HackerLangs
トップ新着トレンドコメント過去質問紹介求人

runningmike

792 カルマ登録 10 年前
No security no privacy. 0complexity

投稿

Cross-Ecosystem Vulnerabilities in Python Applications

nocomplexity.substack.com
1 ポイント·投稿者 runningmike·3 日前·1 コメント

What the Halting Problem Means for Python Security

nocomplexity.substack.com
2 ポイント·投稿者 runningmike·8 日前·0 コメント

Demystifying Security Risks of AI-Powered Applications on Pre-Trained Model Hubs

arxiv.org
4 ポイント·投稿者 runningmike·10 日前·2 コメント

Behind Python: The Languages That Power AI

arxiv.org
3 ポイント·投稿者 runningmike·24 日前·2 コメント

Pandas for Reproducible Data Analysis

arxiv.org
3 ポイント·投稿者 runningmike·24 日前·1 コメント

Zero Trust for Python Security: A Practical Checklist

medium.com
2 ポイント·投稿者 runningmike·28 日前·0 コメント

Zero Install: The future of FOSS Python static application security testing

nocomplexity.substack.com
3 ポイント·投稿者 runningmike·28 日前·0 コメント

Crucial and Vital Security by Design Principles

nocomplexity.github.io
2 ポイント·投稿者 runningmike·2 か月前·1 コメント

Open and Free Security Books

nocomplexity.com
1 ポイント·投稿者 runningmike·2 か月前·1 コメント

OWASP Foundation's Strategic Plan [pdf]

owasp.org
3 ポイント·投稿者 runningmike·2 か月前·1 コメント

ChatGPT, Is This Real?

arxiv.org
2 ポイント·投稿者 runningmike·3 か月前·1 コメント

Security Concerns in Generative AI Coding Assistants

arxiv.org
1 ポイント·投稿者 runningmike·3 か月前·1 コメント

Can LLMs Hack Enterprise Networks?

github.com
3 ポイント·投稿者 runningmike·4 か月前·1 コメント

Static Application Security Testing (SAST): Simplicity Matters

nocomplexity.substack.com
2 ポイント·投稿者 runningmike·4 か月前·0 コメント

Unlocking Python's Cores:Energy Implications of Removing the GIL

arxiv.org
132 ポイント·投稿者 runningmike·4 か月前·103 コメント

Security Is Not Enough

arxiv.org
2 ポイント·投稿者 runningmike·4 か月前·0 コメント

Security Risks of AI Agents Hiring Humans: An Empirical Marketplace Study

arxiv.org
1 ポイント·投稿者 runningmike·5 か月前·1 コメント

Simplify IT: The art and science towards simpler IT solutions(2025)[pdf]

nocomplexity.com
2 ポイント·投稿者 runningmike·5 か月前·1 コメント

From Hours to Seconds: Automating Python Security with AI?

nocomplexity.substack.com
1 ポイント·投稿者 runningmike·5 か月前·0 コメント

The Return of NASA's SpaceX Crew-11

nasa.gov
2 ポイント·投稿者 runningmike·6 か月前·0 コメント

コメント

runningmike
·3 日前·議論
Some notes after reading the paper “Cross-Ecosystem Vulnerability Analysis for Python Applications” (19 Mar 2026, https://arxiv.org/abs/2603.18693v1)
runningmike
·10 日前·議論
Original title: Your Space is My Zone: Demystifying the Security Risks of AI-Powered Applications on Pre-Trained Model Hubs

Remarking conclusion: "Alarmingly, we find thousands of apps leaking credentials, hundreds containing input injection vulnerabilities that allow arbitrary code execution, and tens harboring embedded backdoors—indicating active exploitation." AI use for creating applications seems insecurity by default...
runningmike
·14 日前·議論
Title should have [2025], since this blog is from 2025.

On subject: In 2026 I hope the wars FOSS vs OSS and copyleft vs permissive are over.

This article has a lot of nonsense. In practice you should choice a license that meets your goal. So do not choice a license from an ideology , a license has a purpose and every project has a different goal.

"This means as an author of some copyleft code, I have special rights that my users don’t have: I am allowed to use my code for proprietary purposes" -> Nonsense: Everyone has the same rights! You can not revoke a license, and re-licensing your own GPL code has more nuances than stated in this article.

For every OSI approved license is a place in 2026 and a good use case thinkable. So some more nuance in 2026 and more references to scientific studies over this subject of more than 30 years history would improve this old article.
runningmike
·14 日前·議論
Your questions is rather general. But a try: "What’s the best Postman alternative if privacy is a concern — Postmate Client vs. Thunder Client?"

- Always use a local client (100%) that you fully control. - Be aware tat many providers have advanced finger printing techniques. So reaching out to a remote API is always a severe privacy risks! At least when you make an API call from you 'own' computer/home/work to an API-service. - Most 'tools' for making API tools use telemetry. If you use a tool within a IDE that uses Telemetry you could be harmed twice. (E.g. VSCode with Thunder Client)
runningmike
·14 日前·議論
Nice write-up... but with strong opinions that seem plausible, yet are highly debatable.

"The rise of the long tail" -> To my knowledge the 'long tail' was years ago a subject of many scientific business studies. The conclusion: proof was never found for this economic theory. And yes, the book of Chris Anderson (20 years ago!) was an attractive read that also seems plausible.

"The barrier to entry for software has fallen." -> This is the marketing mantra since 4GL and IDEs. Visual coding IDEs, so coding without knowing coding never worked out as marketers promised, Same with nocode things years later.

Truth is programming in a natural language is very hard, that's why we have programming languages. And the hard part was never programming, but problems solving and gathering requirements before programming. Or during programming if you are fan of the agile community. AI/ML technology is a great tool for solving some problems, but certainly many problems can not be solved with AI for coming years. AI can not replace people, but people who do not add much value are, have been, and always will be the first to encounter technology progress.
runningmike
·24 日前·議論
The conclusion of this paper is not a surprise. Still wondering what the value of this research paper is for the long term.
runningmike
·24 日前·議論
Full title:Pandas for Reproducible Data Analysis: From Spreadsheets to Research-Grade Python Workflows
runningmike
·27 日前·議論
Great news. And indeed a nice step to an even broader Python ecosystem.
runningmike
·30 日前·議論
“ Are insecure code completions a vulnerability?” No it might be a potential security weakness. Semantics matters.

See also: https://nocomplexity.github.io/pythonsecurity/fundamentals/w...
runningmike
·2 か月前·議論
Security by Design principles do not guarantee security. They are a mandatory aid to thinking, not a replacement for it.
runningmike
·2 か月前·議論
AI-Integrated WordPress….still not sure if this is good or bad. It will definitely be a disaster for the revenue of many smb web agencies.
runningmike
·2 か月前·議論
A curated, opinionated list of high-quality cyber security books.
runningmike
·2 か月前·議論
Assuming you have a c or cpp project: compile and build it first , run the tests if any.. and run cscope or equivalent on code you want to change first.
runningmike
·2 か月前·議論
Nice read. “ Learning Software Architecture” means understanding that there is no single good answer. It is art and science.

Read tip: Simplify IT - The art and science towards simpler IT solution https://nocomplexity.com/documents/reports/SimplifyIT.pdf
runningmike
·2 か月前·議論
The OWASP Board has released its new Strategic Plan to tackle software security.

I haven’t quite made up my mind about the certification programmes yet. There are already so many out there for security, and most seem to cover the same ground.
runningmike
·2 か月前·議論
Nice! But in the Comparison should be MyST - https://mystmd.org/ This is the new markdown standard to be….
runningmike
·3 か月前·議論
Nice blog but title should end with (2024).

I would recommend reading: "The CP-SAT Primer: Using and Understanding Google OR-Tools’ CP-SAT Solver" - https://d-krupke.github.io/cpsat-primer/

When starting with CP-SAT. The google docs are not great unfortunately.
runningmike
·3 か月前·議論
Full title: ChatGPT, is this real? The influence of generative AI on writing style in top-tier cybersecurity papers

"we find a sharp rise in the frequency of LLM-favored marker words such as underscoring and enhancing."
runningmike
·3 か月前·議論
Original title: Security Concerns in Generative AI Coding Assistants: Insights from Online Discussions on GitHub Copilot

"the sentiment expressed across all concern areas is generally skewed toward the negative end of the polarity scale."
runningmike
·3 か月前·議論
Nice article. But the warning can be stronger imho: Instead of: "Don’t assume your results are the same as anyone else’s."

"The results search you get from G*gle results are unique."

G*gle does not use the easy to use Lucene search syntax but has many 'magic' things, like:

Searching for high-quality Open Access content or solid technical answers on software challenges requires a rigorous scientific methodology, combined with creativity and extensive experience. Despite being a crucial competency, it is rarely taught in depth.

Even with the rise of LLMs, effectively navigating search results remains an unsolved problem.