miniblog.

I'm intrigued to see that Google has quantified that new code is generally buggier and less secure than code that has existed in your codebase for longer: https://security.googleblog.com/2024/09/eliminating-memory-safety-vulnerabilities-Android.html

I'm a fan of the Software Unscripted podcast, and I particularly enjoyed this recent episode about CrowdStrike and security culture: https://www.youtube.com/watch?v=rzjaZssBEiI The guest (Kelly Shortridge) compares attackers to lawyers trying to find loopholes. This is such a great analogy.

I find it odd that people recommend Docker for sandboxing agentic coding tools. Isn't it easier to just create a separate user account on the machine? It's an established security boundary, and viewing output is easy (just make the user's home directory world readable).