I build and break hardware with Nix. Security engineer at a company where full stack means the silicon.
Joined March 2014
- Tweets 577
- Following 183
- Followers 114
- Likes 369
75 Photos and videos
Jun 12
Pour one out for the maintainers who have to clean this up š©
2
437
Jun 11
Using Claude as a fuzzy home manager search engine works amazingly because the plugin ecosystem is all what you feel like adding anyway
Jun 10
nix is really a great technology if you never have to learn it. It's really interesting with AI because I'm using so many things I really, really hated because they were just too hard to maintain for me before.
1
52
Reverse lithography!
Jun 8
This photo was taken from an exposed DRAM cell.
Si is photosensitive so when you remove the packaging the entire chip act like a bunch of photodiodes.
Light Intensity -> higher leakage -> bit flips
You can then analyze the spatial distribution of bit flips to generate images.
55
mjones (@numinit) retweeted
Jun 6
What's better than #nix #nixos #nixpkgs ?
How about any derivation from #guix inside of Nix !
This was an idea I have had for a while.
Who wants to makeĀ a MetaPkgsĀ ?
fzakaria.com/2026/06/05/the-ā¦
1
4
10
499
mjones (@numinit) retweeted
May 31
meta gave their AI support agent the ability to modify your instagram account. no identity verification. people figured this out and accounts are being taken over right now
126
1,158
13,302
1,775,730
May 29
Currently in need of hardware to run a metric ton of ideally cloud-hypervisor VMs on for people to break in new and exciting ways, get in touch if you want to sponsor us!
We are proud to announce @floxdevelopment as a Closure tier sponsor for #NixVegas at DEF CON 34! Their help will allow us to provide DEF CON badges for our speakers.
CFP still open until 2026-06-15 ā”ļø cfp.nix.vegas/2026/
More sponsor info ā”ļø nix.vegas/2026/sponsor
1
1
124
mjones (@numinit) retweeted
May 26
An important and underrated skill - learning Latin so you can mog your coworkers by prompting Claude like a wizard
51
166
2,874
146,870
mjones (@numinit) retweeted
May 20
Poking at samsung SSDs some more. I can now decrypt almost all fw images and load them into IDA. Fw is signed with ECDSA, found public keys and can validate signatures. Found some VSCs to read/write RAM. Need to try to dump the bootloader and inspect boot time fw validation...
7
7
297
14,380
mjones (@numinit) retweeted
May 19
most of the so called LLM harnesses is just poorly reimplementing functions of GNU Emacs that go back to the late 1980s
1
1
19
592
As Iāve been saying forever, Linux has no meaningful privilege control system.
There are probably ~150 LPEs like this one floating around at any given time
š„ Introducing "Dirty Frag"
A universal Linux LPE chaining two vulns in xfrm-ESP and RxRPC. A successor class to Dirty Pipe & Copy Fail.
No race, no panic on failure, fully deterministic. ~9 years latent.
Ubuntu / RHEL / Fedora / openSUSE / CentOS / AlmaLinux, and more.
Even if you've applied the "Copy Fail" mitigation, your Linux is still vulnerable to "Dirty Frag". Apply the Dirty Frag mitigation.
Details:
dirtyfrag.io
4
5
60
8,260
So, turns out that Android wireless debugging will just go "yeah we trust this guy" because EVP_PKEY_cmp happens to return -1 if there's a mismatch in host key type, which they coerce to true because of course they accidentally misused this API, amazing
barghest.asia/blog/cve-2026-ā¦
5
142
Even though we need to mass rebuild after Linux updates, NixOS 25.11 is still patched against copy.fail before RHEL 10
1
4
203
PSA: All infrastructure powering nixbuild.net is patched for copy.fail. Worth mentioning is that even before patching, builds was not directly affected, since every build runs in its own lightweight VM, considerably reducing the scope of the vulnerability
2
3
10
487
Apr 30
say it... say it...
Apr 29
1
2
147
