Building Automation controls company, Automated Logic, hit by fake VSCode extensions that install malware. https://checkmarx.com/zero-post/how-we-take-down-malicious-visual-studio-code-extensions/

I got my very first job working for this company, at the time a startup. They wrote software and designed and manufactured their hardware all in one building.

It's come to a point for NoVaLUG where we are outgrowing Signal, and while I personally disfavor Discord some people seem totally fine with the privacy nonsense of it.

Moving from Signal to something secure that supports threading, channels, etc... quickly the two front runners are non-federated Matrix and Zulip.

The big advantage of Matrix is the number of clients, but every single one of them seems clunky and the mental-model for Matrix doesn't seem to make sense when the server isn't federated.

Brodie Robertson’s video on the #rust #cloudflare thing… just in case anyone needs to fend off their angry Lunduke-following relatives over Thanksgiving dinner conversation.

https://youtu.be/vESkGUiiAB4?si=AsEtMLrlApeSZi19

It’s not #DNS
#azure #aws #cloudflare

"Google has disclosed that the company's continued adoption of the Rust programming language in Android has resulted in the number of memory safety vulnerabilities falling below 20% of total vulnerabilities for the first time.

"We adopted Rust for its security and are seeing a 1000x reduction in memory safety vulnerability density compared to Android's C and C++ code. But the biggest surprise was Rust's impact on software delivery," Google's Jeff Vander Stoep said. "With Rust changes having a 4x lower rollback rate and spending 25% less time in code review, the safer path is now also the faster one."

The development comes a little over a year after the tech giant disclosed that its transition to Rust led to a decline in memory safety vulnerabilities from 223 in 2019 to less than 50 in 2024.

The company pointed out that Rust code requires fewer revisions, necessitating about 20% fewer revisions than their C++ counterparts, and has contributed to a decreased rollback rate, thereby improving overall development throughput."

https://thehackernews.com/2025/11/rust-adoption-drives-android-memory.html

#CyberSecurity #Google #Android #Rust #Programming #ProgrammingLanguages

Homebrew 5.0.0 https://brew.sh/2025/11/12/homebrew-5.0.0/ #Linux #macos

Upgraded to brew 5. Linux/ARM support now gives me access to Lazygit. Thank you #Homebrew team. #linux

After threatening to pave my daily driver and put #bluefin on it for a month, I finally did it this morning.

People keep asking me why. I don’t I have a great answer, but an OS that separates the dependency concerns of the apps from those of the OS should make for a much more stable upgrade path in the future.

#linux

I wonder how many of the people who worked over the 48hr period to get AWS back up recently are being laid off.

I am not trying to be mean, but there is a lesson about loyalty in this.

I see a lot of keyboard warriors out there, but few with the true courage to do something truly difficult. If you want to do more than just larp as the main character of your own movie, get out there and do something truly challenging... like writing a Rust macro.

#rust

Been wasting more time.
#Linux

This old meme has been going around for years, but in the aftermath of the AWS outage there has been some pushback on-line about it. And that's a good thing, because it is likely that people new to the industry are not in on the joke and might take the meme more literally.

This meme was never about DNS being unreliable, but about the nature of troubleshooting issues in that DNS is so reliable many of us assume we have set it up correctly and overlook our mistakes with DNS when looking for root causes.

It is unfortunate, but way too many people function off of received opinion, and AI is likely making that worse. FWIW, I did once work with an operations manager who insisted we hardcode IP addresses because DNS used UDP and UDP was "unreliable".

#dns #memes #receivedopinion

Look what just arrived… @paulhoffman

me: wants to wake up early so I can enjoy some quiet time
aws: sure
me: no not like that

Could come in handy

Join the Northern Virginia Linux Users Group (NovaLug) on Saturday, 18 October for our monthly in-person meeting. This months keynote is Gaming on Linux: https://novalug.org/presentations/2025-october-18/

Would SIP-over-QUIC be pronounced "sock"?

#ietf

# Qualcomm Acquires Arduino

Qualcomm’s Latest AI Play: Turning Maker Dreams into Shareholder Value « Adafruit Industries – Makers, hackers, artists, designers and engineers!

https://blog.adafruit.com/2025/10/07/qualcomms-latest-ai-play-turning-maker-dreams-into-shareholder-value/

#arduino #technewsyoucanuse

If I didn't have a billion things to do today, I'd be paving my NixOS system for Bluefin.