Allow us to block Copilot-generated issues (and PRs) from our own repositories on #github

https://github.com/orgs/community/discussions/159749

Hello #dc4420 people I am bad at socialising.

I'm working on a project to try to mitigate some of these risks and I affectionately call it the "loaded footguns" project.

All this risk that Google put paying customers through that frankly just boggles my mind. It's like they made it bad on purpose to drive you toward something but that other something just doesn't exist...

All I want is to be able to configure blocks and rules in an API. I would happily write the terraform provider myself.

I feel like Google left space for a product upsell here and then the project got cancelled.

Want to quarantine emails, block senders or create content compliance rules? Is there an API for that? No, go fuck yourself.

You have to click around in their *awful* inconsistent web interface, so obviously you can't do any configuration review.

We nearly had a fuckup the other day because the compound conditionals on the content compliance rules have to be selected from a drop-down and ANY looks a whole lot like AND and nobody could review the change before it went out.

Periodically I have to use Google Admin to deal with phishing reports and hot damn is it actively combusting refuse.

I tell people about the "rough edges" and they honestly don't believe me.

Here's a fun one - if you view a message in the investigate tool, and you want to inspect an attachment, it will warn you that the attachment may be dangerous but because it's a javascript button you can't right click and "save as", it will literally just yolo open the potentially malicious pdf in your browser.

How do you get around this? Go search for the same fucking email in Google Vault and export it.

@TempusFIdget great talk! I love the idea of using an insider to simulate supply-chain, I think that’s a great eed teaming tactic for people who are trying to start red teaming but having trouble understanding whether red teaming is something they can justify. You don’t have to be the target, you just have to be in the splash damage.

I’ll be at BSides LDN tomorrow, hmu!

Also, I probably have the most neatly soldered #44CON badge because I brought all the parts home and did my first ever non-stencilled hotplate surface mount soldering with some of the equipment I’ve accumulated for it. It’s much more zen than fighting with a soldering iron and going cross-eyed.

Well that went pretty well #44CON

My #44CON talk has been pushed forward to 1600 today!

I propose MITRE add a new severity to their classic Critical, High, Medium, and Low of “worth paying attention to at all", which sits above critical.

@aahrun my ears are burning

So #44CON later then...

Just reminding you - the UK's most cutting-edge security conference is September 19th! Today's speaker highlight is... Matt Carroll!

Matt's talk 'Shaving Yaks to Get Toothpaste Back in the Tube' both invokes delightful mental imagery and also speaks to his years of experience securing containerised workloads!

Don't miss it! https://44con.com/shop/

#infosec #cybersecurity #infosecurity #security #44con #networking #conference

I've discovered a new method for refining and practicing my talks - doing it in chunks. I have the timer going but I allow myself to pause and get distracted when my brain starts protesting in moments of uncertainty in the early run-throughs. It also gives me a chance to add notes and minor edits.

It's important for me to reduce stress at this stage because I'll be *fine* once I'm on stage, there's motivation and engagement. Practicing can make me really anxious because there's none of that, just me and some slides that need tweaking.

@bea @mjg59 ... and I'm probably going to watch it anyway. Also, what's "happiness"?

@bea @mjg59 oh no fair play that does look shit.

@bea yeah but you like Sneakers more than Hackers so I don't really know what to make of this... @mjg59

@bagder is the talk liable to be made available online at some point after the fact? It sounds very much like something I'd like to get my coworkers who are revamping our vuln management process to watch.