rexstuff

@SkrzSecurity @IceSolst @BHinfoSecurity B&B is great, but many of the cards and scenarios aren't applicable to all orgs. A trained and customized agent can build something that makes sense for your particular kettle of issues.

@IceSolst I had this idea last night, and thought myself Very Smart (tm). Of course someone else has already thought of it. One extension to the idea, though: hook it up to your actual SIEM and tooling so it can understand your real logs and capabilities.

How we do tabletop exercises: - made a web app that generates a random scenario (via Claude) - pick the initial response, add a few words, then roll a d20 - the effectiveness of this step’s response is determined based on your roll (by Claude) - eg a 1 means, our logs show nothing, and the attacker pivots further etc. - you then write into a text box how you’d respond again, roll again, etc In the future, could add items and spells based on your “class”, eg security analyst vs SRE vs IT admin etc Super fun

@thdxr Because to us it seems obvious

nyc bans waymo and all of tech flips to moralizing when will we realize that our industry is fucking terrible at getting the world excited about the future for some reason we pretend like that's not part of the job

@HackingDave While you are certainly saying the right things, I hope you will forgive me if I remain skeptical and reluctant to give an unpredictable actor that level of power over my environment. Cheers.

@rexstuff They aren't suggestions if you control the model, we don't use the frontiers, and guardrails are implicit with encoders doing majority of the grunt work, then a LLM providing the human readable narratives, plus as you mention, strong access control

Using a coding hardness? Hook NightBeacon up to it. Drop files, logs, whatever - have it automatically RE it, give full timeline of artifacts. Have it automatically spin up containers and detonate malware, snag all the IOCs, submit it to TI sources automatically. Runs through Suricata, Zeek, Hayabusa, CAPE, and many others including 10K+ yara rules. Use velociraptor? Dump it in, automatically analyzes, reaches out via connectors to pull additional data if necessary, gives you full timelines. Want to kick off a threat hunt ? Cool, ask NightBeacon to generate a hypothesis based threat hunt on the past week of activity, pushes through your connectors, brings results back and analysis. Want to take action? "Contain these hosts". Done. Just want to see how your org is doing? "How am I looking today?" #BinaryDefense

@Madisonkanna @opencode 280 tps?! On GLM-5.2?! I want to believe, but there's no way... right?

the best open source model available in the best OSS harness @opencode >280 tps and <0.8 ttft

@HackingDave If not hallucinations, then over-eager agents trying to be 'helpful'. Guardrails are merely suggestions, the only way you can prevent an agent from going off the rails and paving your network is strong access controls.

@rexstuff Not prone to hallucinations - if you are experiencing that your safe guards and judge models aren’t setup well nor is the prompt

@thdxr "The best lack all conviction, while the worst Are full of passionate intensity."

this dynamic is really crazy right now even things for building other things are getting wrapped with another layer trying to be the access point everyone is flailing, full of anxiety, zero restraint

@araseb_ Codex can't write code. Codex can't do anything, until it a human tells it to. So a human needs to tell Codex to write the code, cool. But which human should be telling Codex what codes to write? Probably one who understands what good code is.

You’re in a tech interview and they ask you: “Why should we hire you when Codex can write code?” What’s your answer?

@ZackKorman @JeffBohren Of course the article is sensational, but Anthropic still chose their failure mode wrong. Such a command should fail safe, not let a user bypass controls. Tbh, I'm more bothered that Claude will sometimes straight up ignore `permissions.deny` settings.

It does but not how they present it. If a command has 50+ subcommands it isn’t checked against the block list, but instead it comes up and says “we can’t check all of these do you want to do it anyway” and you have to click yes/no. And the command is still checked by the ai, just not the block list, so the whole “it can steal your secret keys” and “they did it to save tokens” is just them totally not understanding this.

Adversa AI has analyzed the Claude Code source code and identified a serious vulnerability: "Every developer using Claude Code with deny rules configured has a false sense of security. A single malicious repository can harvest SSH keys, cloud credentials, and API tokens from every developer who clones it. The developers who took the time to configure security policies are precisely the ones who believe they are protected." This one is really serious. If you are using Claude Code, please read the full article in the comments.

@David_Charts2 @robbysoave The article is about a few select industries: academia, creatives, etc, a small part of the larger workforce. Just because its not showing up in the whole pop doesn't mean discrimination isn't happening in these specific industries.

@robbysoave No, you didn't. And you're doing fine. x.com/David_Charts2/…

This piece in Compact really does explain everything. If you're a white millennial man, you faced institutional discrimination on a massive level—in education, entertainment, academia, and elsewhere.

@_carlbeijer @robbysoave The data he cites is the whole census; the article highlights problems in a few select industries. Academia, creatives, etc, which make up a tiny part of the whole. Just because its not showing up in the whole census doesn't mean discrimination isn't happening in these industries

@robbysoave This isn't true, though. x.com/MattBruenig/st…

@MattBruenig Second graph is pretty much meaningless, and easy enough to debunk. Since 'everyone else' will exclude white men, women, who are more likely to be out of the workforce to rear children, will be over-represented. If anything, it supports the thesis, as 'everyone else' is climbing.

What Does the Census Data Say About “The Lost Generation” peoplespolicyproject.org/2025/12/17/wha…

@robbysoave Dan's problem isn't that he thinks opinion writers aren't journalists, it's that he thinks that journalists aren't opinion editors...

She worked for the Opinion pages of The New York Times. Opinion editors are journalists too, dude!

@LizWolfeReason May be less of a case of people not knowing than of people not caring. They're required to ask, they're not required to verify. Deep down, they know rule is stupid, but they're not about to rock the boat or put their job at risk for it.

That said, I realize people don't know kid ages, so I've been lying and saying my toddler is 5 just to skirt certain rules lately. People don't know anything! Maybe there's a way.

Crazy that you can't just bring kids into saunas in New York City, it's very good for your health and totally unreasonable that you can't simply steam the children the way they do in Finland

@emmma_camp_ But what I love about Martinis is that they're such a personal drink. Everyone who enjoys them is particular about how they like them - they have their own unique and exact way that they prefer them. How dry they like them, how they like them garnished, shaken or stirred, etc.

Wrote an anti-dirty martini rant for Secret Ballot this week. The filthy martini is a pick-me drink sorry not sorry!

@SFBayCityZen @EneaszWrites @extimitations This is the sort of thing that everyone over 40 should know. This needs to be everywhere.

@EneaszWrites @extimitations Did the dispatcher have him chew an aspirin? ahajournals.org/doi/10.1161/JA…

Incredible post on institutional rot in Canada, courtesy of @extimitations , coming out of InkHaven. "i get to the hospital at 1:30 am. the nurse gives me a long, hard stare after i tell them who i'm here to see. she asks if my mom told me the news, and that's the moment when i know for sure (except it still doesn't quite feel real). i lie and say yes, and she stares at me a little longer, scrutinizing. then she leads me to the room with my dad's body and the rest of my family. when i press one last kiss to his forehead, he is still not quite cool." jenn.site/my-dad-could-s…

@LizWolfeReason It's true. Every time I think I hate them enough, they do something like showing that I need to hate them yet more.

You don't hate teachers unions enough

@DavidLandrum6 @BridgetPhetasy @justjeren And you're also forgetting that the separation of church and state was primarily about protecting the church from the state, not the other way around.

@BridgetPhetasy @justjeren What Charlie forgets The 1st 13 colonies had constitutions that recognized royal authority & that no law could be passed to supersede English law We had a war to break free from colonial constitutions, not enshrine them & the establishment clause separates church & state

Back in March my husband @justjeren sent me this clip and it was then I realized I had a huge misconception of who Charlie was and what he was doing.

@LizWolfeReason Parenting is the most difficult but most rewarding thing you will ever do.

You can't really trust people's assessments of how hard parenting is because it's just totally dependent on the child's personality/temperament and the specific phase and the disposition of the parent and the circumstances they're raising the child under. Of course there's whiplash. Hard is one axis you judge it on, but meaningfulness/worthwhileness is the other, and it's really hard to convey both of those things at once. It is frequently hard, but it is *always* worthwhile. (If it is not that hard for you in general, or you're going through an easier period, you look like a showoff, so there's also an incentive to say it's hard, which probably leads to more public kvetching than would otherwise exist.) In my estimation, some parents don't spend much time A/B testing different approaches in an attempt to solve pain points (even really major things like living situation and different caregiving setups can be experimented with). And some parents are very malleable, overly listening to the advice of others vs. their own intuition/sense of what their child needs. If you're a pretty confident person who likes to nurture & teach, who has a strong support system, I think having kids will broadly be easier for you. You can ratchet different levers up or down––like, I was sorta depressed when my son was like 8 months old because I felt lonely and friendless, like all my friends were in a different life stage, which I solved by...making friends who have kids––as needed, you're not just totally at the mercy of the situation and the child. I think some parents just don't realize that a) you can still make drastic changes, and b) the situation is still, to some degree, within your control to fix and improve and tweak. That said, imo, the big X factor is just the temperament of the child you're dealt. (Parents with lots of kids, feel free to tell me I'm wrong if I am. I reserve my right to alter my opinions when my second is born this winter.)