Flux
datasette-ip-rate-limit 0.1a0
IA Programmation

datasette-ip-rate-limit 0.1a0

Release: datasette-ip-rate-limit 0.1a0 The datasette.io site was being hammered by poorly-behaved crawlers, so I had Codex (GPT-5.5 xhigh) build a configurable rate limiting plugin to block IPs that were hammering specific areas of the site too quickly. Here's the production configuration I'm using on that site for the new plugin: datasette-ip-rate-limit: header: Fly-Client-IP max_keys: 10000 exempt_paths: - "/static/*" - "/-/turnstile*" rules: - name: demo-databases paths: -…

Simon Willison's Weblog
TeamPCP and BreachForums Launch $1,000 Contest for Supply Chain Attacks
Cybersécurité Programmation

TeamPCP and BreachForums Launch $1,000 Contest for Supply Chain Attacks

After months of targeting security tools, CI/CD workflows, and open source packages, TeamPCP is now promoting Shai-Hulud as required tooling for a competition that rewards the biggest compromise with a tiny crypto payout. According to Dark Web Informer, the competition was announced on BreachForums by an account identified as the forum’s owner, in collaboration with TeamPCP. Participants are being offered $1,000 USD in Monero to compromise open source packages with Shai-Hulud, along with the…

Socket
Welcome to the Datasette blog
IA Programmation

Welcome to the Datasette blog

Welcome to the Datasette blog We have a bunch of neat Datasette announcements in the pipeline so we decided it was time the project grew an official blog. I built this using OpenAI Codex desktop, which turns out to have the Markdown session transcript export feature I've always wanted. Here's the session that built the blog. See also issue 179. Tags: ai, datasette, generative-ai, llms, ai-assisted-programming, codex

Simon Willison's Weblog
Packagist Urges Immediate Composer Update After GitHub Actions Token Leak
Cybersécurité Programmation

Packagist Urges Immediate Composer Update After GitHub Actions Token Leak

Packagist is urgently warning PHP projects to update Composer after a GitHub token format change caused some GitHub Actions tokens to be exposed in CI logs. Composer 2.9.8, 2.2.28 LTS, and 1.10.28 fix a vulnerability where Composer could print the full contents of GitHub Actions-issued GITHUB_TOKEN values or GitHub App installation tokens to stderr when the token failed Composer’s validation check. The issue was triggered by GitHub’s rollout of a new token format that includes a hyphen, which…

Socket