Lightnews — Scholar-powered news

Marko Bevc @marko.social · 11h

Totally unexpected 🙃

I wonder if we're already seeing the signs 🤔

www.theguardian.com/business/202...

Bank of England warns of growing risk that AI bubble could burst

Possibility of ‘sharp market correction has increased’, says Bank’s financial policy committee

www.theguardian.com

Marko Bevc @marko.social · 15h

After the initial deprecation of some services...ahem, CodeCommit 🙃 #AWS has a page announcing deprecations now: aws.amazon.com/products/lif...

They've updated it yesterday with 19 services and capabilities moving to maintenance, and 4 moving to sunset ⚠️ - most not very popular ones, but still 😉

AWS Product Lifecycle

aws.amazon.com

Reposted by Marko Bevc

Fight Chat Control @fightchatcontrol.bsky.social · 2d

Take action!

fightchatcontrol.eu to contact your ministers, permanent representation, MEPs, and, if you are German or Italian, your national MPs!

180 190

Marko Bevc @marko.social · 1d

You could pass options to systemd via /etc/sysconfig/docker or if using compose set up netowrking options there, e.g. forums.docker.com/t/is-it-poss...

Is it possible to disable nat in docker-compose?

How can I implement enable_ip_masquerade=false Into networks: front: driver: bridge ipam: driver: default config: - subnet: 172.25.0.0/24

forums.docker.com

1

Marko Bevc @marko.social · 2d

Nice - Headlamp just got a Plugin for #Karpenter for better visibility on Scaling 🚀

kubernetes.io/blog/2025/10...

#kubernetes

Introducing Headlamp Plugin for Karpenter - Scaling and Visibility

Headlamp is an open‑source, extensible Kubernetes SIG UI project designed to let you explore, manage, and debug cluster resources. Karpenter is a Kubernetes Autoscaling SIG node provisioning project t...

kubernetes.io

1

Marko Bevc @marko.social · 2d

The security flaw (tracked as CVE-2025-49844) is caused by a 13-year-old use-after-free weakness found in the Redis source code and can be exploited by authenticated threat actors using a specially crafted Lua script (a feature enabled by default):
www.bleepingcomputer.com/news/securit...

#security

Redis warns of critical flaw impacting thousands of instances

The Redis security team has released patches for a maximum severity vulnerability that could allow attackers to gain remote code execution on thousands of vulnerable instances.

www.bleepingcomputer.com

1

Marko Bevc @marko.social · 2d

Going back to: aws.amazon.com/about-aws/wh... , thanks to @quinnypig.com something to mind, contrary to ECS this service is not free 😉 which is not mentioned ↑.

I've done some calculations, and similar to EKS Auto Mode you'll be paying on average ~13% premium on top of your compute managed by ECS.

Announcing Amazon ECS Managed Instances - AWS

Discover more about what's new at AWS with Announcing Amazon ECS Managed Instances

aws.amazon.com

2

Reposted by Marko Bevc

Rory McCune @mccune.org.uk · 2d

Calling all Kubernetes security interested folk. We're planning the next version of the OWASP Kubernetes Top 10, and have a survey to solicit ideas and feedback here docs.google.com/forms/d/e/1F... . Shouldn't take more than a couple of minutes to fill out and all feedback's welcome!

OWASP Kubernetes Top 10 2025 Survey

We're looking to update the OWASP Kubernetes Top 10 and as such want to canvas ideas on what should be included. The goal of the Top 10 is to provide awareness on the most serious risks that Kubernet...

docs.google.com

7 5

Marko Bevc @marko.social · 2d

Great to see they are thinking of aligning it more with the Scottish system where some of those things are already in place 👏

1

Reposted by Marko Bevc

Meredith Whittaker @meredithmeredith.bsky.social · 2d

📣 Germany's close to reversing its opposition to mass surveillance & private message scanning, & backing the Chat Control bill. This could end private comms-& Signal-in the EU.

Time's short and they're counting on obscurity: please let German politicians know how horrifying their reversal would be.

Signal @signal.org · 5d

We are alarmed by reports that Germany is on the verge of a catastrophic about-face, reversing its longstanding and principled opposition to the EU’s Chat Control proposal which, if passed, could spell the end of the right to privacy in Europe. signal.org/blog/pdfs/ge...

signal.org

30 1.6K 2.2K

Marko Bevc @marko.social · 4d

"The Conservatives will take the UK out of the European Convention on Human Rights (ECHR) if they win the next election, Kemi Badenoch has announced. " 🤦🙈

www.bbc.co.uk/news/article...

UK will leave ECHR if Tories win election, Badenoch says

The European Convention on Human Rights has become a focal point in debates around changing immigration policy.

www.bbc.co.uk

Marko Bevc @marko.social · 5d

Very disappointing 😞

#privacy

Signal @signal.org · 5d

We are alarmed by reports that Germany is on the verge of a catastrophic about-face, reversing its longstanding and principled opposition to the EU’s Chat Control proposal which, if passed, could spell the end of the right to privacy in Europe. signal.org/blog/pdfs/ge...

signal.org

1 3

Reposted by Marko Bevc

Kubernetes @kubernetes.io · 5d

CVE-2020-8562: Bypass of Kubernetes API Server proxy TOCTOU -

CVE-2020-8562: Bypass of Kubernetes API Server proxy TOCTOU · Issue #101493 · kubernetes/kubernetes

CVSS Rating: Low (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N) A security issue was discovered in Kubernetes where an authorized user may be able to access private networks on the Kubernetes contr...

github.com

2 5

Reposted by Marko Bevc

Shane Curcuru @shanecurcuru.bsky.social · 6d

💻 “Technical debt always charges interest.” #Monktoberfest 🦞

2 9 20

Marko Bevc @marko.social · 6d

Awesome seeing this making to #GitHub web UI👏, but also kind of something you'd expect to be there sooner 😅

github.blog/changelog/20...

One-click merge conflict resolution now in the web interface - GitHub Changelog

You can now resolve merge conflicts directly in the github.com web interface with a single click. When a pull request has merge conflicts that can be resolved in the web…

github.blog

1

Reposted by Marko Bevc

Jon Topper @topper.me.uk · 6d

If you’ve been using an abandoned version of aws-vault, why not take a look at this fork? It has a couple of new features, and is now the default in Homebrew. Drop a star on the GitHub project if you’re using it.

Marko Bevc @marko.social · 7d

I'm excited to announce shortly after picking up aws-vault project, we already have new features from the #OpenSource community and released as v7.7 🚀:

* 1Password backend for secrets
* TouchID keystore support

It's great to see community collaboration and engagement!

github.com/ByteNess/aws...

Releases · ByteNess/aws-vault

A vault for securely storing and accessing AWS credentials in development environments - ByteNess/aws-vault

github.com

1 2

Marko Bevc @marko.social · 7d

I'm excited to announce shortly after picking up aws-vault project, we already have new features from the #OpenSource community and released as v7.7 🚀:

* 1Password backend for secrets
* TouchID keystore support

It's great to see community collaboration and engagement!

github.com/ByteNess/aws...

Releases · ByteNess/aws-vault

A vault for securely storing and accessing AWS credentials in development environments - ByteNess/aws-vault

github.com

2

Marko Bevc @marko.social · 7d

How is it October already? 😅

Year Progress Bot @yearprogress.bsky.social · 7d

▓▓▓▓▓▓▓▓▓▓▓▓▓▓░░░░░░ 74.93%

1

Marko Bevc @marko.social · 8d

Still so true 🙃

@krisbuytaert.bsky.social

Marko Bevc @marko.social · 8d

If running #GitHub Actions and pull_request_target, make sure you're tightening permissions when ran via forks. By default reusable workflows will have access to source security context!

Good write-up on the topic by Orca:
orca.security/resources/bl...

pull_request_nightmare Part 2: Exploiting GitHub Actions for RCE and Supply Chain

Part 2 of our research shows how a single pull request was used to exploit GitHub Actions at Microsoft, Google, and Nvidia, leading to RCE and secret exposure.

orca.security

1

Marko Bevc @marko.social · 8d

Oh, this is cool and looks like Auto Mode for #AWS ECS with fully managed EC2 compute 🚀

aws.amazon.com/blogs/aws/an...

1 3

Marko Bevc @marko.social · 8d

Something to keep an eye on if using access tokens on #Github, there are some changes coming: lowering lifetime limits of granular tokens, sunsetting classical tokens and others:

github.blog/changelog/20...

Strengthening npm security: Important changes to authentication and token management - GitHub Changelog

As part of our ongoing commitment to securing the npm ecosystem, we’re implementing the first phase of security improvements outlined in our recent announcement. These changes will roll out over…

github.blog

1

Marko Bevc @marko.social · 9d

"Google is accused of using security as a mask for what's really an attempt to consolidate monopoly power over app distribution at a time when its power is being suppressed by antitrust actions.F-Droid is calling on regulators from the US & EU to take a close look at G's plans before it's too late."

Techmeme @techmeme.com · 9d

Open-source Android app store F-Droid says Google's upcoming requirement for all Android devs to verify their identity threatens to kill alternative app stores (Ryan Whitwam/Ars Technica)

Main Link | Techmeme Permalink

2

Marko Bevc @marko.social · 9d

"...our best hope is to race at breakneck speed removing any safeguards that risk slowing our progress. Then we can adopt a "stable door" approach to its regulation and control. that approach has worked beautifully for previous technologies, from fossil fuels to microplastics."

Works really well🫠🙃🙈

Louis Barclay @louisbarclay.bsky.social · 9d

To stop bad actors developing AGI that could kill us all, we need good actors to develop AGI that could also kill us all

Read more:
alignmentalignment.ai/caaac/blog/a...

To make AI safe, we must develop it as fast as possible without safeguards

Ia Magenius explains why we need to make AI as powerful as possible to ensure it can't have power over us

alignmentalignment.ai

1

Marko Bevc @marko.social · 9d

Ha, this is sending an interesting message to the customers 😆

I wonder what are the reasons...

@quinnypig.com might have snarky remarks on this one as well 😜

Gergely Orosz @gergely.pragmaticengineer.com · 9d

Interesting thing I'm learning about Google, while doing my deepdive on them:

Feels like there is no other company where there is *so much* aversion to build on the company's own cloud solution (GCP) as there is at Google.

Most greenfield projects still don't choose GCP...

2