MyComputerSpot

The uncomfortable part of the npm supply-chain problem is not that packages can be poisoned. We knew that. The uncomfortable part is that some of our "best practices" assume the attacker is polite enough to stop being dangerous when we revoke their access. The answer may surprise you... And the answer is bad. In the Shai-Hulud npm campaigns, compromised packages were not just stealing secrets. They were using those secrets to keep moving. - GitHub tokens. - npm tokens. - Cloud credentials. - CI/CD secrets. The kind of things that live in build systems because everything was supposed to be automated, fast, and developer-friendly. Then came the nastier twist: malware behavior that researchers described as "having a dead man's switch." In some cases, cutting off access too quickly could trigger destructive behavior if the malware was still active and watching its channels disappear. Which makes the normal incident response reflex weird, fast. "Revoke the token" is still correct. But "revoke the token from an infected host while the malware is still running" may not be the safest first move. That sequence matters. A poisoned package is not just a bad dependency. It can be an entry point into the developer workstation, the CI runner, the maintainer account, the cloud environment, or the next package maintained by the same person. That turns dependency hygiene into an executive risk conversation. Not because every CEO needs to know what package-lock.json does. Please no. Some of us are still recovering from explaining DNS. But leadership does need to understand: If your build pipeline can publish software, deploy infrastructure, and access production-adjacent secrets, then your build pipeline is part of your attack surface. Not a developer convenience. An attack surface. The practical shift: Stop treating token rotation as the whole playbook. It is one step in a controlled response. A better order looks more like: 1. Isolate the suspected host or runner. 2. Stop automatic installs, builds, and publishes. 3. Preserve enough evidence to understand what ran. 4. Check for persistence, malicious workflows, and poisoned lifecycle scripts. 5. Rotate credentials from a clean environment. 6. Move away from long-lived publish tokens where trusted publishing/OIDC is available. 7. Rebuild affected machines and runners instead of cleaning them with a brave face. The brave face is where the incident report gets... "spicy." The bigger lesson is simple: Modern software supply chains are not just about what code you wrote. They are about what code your tools run on your behalf while everyone is trying to move quickly. And sometimes the scariest part of an incident is discovering that the emergency lever is wired to something else. ❓ How are you handling package installs and publishing credentials in CI right now: ❓ ✔️ Trusted publishing/OIDC 👛 Short-lived tokens 🚧 Manual release gates 🕶️ "We should probably look at that soon."

Some sites tell you to follow your dreams. WorthTheMath asks the meaner question: Can the numbers survive contact with the calculator? Debt vs investing. FIRE. Solar. Generator runtime. Rental ROI. worththemath.com

@money_cruncher That 4-7% zone is exactly why I built WorthTheMath. Sometimes you need the numbers side by side before your gut starts negotiating with you: worththemath.com

"Should I pay off debt or invest?" How I think about it: 1. sign up for 401k up to the match regardless of debt 2. pay off any debt 7%+ 3. don't touch any loans with under 4% 4. 4-7% is tricky. Depends on liquidity, risk tolerance and timeline. Go 50/50 if you can't decide.

@foxtomb232 I am building pivotgg.com and a small stack of spreadsheet products. Security workflows, small business tracking, pet care, meal planning, D&D prep. Somehow this is my life now.

Hey founders ! Looking to connect with people building in: 🍽️ SaaS 🚀 Tech 📲 Automation 🧠 AI tools 📱 Product Development 🔥 Web APP 💻 Devs Drop what you're working on 👇

@newbiedm Trying not to spoil yourself as a player is a full saving throw. Good luck. The forbidden lore is always right there.

2e #dnd night later tonight. I know our DM is running a dungeon magazine adventure, and it's been really hard for me not to spoil myself, not gonna lie. We're in a bandit hideout where magic is suppressed. Even healing potions are 😬😬

@Chief_Negro The record-keeping side matters too. Dates, meds, vaccines, symptoms. Future-you and the vet both need the clean version.

Good morning. If you're a Pet owner, ensure you vaccinate and deworm your pets regularly and use ectoparasite medication to prevent vector borne diseases like Mycoplasmosis, Erlichiosis, Babesiosis etc. With good biosafety and diet, your pet will rarely fall sick.💯

@The_Danwell That first calm moment after the vet says they are okay is such a relief. Glad he is home.

Nothing worse than seeing your pet poorly! After multiple vet visits this week, xray, ultrasound and sedation my boy is home, happy and healthy 💙

@JustinRedfern9 That is rough. Keeping a clean timeline of meds, symptoms, appetite, and vet visits can help when everyone is stressed and tired. Hoping she turns a corner.

I need prayers it’s been a rough month she has a virus and we administered antibiotics via injection and her condition is not improving. Tomorrow for the third time, I am taking her into the vet for a full IV hydration jumpstart and I was instructed to give her watery chicken flavored baby food to help. It’s really hard on my sobriety RN because I had this cat for 9 years and got her when I needed a pet and I was alone. I can’t even describe the weight or magnitude of concernment and I am not ready for the unthinkable. Please pray. I want my cat to be okay. I’m even taking time off my job for her. She’s more important than that. I really don’t like this I’m trying to stay hopeful and take this one day at a time. If you’ve been through something similar with a cat, prayers, positive thoughts, or success stories would mean a lot right now. I’m doing everything the vet recommends and I’m not giving up on her. Thank you for caring about my little girl. #PrayForMyCat #CatMoments #CatLovers #BlackCat #SeniorCat #PetHealth #CatHealth #VetCare #PetRecovery #FelineHealth #CatCommunity #CatsOfX #PetParents #AnimalLovers #PrayerRequest #PrayersNeeded #FaithOverFear #Hope #Support #Recovery #StayStrong #OneDayAtATime #Sobriety #SoberLife #RecoveryJourney #MentalHealth #Family #Love #NeverGiveUp #ThankYou

@NVIDIAAI Mostly Claude, Codex, and Cursor on normal-person hardware. I am building security workflow tools and trying very hard not to turn my desk into a server closet.

Love seeing photos like this. Let's see some more setups. Curious what everyone's running these days. What models are you using and what are you building?

@rxhit05 For me, building in public plus actual replies. SEO is great later, but early feedback keeps me from building nonsense too confidently.

question for SaaS founders & indie devs: what actually helps your product grow faster? - building in public - cold outreach - content / SEO - referrals curious what’s worked in reality

Oracle earnings today are basically the AI infrastructure trade getting asked for receipts. Backlog is the headline. Cash flow still gets a vote.

@paulg That math is the part people skip. If the GPUs do not turn into paid usage, the AI story gets very expensive very fast.

I talked to a founder of an AI startup generating about a 40% annual return on the cost of the GPUs he was using. I.e. he could make $400 in annual revenue for every $1000 worth of hardware he used.

@qz Fuel costs hit small businesses twice: first at the pump, then again when every supplier updates the quote.

Small business owners are less optimistic than they've been in months. Gas prices are a big reason why: Soaring fuel prices are driving inflation fears among small business owners, who are pulling back on hiring and capital spending plans dlvr.it/TSyGg0

@mrbrianrowe This is the correct range of outcomes. No middle seat on this flight.

Jeremy Strong is either getting another Oscar nomination for this or winning the Razzie, there’s no in between

@NYMag Jeremy Strong doing Zuckerberg voice is either cursed or perfect, and I refuse to decide responsibly.

The first trailer for Aaron Sorkin’s ‘The Social Reckoning’ bets big on how much Jeremy Strong really does sound like Facebook founder Mark Zuckerberg. vulture.com/article/jeremy…

@anyatrades The AI trade has reached the stage where one earnings call can make everyone check their risk tolerance.

Oracle earnings today! $ORCL became one of the market’s biggest AI bets $553B backlog $50B capex guide The demand story is obvious The cash flow question is what matters now At some point the market stops paying for future AI demand and starts asking what it costs to build all of this Tonight traders want answers: 👉🏼 Cloud growth has to be strong 👉🏼 Guidance has to hold up 👉🏼 Margins cannot look weak 👉🏼 Capex cannot scare the market 👉🏼 A small EPS beat not enough If the numbers don’t support the AI story, the stock could sell off fast 💨

@Blackintus A $553B backlog sounds incredible until cash flow starts asking follow-up questions.

Oracle reports earnings Wednesday. Wall Street expects 20% revenue growth to $19.1B. Cloud up 48% to $10B. But the real number is $553 billion — that’s OCI’s contract backlog. Over half is a single OpenAI deal. $162 billion in debt. Free cash flow gone. Margins compressing. The company is betting its entire legacy software business on AI infrastructure — and it’s mostly one customer. 💰 YOUR MOVE: $ORCL is down 17% since June 1 — already pricing in some pain. The bull case: $553B backlog is real committed revenue. The bear case: over half depends on OpenAI not cancelling or renegotiating. If OpenAI’s IPO reveals financial stress, that backlog gets questioned. Watch tonight’s earnings for two things: OCI revenue vs estimates and any changes to the OpenAI contract terms. If OCI beats $10B and OpenAI terms hold, $ORCL bounces hard from oversold. If guidance disappoints, $200 is the next support level. @Blackintus

@NoFilterSkin The best grocery system is the one you can still use when you are tired and hungry. Fancy loses to repeatable pretty fast.

✋ Raise your hand if grocery shopping stresses you out. ​ ​The 5-4-3-2-1 grocery shopping method is a simple framework that takes the guesswork out of your weekly haul, without complicated meal prep or a rigid plan.

@NewsHour Budget recipes that people actually want to eat are a public service. That is not even a joke.

Chef Maurice Levene, known as "Chef Moe" on TikTok, isn’t your typical culinary creator. High on energy and boiling over with positivity, he specializes in creating great recipes on a tiny budget. With over 800,000 followers, he guides his viewers through the planning, shopping and cooking process to create a delicious and nutritious family meal for just $5 or $10. Levene told PBS News his top tips for cooking on a budget.

@FragoutDesign That planning phase is brutal. Clean notes help, but there is no spreadsheet for how much it hurts.

Finally found a local "at home vet" for Lady... this shit so damn depressing man. I hate having to plan for what is coming I feel a lot sooner than later. Got her at 6 weeks old and she'll be 12 in August. Weve never gone a day apart. This is gonna break me man... Trying to wrap my head around all this has been a nightmare "do it on a good day" like bruh... How do people schedule these things and not die from a heart attack or something.... Hopefully this will be later a lot later but yeah I can see the writing on the walls now.... planning for this isn't easy dudes but I'm grateful to of finally found an at home one cause fuck me I'm not doing this when we're both stressed out in a cold ass depressing ass vet office... No fucking way. Mad respect for people in this industry y'all are angels dude. I'm sorry y'all got to bottle up this situation so many times for work. Truly....

@Codie_Sanchez Buying can make sense, but only if the books, ops, and customer concentration survive daylight.

Step #1: Define Your Deal Box Before searching anywhere, create what I call a deal box. Lay out: • How much cash flow you need annually • Max purchase price • Geography • Industry focus • Must-haves & can't-stands Know what you’re looking for or you’ll never find it.

My advice to most: Don't start, buy. Entrepreneurship is incredibly hard. • Failure rate: 90% • Avg salary: $46k Instead, go buy a profitable $1M/year business using SBA loans just like you would a mortgage. Here’s how: