(part 3/3)
🪶 Kelly Shortridge - Birds of a Feather: Adapting to the Unknown: Resilience Engineering in a Time of Chaos
For more details, see our article on CyberCanon RSAC sessions/signings: www.linkedin.com/pulse/cyberc...
#RSAC2026 #CybersecurityBooks
Anthropic’s paper argues reality distortion is rare in software domains, but I’m not so sure.
https://aphyr.com/posts/405-trudging-through-nonsense
Big props to Rick Horwitz, Senior Sales Engineer at Fastly, for speaking at FutureCon LA on “Making attackers cry: outsmarting them with deception.”
Great insights on using deception to turn the tables on attackers. 👏 Take a look: vimeo.com/1156613679/2...
The skyline of New York City at night, with the Statue of Liberty lit up in the foreground. The Twin Towers dominate the background with tyrannical grandeur. Samantha has a sudden premonition, two ravaged steel and concrete husks, hunched over the harbor like a pair of broken spines. She shakes off the vision and ALT-TABs over to Minesweeper.
NEWYORKC.BMF
One of my 2026 goals is to start writing more, so over the holidays I resurrected my old blog and plopped out a post about silly coding interview problems in the Lean theorem prover dijkstracula.github.io/posts/provin...
Free (as in puppy) idea for an enterprising tech journalist/blogger: the 10 year rise of corporatized open source
Following last week’s critical #React2Shell disclosures, two more related CVEs dropped on 12/11.
Fastly customers: Based on current info, Fastly’s platform & apps aren’t vulnerable — but orgs should still review their own React + Next.js apps.
Learn more here: www.fastly.com/blog/react2s...
www.fastly.com/blog/unparal... This is my first big project since joining @fastly.com and I'm very hype about it. Literally C++ built on _top_ of our Rust SDK, because having access to C++ does, in fact, still open doors to a lot of folks.
A new #Jepsen report: we demonstrate data loss and persistent split-brain in the NATS streaming system, in response to simulated power failures/OS crashes.
https://jepsen.io/analyses/nats-2.12.1
In addition to all of the other benefits already reported about NYC congestion pricing, "In the first six months of the program, air pollution – in the form of particulate matter 2.5 micrometers and smaller – dropped by 22% in the Congestion Relief Zone (CRZ)"
news.cornell.edu/stories/2025...
🚨 React2Shell Update: Fastly saw a 2,775% spike in attack traffic after the public PoC dropped. Attackers are actively scanning — verify exposure and patch now.
Updates:
• Expanded Virtual Patch
• NGWAF detecting new scanners
• Bot Management flagging tooling
More intel to come. #React2Shell
⚠️ Friday’s #React2Shell update
@fastly.com saw a 2,775% increase in attack activity across our global network between the peak we reported yesterday (Dec. 4th) and 20:00 UTC today (see graph).
We recommend you immediately patch vulnerable apps and apply proactive protections to buy time as needed.
subsequent update: bsky.app/profile/shor...
You might want to check on your apps. There’s some 🔥 🥒 🔥 spicy unpickling going on …
⚠️ update on #React2Shell
After the POC dropped ~21:04 GMT today, Fastly detected a profound proliferation in the # of requests triggering our NGWAF signal for React2Shell (see graph).
We strongly recommend you immediately identify and update your React / Next.js apps + apply proactive protection.
There’s a react2shell POC circulating that appears to be viable.
Fastly verified our NGWAF successfully blocks this exploit variant.
⚠️ Our initial data points suggest attackers are actively probing for vulnerable apps. ⚠️
Identify and update your React & Next.js apps + layer proactive protection.
the bad news: lots of sloppity slop PoCs (slopocs???) abounding for the critical pre-auth React RCE
the good news: more time for you to patch your #React & #Nextjs apps ✨
my write up from yesterday on what to know & what to do: www.fastly.com/blog/fastlys...
comparison between apple's finder icon and mine. apple's is the split blue and white smiley face, mine is two blue and white anime girls making out
comparison between discord's icon and mine. mine is like a screaming cat on a blue/purple slimy background
comparison between celsys's clip studio paint icon and mine. mine is similar but rotated with some comic styling and pink and blue highlights
comparison between mozilla's firefox icon and mine. mine is similar but looks closer to the old firefox icon and brings back the little arm and gives the fox a cute little smiley face
last week i remembered that macOS lets you set your own icons and that *I* have the power to delegitimize the professionalism of the software that runs on my machine, so here's a thread of the 16 new icons i've made so far
i really forgot how fun it was to just sit down and make art for myself :')
So, in case you haven’t heard, a recent upset of an A320:
avherald.com/h?article=52...
Was traced back to, of all things, solar flares disrupting an onboard system:
avherald.com/files/AOT-A2...
The fix is a software patch on most of the 6000 affected aircraft, but it still takes 3 hours to complete
“nothing like this,” which feels like an evergreen comparative statement
OH in my downtown Manhattan hot yoga class:
woman 1, sad: “Yeah, I unfortunately had to move to Boston for work.”
woman 2, sincere: “Oh no! Do they even have yoga out there?”
Can you believe I wrote about manager READMEs again? medium.com/@skamille/re...
If you hate medium, you can also look at my ancient blogger where the formatting is a bit wonky: www.elidedbranches.com/2025/11/revi...
Keep this in mind when people claim cars mean business — closing Central #Madrid to cars over holidays resulted in a 9.5% boost in retail spending on its main shopping street: STUDY.
There was also a 71% drop in air pollution.
Via @carltonreid.com in @forbes.com. #citymakingmath #citiesforpeople
Frog and Toad illustration edited to say: Frog put the value in an option. "There", he said, "now we will not deref any more null pointers". "But we can unwrap the option," said Toad. "That is true", said Frog.
on type safety
try “Stealing the Corner Office” (book). It covers bullet #3 in particular depth
The Last Couple Years in V8’s Garbage Collector, by @wingolog.org:
wingolog.org/archives/2025/11/13/the-...
#v8 #javascriptengines #garbagecollection #memory #retrospectives
Which podcast is mispronouncing either metric or matrices as metrices
big if true
as someone who often thinks in ancient oak-style trees with their sprawling, gnarled branches extending into the blue infinity:
I’m so so hyped we launched a way for you to visualize your public API hierarchy as a tree!!! ✨ let us know what you think
💻 Make sense of the chaos with API Discovery 🔍
Managing APIs doesn’t have to be a burden. With just one click, API Discovery takes away the mystery and gives you complete visibility into what APIs are in use on the Fastly edge network. Learn more: www.fastly.com/blog/make-se...