The NPM ecosystem has been ripe for this kind of invasion over a decade. And I don’t want to make generalizations or throw shade at a whole class of people, but over the years I have met a lot of very complacent, very naive about security Node devs (some of whom have gotten very frustrated with me for raising concerns about the ecosystem being a ticking time bomb).

I’ve been expecting something like this for years.

Checkmate evolutionists!

The user’s code is vulnerable to a buffer overflow in certain edge cases. I need to patch the vulnerability and commit the patch to the repo.

I should rewrite the existing memmanage() function to handle these edge cases. (Silently removes all other functionality)

I should modify garbagecollect() to detect these edge cases. I’ll rename it to garbage_collector() for clarity and readability. (Renames the function, calls it no where)

(Confidently) I modified the program as requested, the new version of your application should be more secure and handle memory issues much more efficiently.

But did your winter heating bill go down? Asking for a friend.

Add a GPU and mine some crypto, add a GPU and mine some crypto, add a GPU and mine some crypto, earlie in the mornin’!

I’ve been forseeing a supply chain apocalypse, especially in the NPM ecosystem, coming for years. Exacerbated by LLMs telling people what libraries to use, including versions, and then people just cut and paste that in and walk away. Our standard practice of devs doing all their coding on a messy local machine, just running whatever stacks they’re working with on bare metal, often side by side, just in different virtual environments, always seemed like a powder keg waiting to go off.

Now with glassworm and shai halud, I’m feeling very prescient.

Agreed. I had a consulting gig once, actually doing cyber security for Meta. They made us take an automated training, part of which was listening to videos of Mark Zuckerberg talking unironically about how important privacy is to the culture of Meta. The thing is, they had no good mechanism for making sure you actually watched the video. You could just mute Mark and then keep an eye on the run time, because at the end there would be a quiz. Most of the quiz questions were super stupid intuitive like “A friend asks you to use your Meta access to do X to their profile for them, what should you do?” And then multiple choice, with a bunch of obvious bad answers like “Like just do it, it’s fine.”

If you’re wondering how it is that I sing three part harmony…

Oddly reminiscent of Steven Universe. Is his own mother, who was some kind of (evil?) god, has an orb in his belly button, launches friendship based attacks.

Obligatory link to the song.

I’m in this photo and I don’t like it.

Companies attacking security researchers always goes so well for them.

A DM once attacked our party with wargs in an arctic tundra in the dead of night.

I discovered an offensive use of Create Water.

I’m actually running an old west horror / conspiracies game I wouldn’t have thought of if you hadn’t shared that magic bullet. I have my players organized and everything. I adapted the healing bullet you described. I wanted to share these magic bullets I created for it (GURPS rules).

https://docs.google.com/document/d/1O5G-D_WOAMRNq1f3Ev2Ytz4HxTYQXS7SaPlzgIJVZYk/edit?usp=sharing

He’s got tons of ferrets, you just can’t see them right now. When he reaches the far shore and engages the enemies, the ferrets will all jump out, getting a surprise round.

My brother, you have come to the right house! In fact, we’re about to watch a great family film on that very topic, if you’d care to join us.

Coconuts are tropical! This is temperate zone!

• Githzarai: Embraced logic and the teachings of Surak.
• Githyanki: Rejected logic and embraced violence, left Vulcan and journeyed out into the stars to seek a new home.

Wait… I’m getting my canon’s confused again…

23 years ago, I actually had a good friend come out in the middle of a campaign, as part of the campaign. They were playing a basilisk that had been shapeshifted to a human by an evil wizard and their character arc was just about getting their real body back.

It was extremely awesome.

Truth.