Incident Report: CVE-2026-LGTM
https://nesbitt.io/2026/06/26/incident-report-cve-2026-lgtm.html
Incident Report: CVE-2026-LGTM
https://nesbitt.io/2026/06/26/incident-report-cve-2026-lgtm.html
If you've not seen the previous entry, I also highly recommend checking that out first: https://nesbitt.io/2026/02/03/incident-report-cve-2024-yikes
Instant follow. God tier
@andrewnez These are both brilliant!
@andrewnez chefskiss
@andrewnez I'm not sure whether to laugh or cry so I think I'll go back to bed for another year or two.
@andrewnez
i continue to be amazed at just how many cursed ideas you fit in one blog post
@carol *slaps roof*
@andrewnez congratz for still managing to write satire despite the world being so bizarre
@andrewnez this is gold
@andrewnez this is a thing of pure beauty, chapeau!
@andrewnez that's what like four copilot tokens now
@andrewnez wooooow
@andrewnez ….this, this makes me so very very tired
@andrewnez Never before more than now has lgtm really meant “Let’s get that money”*
* I didn’t come up with this. But I don’t recall the attribution.
@andrewnez Ask for royalties. Don't fight them, get implants and a tee
@andrewnez The only way to win about posting things to Twitter is to delete your Twitter.
@BalooUriza I didn’t even post it there!
@andrewnez OOF.
@andrewnez next time gotta put some nasty ASCII art before the blog post
@andrewnez this is depressingly plausible and probably already happening
@andrewnez I'm not sure this is a *healthy* coping mechanism, but it's definitely an *entertaining* coping mechanism :)
@ancoghlan it’s all I have at this point
@andrewnez @ancoghlan After the inauguration in 2017, a friend of mine who'd grown up in the Soviet Union before it collapsed said, "If nothing else, the next four years are going to give you all a much better appreciation for the Russian sense of humor."
@andrewnez haha, “ a configuration unsupported by the Mozilla brand guidelines”.
Someday I should tell you about the time got to read all the feedback that went into Mozilla’s first attempt at a user feedback form before we decommed it.
@andrewnez fantastic work^ 👏👏👏
I particularly liked “Some customers may have experienced unscheduled collaborative compute with external parties.” 🫠
^ “thanks, I hate it”
@andrewnez can I assume that you’ve seen this “article” based on your YIKES post?
Supply Chain Attack Hits 4 Million Developers via npm
https://logicity.in/en/blog/supply-chain-attack-hits-4-million-developers-via-npm
unsurprisingly, the article seems to ignore their stated “editorial policy” [ https://logicity.in/en/editorial-policy ] or maybe their “editorial team” (🤪) just happened to both not read your source post & also miss the ‘satire’ tag in a 1-in-a-million oversight… 🤔
@itgrrl 🤦♂️
@andrewnez indeed 🙃
btw, I couldn’t see a licence on your blog – maybe slapping a CC BY-NC-SA or similar on it might add some weight (to the existing inherent copyright of your work) should you want to burn time / energy / $$ trying to shut such things down
or maybe just better to ignore all previous infringements & live your best life… ¯_(ツ)_/¯
@andrewnez I will be needing to obtain this fan art for post-incident review purposes
@andrewnez unsupported configuration killed me
@andrewnez > a configuration unsupported by the Mozilla brand guidelines.
That's one hell of a euphemism 😂
@andrewnez omg this is beautiful. Thanks Andrew 😂
@andrewnez I am leaving this here if you don't mind