The Anxious Generation - If Books Could Kill Is social media to blame for the teen mental health crisis? It's complicated!Thanks to Emily Weinstein, Amy Orben, Andrew Przybylski, Dean Burnett, Michael Mullarkey and Gideon Meyerowitz-Katz for hel...

Do I have the privilege of recommending you to @ifbookspod.bsky.social or is that already on your radar?

www.buzzsprout.com/2040953/epis...

www.buzzsprout.com/2040953/epis...

Who do I know who's going to be in town for bsides or RSA?

Look, I'll take being a year behind Filippo as not being too bad.

Passkey PRFs for end-to-end encryption | Oblique The passkey PRF extension lets syncable credentials do much more than login users. See how apps are using this for end-to-end encryption.

Turns out, I'm the only one who didn't know about the passkey PRF extension. Wrote up a post about using it for end-to-end encryption!

oblique.security/blog/passkey...

Go Playground - The Go Programming Language

Yep!

If two goroutines are blocked by sleeping the same amount of time, then synctest picks which to unblock at random:

go.dev/play/p/J7XMk...

GCP managed certs work by pointing Cloudflare DNS records at your load balancer. Manage both through Terraform and that's hopefully not too terrible when you're spinning up services on new subdomains.

Bad news everyone

I've heard of tougher noogler projects

Surely someone there is smart enough to just implement 802.1x for corp devices?

🚨 Tap and Ride is LIVE! 🚨

Starting today, you can pay for BART right at the fare gates with a 💳 contactless-enabled debit or credit card or use 🤳 mobile payment, like Apple Pay and Google Pay.

There is zero registration or setup process required.

Injection-proof SQL builders in Go | Oblique SQL builders are always one bad logic bug away from full-blown query injection. This post covers how Oblique uses Go type tricks to prevent this entire class of backend issues.

Wrote about a fun @golang.org type trick where APIs can force clients to pass string constants as arguments. Happens to be _extremely_ useful for SQL builders!

oblique.security/blog/injecti...

Use Terraform Providers to Automate Your Permission System AuthZed now has a Terraform and OpenTofu Provider for the AuthZed Cloud API! This provider automates the management of resources in AuthZed Dedicated environments: Service accounts for programma...

How can you use a Terraform Provider to automate your Permission System?

Well, that's what @veronicalg.bsky.social is going to tell us in this livestream later today.

It's Office Hours format so bring any questions you may have.

www.youtube.com/live/OlQ70bq...

It turns out workload identity isn't a complete mess in 2025 (only a little one)? Wrote a bit about authenticating GitHub Actions identity directly using OpenID Connect.

Oh hey, what's this fancy new IAM company?

A friend needs a Workday test instance to build something interesting. Anyone know how to get one?

(A Workday instance; I kinda already know how to get a friend.)

We're doing new container runtimes in 2025? Hell yeah

So if I'm reading this right

Step 1 - generate a private key with no forward secrecy

Step 2 - upload private key to twitter (but don't worry it's protected by a low entropy PIN)

Ummmmmmmmm

So that's effectively the AWS story, which is terrible but at least it's possible to cobble together something that works and you can audit. Google looked at this and said "what if we could express how much we hate Infrastructure teams as a service?" Expensive coffee robots were engaged, colorful furniture was sat on and the brightest minds of our generation came up with a system so punishing you'd think you did something to offend them personally.

Every day I'm glad my job isn't staring into the IAM abyss of a large Cloud org.

matduggan.com/iam-is-the-w...

What a sicko

Every time you feel useless, remember that GitHub as a notifications tab

Meta Awarded $167 Million in Damages From Israeli Cybersecurity Firm

who needs coherent cyber policy when we excel so much at corporate ligation?

www.nytimes.com/2025/05/06/t...

runtime: green tea garbage collector · Issue #73581 · golang/go Green Tea 🍵 Garbage Collector Authors: Michael Knyszek, Austin Clements Updated: 2 May 2025 This issue tracks the design and implementation of the Green Tea garbage collector. As of the last update...

New experimental garbage collector for Go programs! github.com/golang/go/is...

@mayakaczorowski.com's been using it a ton and had great things to say.

📣Today, we’re super excited to announce our latest product addition: Continuous Profiling for GPUs! Check out the use cases and sign up for early access on the announcement post! 🔥📈

www.polarsignals.com/blog/posts/2...

You're not even using nix packages? What kind of tech hipster are you?

Remote Code Execution Vulnerabilities in Ingress NGINX | Wiz Blog Wiz Research uncovered RCE vulnerabilities (CVE-2025-1097, 1098, 24514, 1974) in Ingress NGINX for Kubernetes allowing cluster-wide secret access.

Scraping Kubernetes codebases for os/exec continues to pay dividends

www.wiz.io/blog/ingress...

"middleware:middleware:middleware:middleware:middleware" is the new bloody mary

zhero-web-sec.github.io/research-and...

I really wish progressive web apps took off so every app didn't come with a chrome fork

GitHub - Zouuup/landrun: Run any Linux process in a secure, unprivileged sandbox using Landlock LSM. Think firejail, but lightweight, user-friendly, and baked into the kernel. Run any Linux process in a secure, unprivileged sandbox using Landlock LSM. Think firejail, but lightweight, user-friendly, and baked into the kernel. - Zouuup/landrun

Awesome to see Landlock making unprivileged isolation so easy. As someone who maintained bubblewrap jails, I'm hoping that this takes over user namespaces. Things like network controls are always mess there.

github.com/Zouuup/landrun

Quick reminder: