Node.js is a JavaScript runtime used to build fast and scalable network applications. It uses an event-driven, non-blocking I/O model with single-threaded asynchronous programming, allowing it to handle many requests efficiently. A web application framework provides a set of libraries, tools, and helpers that make it easier to build web applications without writing everything from scratch. When choosing a framework, the most important things to consider are its architecture, ease of customization, extensibility, built-in security features, and how well it integrates with the rest of your technology stack. We first published this roundup in 2023, but the Node.js framework ecosystem…
Author: drweb
TL;DR — Key TakeawaysCoordinated threat campaigns are quietly targeting GitHub organizations using the platform’s API and dormant “ghost” accounts to map developers, repositories, and projects.Most activity looks legitimate, making it difficult to detect. Attackers often use public API endpoints, clean authentication, or no authentication at all.Ghost accounts help attackers blend in. More than 50 long-dormant GitHub accounts were reactivated after 2–5 years to evade suspicion while conducting reconnaissance.A cluster of coordinated and overlapping campaigns that have been running for several months is abusing GitHub’s API and leveraging dozens of “ghost” accounts that have been dormant for years to map organizations…
If you’ve ever watched an AI coding agent mess up your Obsidian vault, this can help. I keep my second brain in Obsidian on the same Rocky Linux system I use for everything else. For months, I let Claude Code work with my notes without telling it how Obsidian actually works. It would create regular Markdown links instead of wikilinks, ignore callout blocks, and have no idea what a .base file was when it came across one. The notes still opened in Obsidian, but they lost the features that make Obsidian so useful. Then I found obsidian-skills, a small repository…
I had a question the other day that constantly pops up on my feed whether it’s on social media or people asking Q&A at a conference etc. And that question is “What is the best tool I should be using for my database management and app development?”And it’s fair to say I generally get a fair bit of pushback when the reply I give is “All of them!“. I get accusations like “You’re just being politically correct and you are towing the Oracle line“, “You’re never going to criticize any of the tools” and so on. But that is definitely…
Hallucinations have been an ongoing problem since OpenAI first introduced its ChatGPT chatbot in November 2022, highlighting generative AI’s tendency to generate plausible but false or misleading information and its inability to just say “I don’t know.”They can lead to embarrassing or uncomfortable moments. However, security researchers in Israel have found that the large language model (LLMs) hallucinations can be weaponized by threat actors to compromise systems and create large botnets.In a paper issued this week, researchers from Tel Aviv University, Technion, and Intuit outlined a technique they call “HalluSquatting,” or adversarial hallucination squatting, in which hackers exploit the predictable…
NO AI was used to generate this content. Grammarly was used to check and correct language and sentences in parts.I just managed to get a post in for this landmark T-SQL Tuesday, hosted by Brent Ozar. Brent was kind enough to keep the submission window open for two weeks instead of the usual one, and I was able to sneak a post in last – minute.His invitation is to write about the things that immediately stand out as “bad signs” when reviewing a SQL query.The list below covers a few things that catch my attention. It is far from comprehensive…
Someone once handed me a data project with a single line of guidance. “Just make sure the data is clean before it hits the report.” I nodded like it meant something. It meant nothing. But nodding felt professional, so I nodded. What that project needed, and never got, was a set of data quality rules anyone could actually test.Two weeks later the report was wrong and we were in a meeting arguing about whether cleaning the data had ever been my job. Nobody could win that argument. “Clean” was never defined, so it could not be met, measured, or tested.…
For years, software supply-chain security discussions focused on centralized infrastructure such as build servers, package registries, and CI/CD systems. Recent attacks suggest that this view is incomplete. The Megalodon campaign injected malicious GitHub Actions workflows into thousands of repositories, while a separate incident involving a malicious Visual Studio Code extension demonstrated how a single compromised developer device can expose large volumes of source code and internal assets. These incidents highlight a growing reality: developer workstations are now a critical part of the software supply chain.The scale of the threat continues to grow. Sonatype identified more than 454,000 new malicious open-source…
My old Dell XPS that I used for personal stuff started to degrade; well, it’s old, and it has already served past its useful life. So, a few months ago I bought a 14-inch Macbook Pro M5 Pro with 24GB of memory and the standard for M5 Pro 15-core CPU. It’s not my ideal config and I would have opted for the M5 Max. This machine is quite decent for what I need and I am not complaining.Switching from Windows to Mac has been a challenge, to say the least. This is my first time using macOS as my primary…
At the Redgate Summits this year, we’ve highlighted a few things in the Flyway solution that help developers improve their ability to get work done safely and quickly. While lots of developers are moving to automated systems and catching issues in pipelines, plenty of you are still working in an IDE.This post looks at the new code analysis feature in Flyway Desktop that can help warn you of potential issues before you create that PR.I’ve been working with Flyway and Flyway Desktop and helping customers improve their database development. This series looks at some tips I’ve gotten along the way.Generating…
