Michael Lieberman's Avatar

Michael Lieberman

@mikeneeds.rest

Software supply chain security

205
Followers 179
Following 51
Posts 22.09.2023
Joined
Posts Following

Latest posts by Michael Lieberman @mikeneeds.rest

I imagine a future where the burden of having hot takes are handled safely by AI.

02.02.2026 21:42 πŸ‘ 1 πŸ” 0 πŸ’¬ 0 πŸ“Œ 1
Video thumbnail

"You raise your voice, I erase your voice."

ICE in Minneapolis are erasing your rights.
Please share our new video of what's happening in our city. youtu.be/W1dyNcRGRXY

27.01.2026 16:15 πŸ‘ 11347 πŸ” 6128 πŸ’¬ 1296 πŸ“Œ 1657

I agree there. They did throw out some plans around stuff like sovereign tech funds, especially ones that focus on OSS investment. An issue that myself and others brought up is the funds were focused on individuals, and the important projects are supported whether people like it or not by companies.

12.01.2026 02:41 πŸ‘ 1 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0

I was at an EU meeting on this in October. I think it’s communicated poorly but the idea is essentially to promote more open source with EU companies and citizens as maintainers. It’s as part of the bigger push for digital sovereignty that includes more data centers and commercial investment.

11.01.2026 12:22 πŸ‘ 2 πŸ” 0 πŸ’¬ 1 πŸ“Œ 0
Matt Walsh tweeted last year: "We've spent the last 25 years bringing "freedom" and "democracy" to countries around the globe while our own country has been systematically invaded and now our largest cities are run by foreigners and communists. If you want to know why I'm so avowedly non-interventionist, this is why." Then he tweeted today: ""This is a war for oil!!!!!" First of all, the "war" lasted like 90 minutes. Second, going to war to secure vital resources for your own people is totally legitimate. Why should we allow some third world communist shithole to control trillions of dollars worth of oil?"

Matt Walsh tweeted last year: "We've spent the last 25 years bringing "freedom" and "democracy" to countries around the globe while our own country has been systematically invaded and now our largest cities are run by foreigners and communists. If you want to know why I'm so avowedly non-interventionist, this is why." Then he tweeted today: ""This is a war for oil!!!!!" First of all, the "war" lasted like 90 minutes. Second, going to war to secure vital resources for your own people is totally legitimate. Why should we allow some third world communist shithole to control trillions of dollars worth of oil?"

Laura Loomer tweeted last year: "I’m America First, I don’t support β€œRegime Change”. I went on @Bannons_WarRoom to talk about Chinese aggression in Venezuela and why we need to designate the Muslim Brotherhood as a foreign Islamic terrorist organization." Then she tweeted yesterday: "Maduro has arrived at the DEA office in Manhattan. He was transported in an armored motorcade after being transported in a blindfold via helicopter & then by plane to New York after his compound in Caracas was raided by US Special Forces. Proud to be an American today! USA πŸ‡ΊπŸ‡Έ"

Laura Loomer tweeted last year: "I’m America First, I don’t support β€œRegime Change”. I went on @Bannons_WarRoom to talk about Chinese aggression in Venezuela and why we need to designate the Muslim Brotherhood as a foreign Islamic terrorist organization." Then she tweeted yesterday: "Maduro has arrived at the DEA office in Manhattan. He was transported in an armored motorcade after being transported in a blindfold via helicopter & then by plane to New York after his compound in Caracas was raided by US Special Forces. Proud to be an American today! USA πŸ‡ΊπŸ‡Έ"

Catturd tweeted last year: "Name one U.S. inspired regime change that hasn’t ended in absolute disaster." Then he tweeted yesterday: "Venezuela is now more free than New York City."

Catturd tweeted last year: "Name one U.S. inspired regime change that hasn’t ended in absolute disaster." Then he tweeted yesterday: "Venezuela is now more free than New York City."

Will Chamberlain tweeted last year: "The Republican Party is no longer the party of regime change and endless wars If you want to be its standard-bearer that is a non-negotiable position" Then he tweeted yesterday: "I can think of few better uses of my tax dollars than black-bagging the head of a foreign narco-trafficking organization that enriches itself by addicting and poisoning my fellow Americans"

Will Chamberlain tweeted last year: "The Republican Party is no longer the party of regime change and endless wars If you want to be its standard-bearer that is a non-negotiable position" Then he tweeted yesterday: "I can think of few better uses of my tax dollars than black-bagging the head of a foreign narco-trafficking organization that enriches itself by addicting and poisoning my fellow Americans"

amazing how the entire machine can pivot within 24 hours. no need to slowly upsell the argument; just issue new marching orders

05.01.2026 06:50 πŸ‘ 27109 πŸ” 7937 πŸ’¬ 590 πŸ“Œ 597

For a country that hates bureaucracy, all of a sudden dotting the i’s and crossing the t’s matters with stuff like immigration, and social welfare benefits.

31.12.2025 03:21 πŸ‘ 1 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0

Are brain worms contagious?

17.11.2025 22:27 πŸ‘ 3 πŸ” 1 πŸ’¬ 0 πŸ“Œ 0
Milky Way to the left and red glow to the right above mountains with just a little snow on them in a very starry sky. I didn't use a star tracker and this was a 30 second exposure so some star trailing is visible.

Milky Way to the left and red glow to the right above mountains with just a little snow on them in a very starry sky. I didn't use a star tracker and this was a 30 second exposure so some star trailing is visible.

So when the aurora borealis is faint enough, you can capture its glow with the Milky Way 😍

Berthoud Pass, CO last night

13.11.2025 15:25 πŸ‘ 4253 πŸ” 613 πŸ’¬ 84 πŸ“Œ 26
Video thumbnail

I had a run in with ICE snatching a man out of his car while walking my children to school this morning in NW DC

I asked a neighbor to continue walking my kids to school and I turned back to document and confront the ICE agents.

I am in contact with @dcmigrantmutualaid.org with the full video.

06.11.2025 20:33 πŸ‘ 18171 πŸ” 5991 πŸ’¬ 1126 πŸ“Œ 370
Post image

The global push for #SBOM standards is reshaping how we approach cybersecurity and transparency. 🌍

Explore how the EU #CRA, CISA, and @OpenSSF efforts are aligning global software supply chain security.

openssf.org/blog/2025/10...

22.10.2025 16:51 πŸ‘ 3 πŸ” 1 πŸ’¬ 0 πŸ“Œ 0
Preview
Shellshock (software bug) - Wikipedia

Shellshock had one en.m.wikipedia.org/wiki/Shellsh...

23.09.2025 11:35 πŸ‘ 2 πŸ” 0 πŸ’¬ 1 πŸ“Œ 0
Post image

How to contribute your first line of code to open source?

Contributing to the OpenSSF #community isn’t just about code, it’s about building trust, learning how secure software is built, and growing your career.

Read the blog and take your first step: openssf.org/blog/2025/08...

22.09.2025 20:41 πŸ‘ 4 πŸ” 1 πŸ’¬ 0 πŸ“Œ 0

Seasonal allergies can cause eyelid twitching. I get it around spring and fall.

06.09.2025 19:39 πŸ‘ 2 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0

The usefulness of an open source project is not an indication of the project's health, stability, or reliability in production!!!! AHHHHHHHHHHHHHHHHH

14.08.2025 17:19 πŸ‘ 104 πŸ” 9 πŸ’¬ 4 πŸ“Œ 3

Are some large enterprises acting like ignorant children? πŸ€”

22.06.2025 23:15 πŸ‘ 6 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0

If I'm writing a personal project? I'm a little bit more flexible.

If I'm working on something for my employer, I'm looking at the risks. A sandbox research project is going to go through different scrutiny than something like an online banking application.

22.06.2025 22:46 πŸ‘ 1 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0

I think the way Europe is looking at this with the CRA is also something to look at. Europe says in your example it's still the responsibility of the organization consuming the OSS to ensure it meets the regulation.

22.06.2025 22:37 πŸ‘ 1 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0

Open source in and of itself is just code thrown out to the public with no warranty. Some of it is good, some bad. In your example if, maybe I would look at a different project or buy it from a reputable organization instead of something with few maintainers.

22.06.2025 22:35 πŸ‘ 1 πŸ” 0 πŸ’¬ 1 πŸ“Œ 0

Yes absolutely. People leave up all sorts of stuff. Unless you are purposefully misleading folks it's up to the consumer to do some level of due diligence. I have worked at massive banks where there were policies in place to prevent including that sort of stuff.

22.06.2025 21:58 πŸ‘ 12 πŸ” 0 πŸ’¬ 1 πŸ“Œ 0

It is still the responsibility of the consumer. Full stop.

22.06.2025 21:31 πŸ‘ 8 πŸ” 0 πŸ’¬ 1 πŸ“Œ 0
Preview
Startup Embeds AI Security Analysis in Dev Workflow Kusari Inspector analyzes dependencies and code changes during pull requests, providing devs with actionable go/no-go recommendations before code merges.

I was interviewed recently about Kusari's new security PR bot. Check it out!

18.06.2025 02:10 πŸ‘ 4 πŸ” 2 πŸ’¬ 0 πŸ“Œ 0
Post image
21.05.2025 17:09 πŸ‘ 486 πŸ” 89 πŸ’¬ 9 πŸ“Œ 2
License to `npm install`? Why do we burden our road builders when the drivers are drunk at the wheel? | Michael Lieberman Alright, let's talk about the digital world we've built. It runs on open source software (OSS). Your phone, your cat's smart litter box, the thing that tells you pizza is on the way – all powered in l...

I recently wrote my thoughts on why we should focus more on securely consuming open source than trying to enforce the trustworthiness of devs mikeneeds.rest/license-to-n...
Since some folks aren't familiar with satire, this is satire, this is tongue in cheek, please don't take this too seriously :).

20.05.2025 19:46 πŸ‘ 2 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0

I wonder how many people know you can install non-python code via pip and the like? I know most package managers support some level of arbitrary downloading of static content and most have also some level of arbitrary code execution on build/install.

15.05.2025 13:57 πŸ‘ 1 πŸ” 0 πŸ’¬ 1 πŸ“Œ 0
Post image

The new #Cybersecurity Skills Framework maps 14 core job roles to real-world security skills.

βœ… Built by practitioners
βœ… Easy to customize
βœ… Standards-aligned

πŸ”— Launch the free tool: cybersecurityframework.io
πŸ“° Read more: openssf.org/press-releas...

14.05.2025 13:16 πŸ‘ 0 πŸ” 2 πŸ’¬ 0 πŸ“Œ 0
Post image

Giant Bomb lives! Fandom has sold the site to us and it is now fully independent and employee-owned. We'll see you all on Tuesday for the Giant Bombcast.

For more info right now, head over to www.giantbomb.com/join

10.05.2025 23:12 πŸ‘ 14641 πŸ” 3452 πŸ’¬ 572 πŸ“Œ 772

polygon and giant bomb dead in the same week is just unfathomable

01.05.2025 18:27 πŸ‘ 3006 πŸ” 503 πŸ’¬ 45 πŸ“Œ 19
Cat lying down with bread neck pillow

Cat lying down with bread neck pillow

Close up photo of orange cat wearing bread neck pillow

Close up photo of orange cat wearing bread neck pillow

Cat

23.04.2025 15:40 πŸ‘ 5 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0

Because they clearly don’t have a vision. They’re ruining their flagship product to chase after something consumers by and large don’t want.

18.04.2025 16:32 πŸ‘ 35 πŸ” 5 πŸ’¬ 2 πŸ“Œ 1
Preview
TAG Security @ KubeCon EU 2025 - YouTube

Here's a playlist with the 7 KubeCon talks from TAG Security leads!

Seven!! 🀯

@mikeneeds.rest @sublimi.no

www.youtube.com/playlist?lis...

16.04.2025 18:11 πŸ‘ 8 πŸ” 2 πŸ’¬ 0 πŸ“Œ 0