu, 14 Apr 2022 09:34 +0000

The new “working interview,” where potential employers have candidates do tasks and assignments, for free, is an unethical scam that I hope the workforce soon refuses to partake in. The amount of hours people are putting in to do free work for jobs they don’t get is infuriating.

Brittany Bronson (@BrittanyBronso1)Thu, 14 Apr 2022 16:52 +0000

So what cracked your egg? Mine was realising that stealing your step-mom’s birth control pills and taking them for a week wasn’t really a thing all cis boys do.

Lucy Davinhart 🍓 (@LucyDavinhart)Fri, 15 Apr 2022 11:34 +0000

IPCC report says we’re too late to avoid most of the climate crisis but if we act immediately the worst effects could be avoided Headlines: “Woah Will Smith Slapped a guy!” 1,000 scientists protest and risk arrest. Headlines: “Oooo what’s that rapscallion Elon Musk up to now.”

Post details

Shouldn't over 1,000 scientists risking arrest to save the planet be a bigger news story than Elon Musk trying to buy Twitter?

Peter Kalmus (@ClimateHuman)Thu, 14 Apr 2022 23:31 +0000

Wandering Woodsman 🔥🌍🇺🇦 (@philsturgeon)Fri, 15 Apr 2022 11:38 +0000

https://twitter.com/qikipedia/status/1514936587288600581

Prince Andrew was completely unaffected and was free to roam the land visiting various branches of pizza express

Chris Wright (@chris__wright)Fri, 15 Apr 2022 12:05 +0000

I theoretically work 26 hours a week, and it's really good for me, but it was super hard to find an employer willing to come to the table to negotiate. twitter.com/nikkitaftw/sta…

Post details

It's super common for a lot of careers to have people work part time on even stuff like 30 hours Idk why tech is so against it, you are either a contractor or you work 40 hours and there is no in between

Sara Vieira (@NikkitaFTW)Thu, 14 Apr 2022 13:43 +0000

Emelia 👸🏻 • 💙💛 (@ThisIsMissEm)Fri, 15 Apr 2022 11:42 +0000

It's super common for a lot of careers to have people work part time on even stuff like 30 hours Idk why tech is so against it, you are either a contractor or you work 40 hours and there is no in between

Sara Vieira (@NikkitaFTW)Thu, 14 Apr 2022 13:43 +0000