Andrew

@andrewmohawk

170 Following

161 Followers

Andrew pfp

0 reply

0 recast

0 reaction

Andrew pfp

Just for you I have added a profile pic and background. You still have my pen.

0 reply

0 recast

0 reaction

Andrew pfp

0 reply

0 recast

1 reaction

Andrew pfp

A little something special from the east village.

0 reply

0 recast

1 reaction

Andrew pfp

Another day, another top tier nyc atm, this time just outside stuytown

3 replies

1 recast

9 reactions

Andrew pfp

www.spaceplanner.xyz I've been looking for a new apartment in NYC and its a madhouse (as everyone knows), but one of the most annoying things was finding bedrooms that "easily fit a queen" and going to see and its like a small cardboard box. So to solve some of this I made a tool to help me see how my furniture and other furniture would fit. Basically you upload a floorplan, set the scale (by drawing a line) and then you can test your furniture. It will also let you save the layout so you can upload it later or save as an image. It wont ask you to measure the same image twice and you can save your own furniture

0 reply

0 recast

0 reaction

Andrew pfp

Fest tickets out today for all who celebrate!

0 reply

0 recast

0 reaction

Andrew pfp

0 reply

0 recast

1 reaction

Andrew pfp

We are seeing a lot more attacks utilizing malicious VSCode and Browser extensions (although these have been around for a while). For browser extensions you can use "managed chrome" instances to control what can/cant be installed to make sure no extensions are installed that are malicious. You can also choose to block particularly bad extensions. For VSCode extensions you are basically SOL, right now my advice is this: Wherever possible please use [vscode.dev](http://vscode.dev) to open untrusted projects as it means that there is little chance they can execute code on your behalf. VSCode projects can execute arbitrary code when opening if you click “I trust this application/codebase” If you want to scan the extensions before installing you can use this to validate both chrome and vscode extensions: https://www.extensiontotal.com/

0 reply

0 recast

0 reaction

Andrew pfp

Happy Easter! LES absolutely crushing it with this vibrant beauty

0 reply

0 recast

1 reaction

Andrew pfp

Vibe coding really is enjoyable, its such a quick and easy way to do a PoC for something. I'm moving soon and I wanted to see how my furniture would fit into the flag, and all I had was a random JPG from the listing. So I vibe coded this!

0 reply

0 recast

1 reaction

Andrew pfp

Could have at least got comms to review that half apology before they tried to walk it back too

0 reply

0 recast

0 reaction

Andrew pfp

0 reply

0 recast

2 reactions

Andrew pfp

No place in the world has the variety and depth of culture as new york ATMs

0 reply

0 recast

1 reaction

Andrew pfp

I'm still not entirely in love with passkeys, I think the UX is iffy and I dont like the sharability, but I will take them everyday over OTP/authenticators/sms! If you go yubikeys I like to do the 5C NFC which works for phones too and the 5C nano which just lives in the computer, they are even easier to use than any other form of MFA!

0 reply

0 recast

0 reaction

Andrew pfp

If you missed it I definitely recommend you take a look at @nick.eth 's tweet thread about a fairly clever phishing attack: https://x.com/nicksdjohnson/status/1912439023982834120 TL;DR the attackers change the app name to the message, Google sends it to you and then they host the actual phishing site on `sites.google.com` This attack underscores the value of using Passkeys and hardware security keys (like YubiKeys). Unlike traditional username/password logins or codes sent via SMS or used in Authenticator apps, passkeys and hardware tokens use cryptographic proofs that are tied directly to the exact domain of the legitimate site. They will refuse authentication on any other domain—even if it looks visually identical. This makes passkeys and YubiKeys effectively 100% immune to phishing attacks like these. Additionally, password managers can help by automatically identifying domain mismatches, preventing users from submitting credentials to fraudulent websites.

1 reply

0 recast

0 reaction

Andrew pfp

But what about ✨the drama ✨

0 reply

0 recast

0 reaction

Andrew pfp

0 reply

0 recast

0 reaction

Andrew pfp

Can you look into my pen situation as well?

1 reply

0 recast

1 reaction

Andrew pfp

But Twitter doesnt do the same, they allow the new lines :(

1 reply

0 recast

0 reaction