#BSidesCharm 2026 Track 2 Speaker Spotlight: Sat 1730 - Kaitlin Seng @kaitlinseng.com presenting "The Case for MicroVMs: Container-like agility with the security of VMs"

Hatched my Claude Code buddy today. Gristle is already giving me sass.

And it tries. Oh, it tries.

It asks nicely. It begs. It negotiates. It has a full emotional breakdown.

His classic social engineering playbook doesn't work, because you don't respond to his pleas.

Enforce your policies. Don't negotiate with pigeons.

If you mapped that typical plot to your cloud environment, that's not a story arc. That's an incident report.

*Don't Let the Pigeon Drive the Bus* is different. The pigeon never drives the bus.

This is literally just IAM enforcement.

A funny pigeon-related IAM policy is printed out in a similar format to the cover of Mo Willem's book Don't Let the Pigeon Drive the Bus.

🐦 Hot take: Mo Willems actually wrote the best children's book about least-privilege access control.

Many kids' books follow a similar plot: kid (or animal) does the thing they're not supposed to do → chaos ensues → lesson learned.

But not Don't Let the Pigeon Drive the Bus.

Continued... 🧵 ⬇️

Sound familiar?
• Faster iteration
• Fewer humans → higher risk of failure
• Limited applicability

Auto belayers (ahem, AI) are great tools — but there are still many reasons to keep humans in the loop. Not taking over everything… yet.

The tradeoffs? Faster iteration, but less safety redundancy and less social interaction. No second human to double-check or brainstorm with. Also: limited environments - indoor gyms, preset routes, not outdoors.

Then came auto belayers: devices attached to the wall or ceiling that manage the rope automatically. You can climb solo and do rapid repetitions without another human in the loop.

Generalizing a bit: in most climbing I’ve done, you climb as a pair: a lead climber and a belayer. The belayer manages the rope, double-checks safety, and offers advice or encouragement from the ground.

Like most other technical people I know, I've been thinking about how AI is impacting my industry, and I found myself reminded of a different technology in a different field: auto belayers in rock climbing. 🧗

Huge kudos to the DistrictCon organizing team for pivoting to host as much of the conference as possible online with the anticipated travel disruptions due to snow. ❄️

Still thinking about how how inspired I feel by @districtcon.bsky.social Year 1! I am enjoying still processing everything: engaging talks, a CTF, a badge challenge. Every room was filled with people with an insane amount of talent, skill, and experience.

If you’ve got any favorite tools or tricks for keeping Rust compile times down, I’d love to hear them!
#Rust #RustLang #Cargo

Digging deeper, Rust devs pointed to a couple of helpful resources:
🔗 Corrode Rust Blog: corrode.dev/blog/tips-fo...

🔗 Rust Performance Book: nnethercote.github.io/perf-book/co...

The updated Cargo Book chapter offers practical strategies for understanding and improving Rust build performance: doc.rust-lang.org/stable/cargo...

🦀 Rust 1.92.0 was released yesterday! While reading the changelog, one thing that stood out to me was an update to the docs around build performance—not a main feature, but a useful improvement for anyone tuning compile times.

🔐📚 For cybersecurity professionals looking to do some technical reading:

Saw this great @humblebundle.com deal for up to 18 books from @nostarchpress.bsky.social and supports @eff.org that includes essential reading for offensive and defensive techniques.

www.humblebundle.com/books/hackin...

🎯 Answer: The original Rust compiler from 2010 was written in OCaml! 🐫

OCaml was chosen for its strong type system and pattern matching features. This "bootstrap" compiler was used to create the first self-hosting Rust compiler.
#Programming #PLT

💡 Trivia: What language was used to write the first Rust compiler?

Today's Rust compiler is self-hosting (written in Rust, compiles itself using an existing compiler). But this raises a question: How was the very first Rust compiler created when there was no Rust compiler to build it?
#RustLang

Today I switched my deployment from staging to production using GitHub Environments. Same workflow, but GitHub Actions automatically loaded all the prod secrets and configs. No script changes needed—it just worked exactly as designed. Love to see it!

#GitHubActions #DevOps

🦀 Help shape Rust's future! The 2025 State of Rust Survey is open

All experience levels welcome - from beginners to experts, even future Rustaceans.
Takes 10-25 mins, anonymous responses.
Deadline: Dec 17

🔗 blog.rust-lang.org/2025/11/17/l...

Fair point, but the benefits would include speed and efficiency: faster cold starts, lower memory usage, smaller deployment packages

That moment your GitHub Actions workflow launches and AWS happens to be releasing the new 5.x.x version of your action and you catch the very moment they are re-creating the high-level v5 tag 👀

🔗 Announcement link here: aws.amazon.com/about-aws/wh...

AWS Lambda now officially supports Rust! 🦀

This is huge news from pre:Invent 2025, bringing Rust's performance, memory efficiency, and safety to serverless functions.

What AWS re:Invent (Dec 1-5, Las Vegas) announcements are you most excited about?

#AWS #Rust #Serverless

Cloudflare outage on November 18, 2025 Cloudflare suffered a service outage on November 18, 2025. The outage was triggered by a bug in generation logic for a Bot Management feature file causing many Cloudflare services to be affected.

Read Cloudflare's write-up here: blog.cloudflare.com/18-november-...

Cloudflare's biggest outage since 2019 came down to an `.unwrap()` call that "should never fail" - until it did.

Key lesson: "This can never happen" usually means "hasn't happened yet." Always implement proper error handling in prod!

Kudos to Cloudflare for the transparent postmortem 🦀

Had a great time at MoCo Code & Coffee yesterday. Loved hearing what everyone’s building and swapping ideas. Already looking forward to the next one ☕💻

If you’re in MoCo and looking for a friendly group to code, chat, and caffeinate with, check out the meetup link: www.meetup.com/mocode-coffee/

Any D.C.-area folks planning on DistrictCon in January? GA tickets open tomorrow (Nov 16) at noon. Early Bird sold out in 30 𝘴𝘦𝘤𝘰𝘯𝘥𝘴, so set those alarms. ⏰

🎟️ here: www.districtcon.org/tickets

And it looks like the upcoming 3rd edition is changing the 3rd variable to:

`let disapproodles = "ಠ_ಠ"`

🤭