miniblog.

← Back to all posts
Jul 1, 2018 at 19:19
There's an awkward tension between auto-update and fixing security bugs. If platforms don't automatically update, users don't get security fixes. If they do update, you're giving the vendor RCE power.

Related Posts

May 1, 2026 at 22:07
Looking at how my servers update themselves and the recent Copy Fail vulnerability, I'm considering an automated weekly restart to make sure services and kernels are up to date. It'd also ensure that services are correctly configured to start on boot. Any thoughts? Feels crude.
Mar 16, 2026 at 23:57
I've released difftastic 0.68! A smaller update, but still worth upgrading: * Improved Bash, C, Go, Lua, Nix, Perl, Python, Rust, Scala, Swift and YAML parsing. * Minor display and git compatibility fixes.
PhotoPhoto
Release 0.68.0 · Wilfred/difftastic
Release 0.68.0 · Wilfred/difftastic
Difftastic is a structural diff tool that understands syntax. See the manual to get started, and the changelog for historical changes. Git Support Fixed an issue where git with difftastic would ter...
Feb 9, 2025 at 00:45
I made some changes to a node express project that I haven't touched in almost five years. I was pleasantly surprised that I only needed to update one dependency to get it working again! (It was sqlite3, which is a native dependency using node-gyp.)