Jett 

@[email protected]
528 Followers
114 Following
492 Posts

Software guy, infosec hobbyist, he/him

I glue things to other things


#infosec #softwaredevelopment #networking #implants

Jett Jun 11, 2025
Julia EvansJun 11, 2025

I was surprised that I've learned many more useful-to-me things while writing "The Secret Rules of the Terminal" than when writing literally any of my other zines.

I kind of thought "I've used the terminal almost every day for 20 years! i know this!" but that was wrong and I now know a few new tricks & feel more confident dealing with weird terminal issues

(the zine will be out June 24! you can sign up here to get email when it's out! https://wizardzines.com/zine-announcements/)

Zine announcements

wizard zines
Show threadJett Jun 11, 2025

Seen a few incidents raised from this now:

https://status.supabase.com/incidents/771wbdj5f5h9

https://status.tailscale.com/

What I’m surprised about is that more login services didn’t break, I’d assume they’re using longer lived services that don’t refresh openid metadata often or at all.

Signin with Apple issues due to JWT issuer change

Supabase's Status Page - Signin with Apple issues due to JWT issuer change.

Jett Jun 11, 2025

Anyone run into issues with Sign in with Apple today?

Their oidc-configuration endpoint started returning account.apple.com instead of appleid.apple.com

However, the JWTs we’ve been getting still have appleid.apple.com as an issuer breaking the login flow for any behaving oidc client.

Jett May 1, 2025
Tryst 🏴󠁧󠁢󠁷󠁬󠁳󠁿 🇮🇪  Apr 28, 2025

Meanings of the smoke for the upcoming papal conclave:

Black smoke means they're burning oil, which could be a sign of piston ring or valve stem seal wear

White smoke means they're burning coolant and the papal head gasket has blown

Jett Apr 19, 2025
mattjayApr 18, 2025

🧵 THREAD: A federal whistleblower just dropped one of the most disturbing cybersecurity disclosures I’ve ever read.

He's saying DOGE came in, data went out, and Russians started attempting logins with new valid DOGE passwords

Media's coverage wasn't detailed enough so I dug into his testimony:

Show threadJett Apr 17, 2025
@srlabs @bruno always exciting seeing the Go ecosystem continue to mature. Just recently added some fuzzing tests to a project with the Go native fuzzer, so curious to explore how this compares
Jett Apr 17, 2025
Security Research LabsApr 16, 2025

Currently available Go fuzzing tools were missing critical features - some don’t play well with the latest Go toolchain. So we set out to change that.

@bruno, Nils Ollrogge, and colleagues explored more powerful ways to fuzz Go binaries. By tapping into Go’s native instrumentation — which is compatible with libFuzzer — we enabled effective fuzzing of Go code using LibAFL.

We’ve documented our approach and shared insights in our latest blog post: https://www.srlabs.de/blog-post/golibafl---fuzzing-go-binaries-using-libafl

Repo: https://github.com/srlabs/golibafl

GoLibAFL — Fuzzing Go binaries using LibAFL

Nils Ollrogge, Bruno Produit

Jett Apr 16, 2025
MetacurityApr 16, 2025

Oh wow. This just in from a CISA spokesperson:

“The CVE Program is invaluable to cyber community and a priority of CISA. Last night, CISA executed the option period on the contract to ensure there will be no lapse in critical CVE services. We appreciate our partners’ and stakeholders’ patience.”

Jett Jun 6, 2024
Jerry 🦙💝🦙Jun 6, 2024
The primary adversary most IT/sec shops are intended to defend against is auditors
Jett Apr 23, 2024
Baldur BjarnasonApr 23, 2024

“WSJ: The AI industry spent 17x more on Nvidia chips than it brought in in revenue”

Linking to a reddit thread just for the headline quote they found in a paywalled WSJ article feels a bit weird but…

This 17x number is just for chips so the actual cost x revenue multiplier is much higher in reality https://old.reddit.com/r/MachineLearning/comments/1bs1ebl/wsj_the_ai_industry_spent_17x_more_on_nvidia/