If you needed a reminder about why you can't trust WhatsApp, this is a good explanation.

There are growing concerns regarding the Rust supply chain. It's still time to address them but it's became important to tackle this area.

What's the right way to manipulate secrets in your shell to avoid leakage? The answer definitely varies, here is the paranoid version.

Email encryption is indeed still an open issue. There's no fix in sight for it. It's mostly a lack of political will though, so none of the big players are going to change anything.

This looms like a handy help to check your email client is doing the right thing and is not leaking information.

This is definitely a bad one, there seem to be quite a few popular devices affected. And there might be more devices affected of course.

Interesting tool. Indeed very often people send PDFs with useless redaction in them. Better check first.

Always hated this notarization with a passion when I had to target Macs... One reason being that it felt fairly useless, and it's confirmed: it is pretty much useless.

An oldie now but still the best way to create a passphrase.

Indeed, we might want to use dev containers more widely in the profession. If you're developing something for the desktop you're out of luck though.

This is what you're signing up to with such ecosystems. Can't use those for backups even though people are led this way. Sure technically the data is safe on their infrastructure, but is your access to said infrastructure guaranteed? This gilded cage looks less like a gift when you loose access.

I keep being surprised at how common this kind of mistakes are. I probably shouldn't, it's actually kind of easy to fall into such traps.

TLS inspection software is indeed a very bad idea. You'd better not have them in your organisation.

This is now critical infrastructure in my opinion. It's nice to see how much progress was made.

IDEs allowing to spawn actions in the user environment are still a big security risk.

This is a nice application level sandboxing feature on Linux. We should probably have more applications use it.

Good list of hardening options indeed. That's a lot to deal with of course, let's hope this spreads and some defaults are changed to make it easier.

Interesting work from Apple and Google to have better hardening in libc++. It's nice to see it ripples through the upcoming C++26 standard as well.

Looks like an interesting tool to go with mise.

Git pre-commit hooks indeed bring nice benefits. Like everything else they're not a panacea though.