now i'm gonna say "role" a whole buncha times, and it's gonna mean a different thing every time. please hold all questions until the end thank you

i would also propose uptime

API gets a one-shot view across all Drive object IDs that you have access to and can paw through at leisure. UI's restricted by either keyword query or a LOT of scrolling. So not as cool as it sounds. (thought the API also (used to?) include IDs that had "must have link to access" on but nope boooo)

Considering the intended use case for the context.ai agent crap, I can only imagine the requested scopes for their pulled browser extension was probably pretty bonkers. (Plus enumeration via the Drive API can find a lot of over-shared stuff that won't pop via Drive UI search.)

don't wanna sound like an incident commander or nothing, but it says here on your report you're fucked up

Vercel April 2026 security incident | Vercel Knowledge Base We’ve identified a security incident that involved unauthorized access to certain internal Vercel systems.

> 1 min read

hell yeah, eyeballing the bleeding edge of "canadian research"

SpankMatch, Secrets, and (Everyone's!) Orphaned Google Container Registry Layers In which Google moves the headstones and leaves the bodies.

A critical security issue I've been trying to report to SpankMatch/SpankChain since Dec 2023 has finally been addressed. This post details that, plus the shitshow the waning days of GCR were.

Quote GCP: "The product team has currently not expressed interest in proactively reaching out to users."

if ya think about it, after clone it becomes a got repo

Firebase should require a written aptitude test at this point, jesus.

A dvd cover titled "sports massage for the equine alphabet", promising to unlock the secrets of EQUISSAGE.

#DITC

it's... just a pigeon

"Because everyone else lowered the bar, we decided to join them" is so on-brand...

gotta tilt my head to read a dog

I've still not heard back from anyone. It's is an issue that's survived the shutdown of SpankMatch and I've sent emails about since _Dec 2023_. Root cause is in the email & I'd be happy to answer any Qs. I'd normally do this over email but bsky is the only response I've had.
@spankchain.bsky.social

Well shit, it was David Simon himself.

davidsimon.com/the-wire-hd-...

There's an article somewhere from when the HD releases came out, commenting on how some of the shots looked weird now. A lot of people standing too close cause it was shot wide but blocked for SD.

Missed this when it came out, good shit. At this point I don't think it's controversial that Firebase should be "considered dangerous" in the slop era (and in the past) but it's just going to get worse and have a super long tail.

I'd complain about Goog's response, but meh, Always Has Been.

hooray for mail day

I did, I believe it was on Thursday.

@spankchain.bsky.social: I've been trying to reach a security contact for SpankChain/SpankMatch but haven't received a response from any public email or the site's contact form. Please look for emails from, or reach out to, butwitha0@protonmail.com.

Last BSidesNYC I sat behind a guy doing the CTF with ChatGPT. Ctrl-a paste page source and a screenshot, hit enter, repeat. User totally not reading the output. LLM got the flag (flappybird-style JS challenge) after maybe ten rounds of this.

Last message dude sent in the session was "We did it!".

Standup's cancelled!

Autechre Guitar, by Shane Parish 10 track album

Pre-order arrived, finally got a chance to listen. Holy hell.

Check the Download/Magnet/Torrent links for access to the data: data.ddosecrets.org/ICE%20Contra...

Duct tape it to your hand and act completely normal.

I WARNED YOU ABOUT [GitHub PATs (classic)] BRO !!!! I TOLD YOU DOG!

[2025-12-17] amenbreakpoint - Reported information disclosure in a GOV.UK service
[2025-12-10] amenbreakpoint - Reported information disclosure in a GOV.UK service

NEW SPLIT EP out now / For a list of other articles, send $1 (well hidden) and SASE to ..