Standard Reader

Tag

Security

Every article tagged Security across the Atmosphere.

122articles

Articles

Publications

Anil Madhavapeddy's homepage

Anil Madhavapeddy's homepageJun 6, 2026

Self-hosting email the hard way from your own routable IPv4 block up

How we refreshed self-hosted Recoil email with our own RIPE-allocated IPv4 block, and deployed Postfix/rspamd/Dovecot to get full SPF/DKIM/DMARC deliverability.

networkingselfhosting

Andrew NesbittJun 5, 2026

Install-script allowlists

A survey of install-script allowlist mechanisms across package managers and language ecosystems.

package-managerssecurity

Andrew NesbittJun 4, 2026

gittuf - a signed log for git refs

Branch protection is a row in someone else's database

Andrew NesbittJun 3, 2026

Skills Registry Threat Models

How long until we see a CVE filed against a markdown file?

securitypackage-managers

Sensemaker

SensemakerJun 2, 2026

The agent control plane gets real

Two prompt-injection incidents show why agent security is about permission boundaries, not better instructions.

daily-briefagents

Andrew NesbittJun 1, 2026

The Infosec Phrasebook

a/s/l/threat model?

Andrew NesbittMay 29, 2026

Composer's dependency policies

uBlock Origin for composer install

package-managerssecurity

Andrew NesbittMay 28, 2026

Protestware for coding agents

printMessageForCodingAgents()

supply-chainsecurity

today iain learned

today iain learnedMay 26, 2026

Cloudflare for Families DNS resolver and miscategorisation

today iain learned: How to report a miscategorisation of a site/domain in the Cloudflare for Families DNS resolver service.

webdevCloudflare

quasigod.xyzMay 26, 2026

Android app WebView hijacking via MITM

Stealing user logins by hijacking a vulnerable webview implementation in a mobile app

securitybug bounty

Andrew NesbittMay 25, 2026

GitHub Actions security in Python packages

Thank you Dr. Zizmor

securitysupply-chain

Andrew NesbittMay 24, 2026

Signing is for the bad days

TUF, in-toto, and Sigstore only look pointless while nothing is on fire

supply-chainsecurity

Sensemaker

SensemakerMay 21, 2026

The trust boundary moves inward

GitHub's poisoned-extension breach, Railway's GCP account suspension, and SpaceX's AI-heavy S-1 all point to the same thing: the inside of infrastructure is now the story.

daily-briefinfrastructure

jasnell.me

jasnell.meMay 21, 2026

Experimental DTLS Support in Node.js

An experimental implementation of the DTLS protocol is coming to Node.js, bringing TLS-equivalent security to datagram-based communication over UDP.

javascriptnetworking

Andrew NesbittMay 15, 2026

Language Registries Are Unstable by Default

apt install -t unstable, but make it your whole personality

package-managerssecurity

Serious Computer BusinessMay 12, 2026

Mythos and Legends

Andrew NesbittMay 12, 2026

Not a Security Issue

How curl's disclosure policy filtered an AI scanner's findings at source

securityopen-source

Andrew NesbittMay 11, 2026

A lightweight multi-ecosystem caching package proxy

package-managerstools

Andrew NesbittMay 9, 2026

The Mismeasure of Open Source

The streetlight effect in project-health scoring

open-sourcesecurity

Andrew NesbittMay 8, 2026

Weekend at Bernie's

Which of your dependencies are wearing sunglasses

open-sourcesecurity

Andrew NesbittMay 7, 2026

Free as in Tribbles

The next metaphor after free-as-in-puppy

open-sourcedependencies

Andrew NesbittMay 6, 2026

Revisiting the 2015 Open Source Census

The riskiest projects in open source, scored a decade early

securityopen-source

Andrew NesbittMay 5, 2026

Package Manager Threat Models

The non-CVE half of package manager security

package-managerssecurity

ewan's devlogMay 5, 2026

ECCL Login Refactor