come work with me! @oxide.computer is currently hiring for a whole bunch of different engineering roles, up and down the stack — from distributed systems to electrical engineering!

Offensive Oxide marketing copy when?

Pete Hegseth: "We are currently clean on OPSEC"

Anyone Can Push Updates to the DOGE.gov Website "THESE 'EXPERTS' LEFT THEIR DATABASE OPEN."

Scoop: The databases powering DOGE.gov are insecure, and people outside the government have already pushed their own updates to the site to prove it:

www.404media.co/anyone-can-p...

Multiple Russian Threat Actors Targeting Microsoft Device Code Authentication Starting in mid-January 2025, Volexity identified several social-engineering and spear-phishing campaigns by Russian threat actors aimed at compromising Microsoft 365 (M365) accounts. These attack cam...

Device code phishing strikes again www.volexity.com/blog/2025/02...

Unable to implement an extractor the references my app-specific server context · Issue #972 · oxidecomputer/dropshot I was looking to implement an ExclusiveExtractor that references data in my server context, and at first glance I thought I was going to be able to, but now I'm not seeing how I can specify my conc...

I think that's an example of extractors, not a middleware layer, like with Axum and Tower.

You can implement your own extractors in dropshot as well, but not those that are generic over your context, so you're left with doing the function call as you have here.

Related: github.com/oxidecompute...

C IS LEGAL AGAIN

Based

New version of Product Security Bad Practices from CISA just dropped.

www.cisa.gov/resources-to...

After the holidays I am ready for my vacation next week where I return to work.

How to Say “No” Well Security’s pivot from ‘Department of No’ to ‘Department of Yes’ misses the real lesson - how to say ‘No’ the right way.

Lately, every BSides seems to have a talk on reframing security teams as a “Department of Yes”

We don’t hear nearly as much about the value of a well-considered, strategically deployed “No”

I've pulled together guidance on giving a better, more constructive No:
ramimac.me/saying-no

When You Get Your Password Wrong YouTube video by Fairbairn Films

I've never felt so seen and attacked at the same time.

youtu.be/4gygGeLsU7A

Oxide Computer Company Servers as they should be. Hardware, with the software baked in, for running infrastructure at scale.

The new oxide.computer is live 🚀

Picture of a door labeled Palisades Tahoe Security that is not fully closed.

FAIL

Forgot to mention OSCAL, which provides all 800-53 controls and enhancements in structured formats (incl JSON) has been very helpful.

But still. Damn.

The Security Baselines and Control Summaries tables are very helpful in sifting through which of 1190 controls and enhancements I might care about, which I am thankful for.

NIST SP 800-53 Rev 5 is a grind.

Picture of 0day IPA 12 oz can from Jailbreak Brewing.

hack the planet

Photo of the Apollo 11 command module Columbia at the Smithsonian National Air and Space museum.

First time in DC. Got to see the Apollo 11 command module at the Smithsonian National Air and Space museum.

Yeah, we reserved a CVE but were waiting to publish the details on our site before filling it out. We'll get that CVE updated.

To be clear, all Oxide advisories are public.

Public Oxide security advisories are live!

docs.oxide.computer/security

Oxides rackscale compute platform lands at LNLL System to serve as a proof of concept for applying API-driven automation to scientific computing

Great article on our work with Lawrence Livermore National Laboratory and how they'll use their new Cloud Computer