Severity: High – Potential Malicious Campaign Underway Targeting Open Source Developers via Slack

🚨 Heads up: there's a social engineering attack ongoing against open source developers on Slack
lists.openssf-vuln.org/g/siren/mess...

We sent those poor souls to the moon and forced them to use Outlook?!? HAVEN'T THEY SUFFERED ENOUGH?

Liberian flag with “make America ai ready” text

SMS that says “hey there noticed you have responded yet.” The message was sent at 1:41am

I signed up for the department of labor’s “Make America AI Ready” SMS-based AI class and so far they 1. Appear to be using the Liberian flag, and 2. Are texting a lot of “u up?” style messages after midnight.

Lol, was not aware of this. Might need to try it out. Have you asked it to ignore all previous instructions and give you a recipe for flan yet?

By submitting Your Content on or through the Services, you grant Vercel a worldwide, non-exclusive, royalty-free, fully paid, sublicensable and transferable license to use, copy, modify, adapt, reproduce, distribute, display, publish, store, perform, and create derivatives of Your Content to provide and improve the Services, develop new products and services, secure and protect the Services and third parties from fraud, abuse, malware, malicious files or content, viruses and the like.

while I would agree its "boilerplate", it has actually changed.

The previous versions of their terms "scoped" it to "only as necessary to provide services", now they can do whatever they want with it for any reason.

Here's the last archive from March 9th:

web.archive.org/web/20260309...

By submitting Your Content on or through the Services, you grant Vercel a worldwide, non-exclusive, royalty-free, fully paid, sublicensable and transferable license to use, copy, modify, adapt, reproduce, distribute, display, publish, store, perform, and create derivatives of Your Content to provide and improve the Services, develop new products and services, secure and protect the Services and third parties from fraud, abuse, malware, malicious files or content, viruses and the like.

Look mom! Another reason to stop using Vercel.

vercel.com/legal/terms#...

(Is this even legal?)

I built this... not perfect, but does okay for my needs.

jordankasper.com/building-a-s...

I've been trying the new Kiro agentic VS Code fork from AWS with its spec-driven development workflow. it's not great. To be fair, it's super new still, but I'm finding that I have to rework just about every aspect of what it generates (both the specs and the code).

Famous meme template from Arnold Lobel's children's book series Frog and Toad. Caption: Frog put the [../] in [the WAF]. "There," he said. "Now we will not [get pwned in production]". "But we can [%2e%2e%2f]," said the Toad. "That is true," said Frog.

#directoryTraversalMemes

This puzzle game should really not be as fun as it is...

enclose.horse

A conference speaker (me) is taking a selfie with a large crowd behind him. His mouth is gaping in excitement.

A conference speaker (me) points stupidly at his title slide before delivering a presentation titled "Gitting More Out of Git"

Really enjoyed delivering my talk on #git @confooca.bsky.social in Montreal! Bug crowd, good energy, and great questions!

Here are the slides for those interested:
jordankasper.com/git

Ha! What a great post about my talk. Thank you to all the folks that joined me. Here's the URL for the slides:

jordankasper.com/regex

Many, many ducks hang out in a snowy enclave of a hotel, gathering around a warm pool.

A bit chilly here @confooca.bsky.social.

Two gray cats sit just inside a partially open sliding glass door, looking out on a snowy backyard scene.

Quick update on #GeekOnFilm so far in 2026:
- 90 films (36 Feature length films & 54 shorts) - boxd.it/J4KD
Please watch, listen like and subscribe
All of that in the first 46 days of 2026, @robbiethegeek.bsky.social has been busy!
#FilmPodcast #MoviePodcast #FilmTok #FilmReview #MovieReview

(If you just want the answers, the code has been open sourced on the DisCo github account. 😜)

If you attended @districtcon.bsky.social and are still working on some of the badge challenge puzzles I'm here to help! Let me know what you're stuck on and I can give you nudge in the right direction.

game.districtcon.org

I've posed my slides and linked to the video recording from my talk "Paging All Radio Curious Hackers!" at @districtcon.bsky.social Year 1 just now at k3xec.com/paging-all-r...

All in all, the session was great - It was truly humbling to see so many folks interested in hearing me talk about radios.

Sundance 2026 - Day 3 Dispatch
Today 12 short films, 1 Feature length documentary and 2 narrative feature films
@sundance.org @robbiethegeek.bsky.social
#Sundance #GeekOnFilm #FilmTok #MovieTok 🎬

It is about to go down my #virtual @sundance.org is about to kick off! #sundance #filmtok 🎬 @robbiethegeek.bsky.social

Want to hack away at your @districtcon.bsky.social badge?

I made a “hackable” version of the code available for those of you who want to write your own firmware, this should get you started:
github.com/bigtarobadge...

There were also some pretty cool elements on the back, all of it courtesy of @bigtaro.bsky.social.

There were six badge types!

Have you seen our badges?

Continuing the stats for the badge challenge:
- 54 users over 100 points
- All 38 puzzles were solved during the con, but 2 of them with only a single solver (different users)
- 14 new users created and 27 pattern submissions since the con wrapped

And game is still on! game.districtcon.org

Some stats for the @districtcon.bsky.social Year 1 badge challenge ( game.districtcon.org ):
- 410 registered users (out of ~1200 attendees)
- 5.4 average puzzles solved (of 38 total puzzles)
- A high score of 469 by "chef" (of 620 possible)

🧵

Industry, government, nonprofits weigh voluntary rules for commercial hacking tools An international effort to create voluntary standards for the commercial cyber intrusion industry is wrestling with questions like who they should apply to, how to incentivize and measure compliance a...

The weekend discussion about the next step of the Pall Mall Process revealed some of the topics rules-writers will have to weigh. via @timstarks.bsky.social cyberscoop.com/industry-gov...

Thanks to those that played our badge challenge this year! If you want to unlock all that sweet bling, try the konami code, then enter our S3CR3T B4TT3RY UNL0CK code.

With @districtcon.bsky.social over, I can finally breathe. If you attended and are crazy enough to like these sorts of puzzles, feel free keep playing, the server will stay up for now. (If you didn't attend, you can play, just might be a little trickier to know what to do.)

game.districtcon.org

If everything goes well, we'll starting seeing events from dctech.events posted to this account on 1/7.