Infosec pros fight ransomware, APTs, and foreign disinfo for a living. But when Trump weaponizes clearances, hollows out @CISAgov, and unleashes @DOGE as a systemic insider threat, our industry mostly chooses self‑preservation.

Join me as I unpack that trap: https://www.hackingbutlegal.com/p/the-industry-that-fights-governments #infosec

🚀 Calling all Startups! 🚀

Good news! The #PyConUS 2026 Startup Row application deadline has been extended to January 30, 2026.

Don’t miss your chance to showcase your startup to the Python community! 🐍

Details and how to apply
👉https://us.pycon.org/2026/attend/startup-row/

Happy Solar New Year! My goal for this quarter is to figure out what kind of work I want to start looking for, and to put together a solid resume. To that end, I have a favor to ask. If you have any recent experience with looking for work, or any experience hiring folks, I'd like to pick your brain. If you've been looking for work or found a job, I want to know what worked for you and what didn't. If you're a hiring manager, I want to know what you look for, what kinds of questions you ask, and any other advice or ideas you may have. My initial list of questions is short, but I'm sure it will evolve as I talk to more folks. If you're up for having a chat with me, let me know and I will send you a meeting schedule link.

Boosts greatly appreciated.

#GetFediHired #HiringAdvice

The web as your plan B

I hate to see AT Proto use up creativity of web developers that imho haven't realized that they're pouring their ideas and work into someone else's platform, and that in the end they will control every bit of content that flows through their network. They might let you in, but I doubt they would do that until they had a feature that competes with your add-in.

Sure you can build another network using their identity system, and that was exactly the deal Twitter offered us. I went for it — who wants to develop a new identity system, when good old Twitter was letting us use theirs. I really think they meant well, sort of fits in with Jack Dorsey's way of looking at things.

It was a good deal for a lot of years, but then one day Elon Musk bought the company, and soon all bets were off. We had little warning before we had to move our act and all our users to another identity system. Lost a lot of traction right there.

My advice — think this through, now. And if you can't see a way that you share in the success of the company behind Bluesky, which we know very little about, then I urge you to at least have the web as a backup. Use a standard format to broadcast your writer's work to places outside the AT Proto-verse, so we can pick up your signal, and you'll still be on the air if they yank your chain. This alone might get the Bluesky folk to listen to you more carefully. My experience, no matter how much you want, you can't wish away the economics of this stuff.

There's a nasty #OpenSource #SupplyChain worm going around named Shai-Hulud. It's also capable of exposing some projects' long-lived PyPI API Tokens. Read more on what's happening, and what you can do to protect your projects.

TL,DR: Adopt Trusted Publishing 🔐🚀📦

https://blog.pypi.org/posts/2025-11-26-pypi-and-shai-hulud/