Ian Nickles's Avatar

Ian Nickles

@inickles

science, infosec, snowboarding.

193
Followers 86
Following 17
Posts 12.11.2024
Joined
Posts Following

Latest posts by Ian Nickles @inickles

come work with me! @oxide.computer is currently hiring for a whole bunch of different engineering roles, up and down the stack β€” from distributed systems to electrical engineering!

29.04.2025 22:04 πŸ‘ 122 πŸ” 32 πŸ’¬ 9 πŸ“Œ 0

Offensive Oxide marketing copy when?

27.03.2025 16:17 πŸ‘ 3 πŸ” 0 πŸ’¬ 1 πŸ“Œ 0

Pete Hegseth: "We are currently clean on OPSEC"

26.03.2025 15:58 πŸ‘ 1 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0
Preview
Anyone Can Push Updates to the DOGE.gov Website "THESE 'EXPERTS' LEFT THEIR DATABASE OPEN."

Scoop: The databases powering DOGE.gov are insecure, and people outside the government have already pushed their own updates to the site to prove it:

www.404media.co/anyone-can-p...

14.02.2025 06:44 πŸ‘ 14461 πŸ” 5928 πŸ’¬ 408 πŸ“Œ 1133
Preview
Multiple Russian Threat Actors Targeting Microsoft Device Code Authentication Starting in mid-January 2025, Volexity identified several social-engineering and spear-phishing campaigns by Russian threat actors aimed at compromising Microsoft 365 (M365) accounts. These attack cam...

Device code phishing strikes again www.volexity.com/blog/2025/02...

14.02.2025 10:13 πŸ‘ 3 πŸ” 3 πŸ’¬ 0 πŸ“Œ 0
Preview
Unable to implement an extractor the references my app-specific server context Β· Issue #972 Β· oxidecomputer/dropshot I was looking to implement an ExclusiveExtractor that references data in my server context, and at first glance I thought I was going to be able to, but now I'm not seeing how I can specify my conc...

I think that's an example of extractors, not a middleware layer, like with Axum and Tower.

You can implement your own extractors in dropshot as well, but not those that are generic over your context, so you're left with doing the function call as you have here.

Related: github.com/oxidecompute...

29.01.2025 20:05 πŸ‘ 1 πŸ” 0 πŸ’¬ 1 πŸ“Œ 0
Post image

C IS LEGAL AGAIN

25.01.2025 05:47 πŸ‘ 764 πŸ” 192 πŸ’¬ 22 πŸ“Œ 31

Based

22.01.2025 01:09 πŸ‘ 5 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0
Product Security Bad Practices | CISA This voluntary guidance provides an overview of product security bad practices that are deemed exceptionally risky, particularly for software manufacturers who produce software used in service of crit...

New version of Product Security Bad Practices from CISA just dropped.

www.cisa.gov/resources-to...

17.01.2025 18:22 πŸ‘ 2 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0

After the holidays I am ready for my vacation next week where I return to work.

03.01.2025 19:46 πŸ‘ 0 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0
Preview
How to Say β€œNo” Well Security’s pivot from β€˜Department of No’ to β€˜Department of Yes’ misses the real lesson - how to say β€˜No’ the right way.

Lately, every BSides seems to have a talk on reframing security teams as a β€œDepartment of Yes”

We don’t hear nearly as much about the value of a well-considered, strategically deployed β€œNo”

I've pulled together guidance on giving a better, more constructive No:
ramimac.me/saying-no

30.12.2024 15:08 πŸ‘ 21 πŸ” 10 πŸ’¬ 0 πŸ“Œ 0
When You Get Your Password Wrong
When You Get Your Password Wrong YouTube video by Fairbairn Films

I've never felt so seen and attacked at the same time.

youtu.be/4gygGeLsU7A

20.12.2024 21:35 πŸ‘ 0 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0
Preview
Oxide Computer Company Servers as they should be. Hardware, with the software baked in, for running infrastructure at scale.

The new oxide.computer is live πŸš€

17.12.2024 20:32 πŸ‘ 104 πŸ” 16 πŸ’¬ 4 πŸ“Œ 2
Picture of a door labeled Palisades Tahoe Security that is not fully closed.

Picture of a door labeled Palisades Tahoe Security that is not fully closed.

FAIL

14.12.2024 22:22 πŸ‘ 1 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0

Forgot to mention OSCAL, which provides all 800-53 controls and enhancements in structured formats (incl JSON) has been very helpful.

13.12.2024 23:07 πŸ‘ 1 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0

But still. Damn.

13.12.2024 23:04 πŸ‘ 0 πŸ” 0 πŸ’¬ 1 πŸ“Œ 0

The Security Baselines and Control Summaries tables are very helpful in sifting through which of 1190 controls and enhancements I might care about, which I am thankful for.

13.12.2024 23:04 πŸ‘ 0 πŸ” 0 πŸ’¬ 1 πŸ“Œ 0

NIST SP 800-53 Rev 5 is a grind.

13.12.2024 22:59 πŸ‘ 1 πŸ” 0 πŸ’¬ 1 πŸ“Œ 0
Picture of 0day IPA 12 oz can from Jailbreak Brewing.

Picture of 0day IPA 12 oz can from Jailbreak Brewing.

hack the planet

05.12.2024 18:43 πŸ‘ 2 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0
Photo of the Apollo 11 command module Columbia at the Smithsonian National Air and Space museum.

Photo of the Apollo 11 command module Columbia at the Smithsonian National Air and Space museum.

First time in DC. Got to see the Apollo 11 command module at the Smithsonian National Air and Space museum.

05.12.2024 03:16 πŸ‘ 2 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0

Yeah, we reserved a CVE but were waiting to publish the details on our site before filling it out. We'll get that CVE updated.

29.11.2024 00:44 πŸ‘ 1 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0

To be clear, all Oxide advisories are public.

27.11.2024 20:21 πŸ‘ 1 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0
Docs / Oxide

Public Oxide security advisories are live!

docs.oxide.computer/security

27.11.2024 19:54 πŸ‘ 17 πŸ” 1 πŸ’¬ 2 πŸ“Œ 0
Preview
Oxides rackscale compute platform lands at LNLL System to serve as a proof of concept for applying API-driven automation to scientific computing

Great article on our work with Lawrence Livermore National Laboratory and how they'll use their new Cloud Computer

21.11.2024 19:53 πŸ‘ 36 πŸ” 2 πŸ’¬ 2 πŸ“Œ 0