Did not expect Liz Truss takes on an IETF mailing list: mailarchive.ietf.org/arch/msg/115at…

.Tailscale's amazing. Local git daemon on one machine, git clone git://[addr]/[path] on another. Took more time to figure out the git daemon flags than set up Tailscale And apparently I already have a Personal Pro account?

debugging strategy: do the annoying thing

How it started vs how it's going, apparently?

Excited to present new(?) approach to #fuzzing where one doesn't need to write fuzz functions. Wanna fuzz all binaries on github - no problem. Just give the fuzzer binaries to test. No false positives & 100% fidelity. Blender: whole-program fuzzing: github.com/dvyukov/centip…

OH:" this is the way we show wealth in the Bay Area" *Shows a $500 Garmin watch*

I'll be speaking at BSidesSF next Saturday with ?. If you're coming (or in town for RSA) hit me up! sched.co/1JrCm

.Tahm giving the rundown of kernel sandboxing at #BSidesSF

BSidesSF talks are up! "You can't work harder to keep up with scale. You can't hire fast enough to keep up with scale. If you try to be a hero, you will burn out." - ? youtube.com/watch?v=c3B-ig…

🚀 The day has arrived! We are thrilled to announce the general availability of our continuous profiling cloud product. Welcome to a new era of observability! Learn about the details in our announcement blog post. polarsignals.com/blog/posts/202…

This nice library allows PKCS#11 over RPC calls to be served over a socket. github.com/google/go-p11-… I imported it in GoKey and modified its SSH server to accept SSH forwarding of that interface. Works like a charm. github.com/usbarmory/GoKe…

Google created the Advanced Protection Program to help high-risk individuals keep their accounts secure. The program is great (I’ve used it for years!), it’s just a shame the company rarely mentions it. glitchcat.xyz/p/googles-adva…

Rather than a security tool alerting the security team (in Slack), who then needs to find the right person to ping (also in Slack) — what if the tool just short circuited that and went right to the source (in Slack, of course)? mayakaczorowski.com/blogs/slacksec…

Confidential Compute always seems like a breakthrough security technology for a threat model basically no one has. Now that GPUs are embracing it, will it finally find a use with AI? ericchiang.github.io/post/confident…

What I've been up to the last few months: working on the untrendy but important problem of authorization in corporate environments. Check it out!

Hackers reportedly used something called "TruffleHog" during their attack. They also used "child_process", and something called HTTP, something called TLS, and something called TCP. Please be on the lookout for any of these hacking tools being used in your environment.