This is a short summary. ↗ Open original to view full content
A new release of ff2mpv
from blog ENOSUCHBLOG, | ↗ original
Related
More from ENOSUCHBLOG
Be aware of the Makefile effect
10 Jan 2025 |
original ↗
I’m not aware of a perfect1 term for this, so I’m making one up: the Makefile effect2. The Makefile effect resembles other phenomena, like cargo culting, normalization of deviance, “write-only language,” &c. I’ll argue in this post that it’s a little different from each of these, insofar as it’s not inherently ineffective or bad and concerns the...
zizmor would have caught the Ultralytics workflow vulnerability
6 Dec 2024 |
original ↗
TL;DR: zizmor would have caught the vulnerability that caused this…mostly. Read on for details.
Security means securing people where they are
18 Nov 2024 |
original ↗
Standard disclaimer: These are my personal opinions, not the opinions of my employer, PyPI, or any open source I projects I participate in (either for funsies or because I’m paid to). In particular, nothing I write below can be interpreted to imply (or imply the negation of) similar opinions by any of the above, except where explicitly stated.
Introducing zizmor: now you can have beautiful clean workflows
27 Oct 2024 |
original ↗
This is an announcement for zizmor, a new tool for finding security issues in GitHub Actions setups. You can run it on one or more workflow definitions1, and it’ll emit cargo-style diagnostics, SARIF, or JSON as you please. Support for custom actions (e.g. action.yml within actions/checkout or similar) is planned, but not implemented yet. ↩