Mark Wolfe
@mark.wolfe.id.au
Software Developer, Hardware Enthusiast and AWS wrangler.
It is interesting to see forward proxies making a comeback in agent infrastructure github.com/anthropic-ex... I used claude to describe how this works, is quite interesting pulling this project apart. The structure highlights where security concerns with agents are. #ai #agents
GitHub - anthropic-experimental/sandbox-runtime: A lightweight sandboxing tool for enforcing filesystem and network restrictions on arbitrary processes at the OS level, without requiring a container.
A lightweight sandboxing tool for enforcing filesystem and network restrictions on arbitrary processes at the OS level, without requiring a container. - anthropic-experimental/sandbox-runtime
github.com
October 25, 2025 at 3:33 AM
It is interesting to see forward proxies making a comeback in agent infrastructure github.com/anthropic-ex... I used claude to describe how this works, is quite interesting pulling this project apart. The structure highlights where security concerns with agents are. #ai #agents
Been working on my own evals tool, for learning, as well as to have some control over how things work. LLMs really are a "unique" system to work with. Still new so lots to improve github.com/wolfeidau/go... #golang #evals #mcp
GitHub - wolfeidau/go-mcp-evals: A Go library and CLI for evaluating Model Context Protocol (MCP) servers using Claude.
A Go library and CLI for evaluating Model Context Protocol (MCP) servers using Claude. - wolfeidau/go-mcp-evals
github.com
October 3, 2025 at 10:18 AM
Been working on my own evals tool, for learning, as well as to have some control over how things work. LLMs really are a "unique" system to work with. Still new so lots to improve github.com/wolfeidau/go... #golang #evals #mcp
Just found out about ampcode.com new coding agent?! from @sourcegraph.com super keen to try it 🙏 for invite. Also love the site design 🤖 #agents #ai
Amp
Everything will change.
ampcode.com
May 8, 2025 at 12:53 AM
Just found out about ampcode.com new coding agent?! from @sourcegraph.com super keen to try it 🙏 for invite. Also love the site design 🤖 #agents #ai
Reposted by Mark Wolfe
In light of recent GitHub Actions incidents (Ultralytics, tj-actions...), I wrote up a practical guide to hardening for @wizsecurity.bsky.social
Covers permissions, secrets, 3rd-party Actions, ++
Use it to avoid learning these lessons the hard way:
www.wiz.io/blog/github-...
Covers permissions, secrets, 3rd-party Actions, ++
Use it to avoid learning these lessons the hard way:
www.wiz.io/blog/github-...
Hardening GitHub Actions: Lessons from Recent Attacks | Wiz Blog
Build resilient GitHub Actions workflows with insights from real attacks, missteps to avoid, and security tips GitHub’s docs don’t fully cover.
www.wiz.io
May 5, 2025 at 3:45 PM
In light of recent GitHub Actions incidents (Ultralytics, tj-actions...), I wrote up a practical guide to hardening for @wizsecurity.bsky.social
Covers permissions, secrets, 3rd-party Actions, ++
Use it to avoid learning these lessons the hard way:
www.wiz.io/blog/github-...
Covers permissions, secrets, 3rd-party Actions, ++
Use it to avoid learning these lessons the hard way:
www.wiz.io/blog/github-...
Reposted by Mark Wolfe
What we are seeing is stricter enforcement.
So expect fewer software engineers (who can an often log on and do some remote while being a tourist!) to visit the US
In the past, this was not enforced: now it clearly is. And neither ESTA nor other tourist visas allow working remote, yes
So expect fewer software engineers (who can an often log on and do some remote while being a tourist!) to visit the US
In the past, this was not enforced: now it clearly is. And neither ESTA nor other tourist visas allow working remote, yes
April 19, 2025 at 11:27 AM
What we are seeing is stricter enforcement.
So expect fewer software engineers (who can an often log on and do some remote while being a tourist!) to visit the US
In the past, this was not enforced: now it clearly is. And neither ESTA nor other tourist visas allow working remote, yes
So expect fewer software engineers (who can an often log on and do some remote while being a tourist!) to visit the US
In the past, this was not enforced: now it clearly is. And neither ESTA nor other tourist visas allow working remote, yes
Been really enjoying using MCP servers, it is interesting how they extend the capabilities of LLMs. That said, like anything you need to be careful and only MCP servers from trusted sources and ensure you review/vet code and docs they produce. 🤖
Overall I think they are positive. #MCP #AI #llms
Overall I think they are positive. #MCP #AI #llms
April 16, 2025 at 11:06 AM
Working in an office in the city for a few days certainly is a change of pace. Great being able to chat with colleagues without a box around everyone 🧑💻
March 17, 2025 at 9:39 PM
Working in an office in the city for a few days certainly is a change of pace. Great being able to chat with colleagues without a box around everyone 🧑💻
This interactive tour is fantastic way to learn about the new features in Go 1.24 antonz.org/go-1-24/ #golang
Go 1.24 interactive tour
Weak pointers, faster maps, directory-scoped access, and more.
antonz.org
February 12, 2025 at 9:14 PM
This interactive tour is fantastic way to learn about the new features in Go 1.24 antonz.org/go-1-24/ #golang
Is 2025 going to be the year of broad IPv6 adoption? For AWS, it might just be. In the past months many services have gained IPv6 support, which paves the way for IPv6-only VPC configurations.
AWS is on its way to full IPv6 support
Is 2025 going to be the year of broad IPv6 adoption? For AWS, it might just be. In the past months many services have gained IPv6 support, which paves the way for IPv6-only VPC configurations.
buff.ly
February 12, 2025 at 2:00 AM
Reposted by Mark Wolfe
AWS just released RCP examples to prevent OIDC misconfigurations from many third-party vendors. 😍 github.com/aws-samples/...
This prevents the problem I wrote about here: www.wiz.io/blog/avoidin...
This prevents the problem I wrote about here: www.wiz.io/blog/avoidin...
github.com
February 7, 2025 at 7:07 PM
AWS just released RCP examples to prevent OIDC misconfigurations from many third-party vendors. 😍 github.com/aws-samples/...
This prevents the problem I wrote about here: www.wiz.io/blog/avoidin...
This prevents the problem I wrote about here: www.wiz.io/blog/avoidin...
Can't help but thank @anthropic.com Claude some times, using it to rubber duck an idea and it provides some options, writes some tests and benchmarks so I can tweak things further without writing whole lot of boilerplate. #golang #llms
February 1, 2025 at 10:43 AM
Can't help but thank @anthropic.com Claude some times, using it to rubber duck an idea and it provides some options, writes some tests and benchmarks so I can tweak things further without writing whole lot of boilerplate. #golang #llms
This deepseek r1 one thing really has blown up, props to the team behind the model. Publishing this paper, and releasing the model with open weights is really cool. Well worth a read over the GitHub repo github.com/deepseek-ai/... #deepseek #llms
GitHub - deepseek-ai/DeepSeek-R1
Contribute to deepseek-ai/DeepSeek-R1 development by creating an account on GitHub.
github.com
January 28, 2025 at 6:52 AM
This deepseek r1 one thing really has blown up, props to the team behind the model. Publishing this paper, and releasing the model with open weights is really cool. Well worth a read over the GitHub repo github.com/deepseek-ai/... #deepseek #llms
Spent a couple of hours hacking on open telemetry for AWS lambda functions, what a fun journey, so much out of date information.
I am surprised I got it working, I had to go back to an old revision as things take a while to propagate. 😅🔍🪓 #AWS #OpenTelemetry #golang github.com/wolfeidau/la...
I am surprised I got it working, I had to go back to an old revision as things take a while to propagate. 😅🔍🪓 #AWS #OpenTelemetry #golang github.com/wolfeidau/la...
GitHub - wolfeidau/lambda-otel-container: AWS Lambda deployed in a container with the OTEL extension.
AWS Lambda deployed in a container with the OTEL extension. - wolfeidau/lambda-otel-container
github.com
January 27, 2025 at 4:16 AM
Spent a couple of hours hacking on open telemetry for AWS lambda functions, what a fun journey, so much out of date information.
I am surprised I got it working, I had to go back to an old revision as things take a while to propagate. 😅🔍🪓 #AWS #OpenTelemetry #golang github.com/wolfeidau/la...
I am surprised I got it working, I had to go back to an old revision as things take a while to propagate. 😅🔍🪓 #AWS #OpenTelemetry #golang github.com/wolfeidau/la...
Reposted by Mark Wolfe
“how do i become more technical?” fuck something up & fix it. repeat
January 26, 2025 at 5:15 PM
“how do i become more technical?” fuck something up & fix it. repeat
Reposted by Mark Wolfe
I definitely need to play with Zig now to decide how I feel about it.
I understand Mitchell Hashimoto's verdict of "it's funner than Rust" somewhat now, and I suspect I'll agree (not a high bar!).
I wonder how big those binaries will end up.
I understand Mitchell Hashimoto's verdict of "it's funner than Rust" somewhat now, and I suspect I'll agree (not a high bar!).
I wonder how big those binaries will end up.
January 19, 2025 at 2:39 AM
I definitely need to play with Zig now to decide how I feel about it.
I understand Mitchell Hashimoto's verdict of "it's funner than Rust" somewhat now, and I suspect I'll agree (not a high bar!).
I wonder how big those binaries will end up.
I understand Mitchell Hashimoto's verdict of "it's funner than Rust" somewhat now, and I suspect I'll agree (not a high bar!).
I wonder how big those binaries will end up.
When ever I start looking at performance of the code I am working on, I always find a few bugs. Adding a quick benchmark validates the codes behavior under load, and measures it's performance. As a bonus it also leaves a baseline for future changes. 😅🏎️🔍 #golang
January 18, 2025 at 5:20 AM
When ever I start looking at performance of the code I am working on, I always find a few bugs. Adding a quick benchmark validates the codes behavior under load, and measures it's performance. As a bonus it also leaves a baseline for future changes. 😅🏎️🔍 #golang
Gemini is now pinned on the top of my gmail app, do you need it? Nope... Well your getting it anyway... Can you turn it off? Nope... Forcing #AI on your users is all the rage... #gmail #google This video is so on point it hurts.
January 18, 2025 at 2:57 AM
I am surprised just how useful @anthropic.com claude is when building out a GRPC / connectrpc.com service. It is a pretty steep learning curve, even for those with lots of backend experience, however the LLM helps you to navigate the new terminology and get things working quickly. 😅 #golang #grpc
January 12, 2025 at 1:39 AM
I am surprised just how useful @anthropic.com claude is when building out a GRPC / connectrpc.com service. It is a pretty steep learning curve, even for those with lots of backend experience, however the LLM helps you to navigate the new terminology and get things working quickly. 😅 #golang #grpc
It has been interesting how clueless @sourcegraph.com Cody is when editing cedar policies, and schema files. I need to figure out how to disable it for this file type as it is really annoying. Mostly of the time it is super helpful lol. #ai #coding
January 5, 2025 at 1:14 AM
It has been interesting how clueless @sourcegraph.com Cody is when editing cedar policies, and schema files. I need to figure out how to disable it for this file type as it is really annoying. Mostly of the time it is super helpful lol. #ai #coding
Currently catching up on the cedar policy language, which after the initial hype seems to have stalled a bit. That said with the help of some community resources, GitHub searches and the playground I managed to get it working. www.cedarpolicy.com/en/playground is really handy. #AWS #cedar #golang
Cedar Language Playground
www.cedarpolicy.com
January 5, 2025 at 12:27 AM
Currently catching up on the cedar policy language, which after the initial hype seems to have stalled a bit. That said with the help of some community resources, GitHub searches and the playground I managed to get it working. www.cedarpolicy.com/en/playground is really handy. #AWS #cedar #golang
Reposted by Mark Wolfe
Lately, every BSides seems to have a talk on reframing security teams as a “Department of Yes”
We don’t hear nearly as much about the value of a well-considered, strategically deployed “No”
I've pulled together guidance on giving a better, more constructive No:
ramimac.me/saying-no
We don’t hear nearly as much about the value of a well-considered, strategically deployed “No”
I've pulled together guidance on giving a better, more constructive No:
ramimac.me/saying-no
How to Say “No” Well
Security’s pivot from ‘Department of No’ to ‘Department of Yes’ misses the real lesson - how to say ‘No’ the right way.
ramimac.me
December 30, 2024 at 3:08 PM
Lately, every BSides seems to have a talk on reframing security teams as a “Department of Yes”
We don’t hear nearly as much about the value of a well-considered, strategically deployed “No”
I've pulled together guidance on giving a better, more constructive No:
ramimac.me/saying-no
We don’t hear nearly as much about the value of a well-considered, strategically deployed “No”
I've pulled together guidance on giving a better, more constructive No:
ramimac.me/saying-no
If dependabot vulnerabilities are getting you down at the moment, don't forget go.dev/doc/security... helps you understand what ACTUALLY effects your code... #golang #opensource
Go Vulnerability Management - The Go Programming Language
go.dev
December 22, 2024 at 4:29 AM
If dependabot vulnerabilities are getting you down at the moment, don't forget go.dev/doc/security... helps you understand what ACTUALLY effects your code... #golang #opensource