After months of research and interviews we have released our report on Vulnerability Management for Cloud Native (and legacy) workloads. These newer tools help us to be more effective with the limited resources of today’s cybersecurity teams. gigaom.com/report/gigaom-rad…

终于找到一个能替代 Wireshark 的开源神器。 GitHub 3.7 万 Star 的 Sniffnet，把网络监控做成了普通人也能看懂的样子。 很多人打开 Wireshark 的第一反应都是： 看不懂，直接关闭。 而 Sniffnet 完全不同。 实时显示上传下载流量、连接主机、访问域名、IP 地理位置，甚至还能查看正在偷偷联网的软件。支持流量过滤、PCAP 导入导出、多网卡监控。 最关键的是界面非常舒服。 不用研究抓包规则，不用学习复杂命令，打开就能看到电脑到底在和谁通信。很多用户直接把它当成 GlassWire 的免费替代品。(Windows Central) Windows、macOS、Linux 全平台支持，Rust 编写，占用资源极低。(GitHub) 对于经常折腾代理、NAS、Docker、服务器的人来说，这绝对属于装机必备工具。 github.com/GyulyVGC/sniffnet

MIT DEDICATED A FULL LECTURE TO GIT'S INTERNALS -- BECAUSE THEY FOUND MOST DEVS MEMORIZE THE COMMANDS AND HAVE NO IDEA WHAT THE TOOL ACTUALLY DOES A whole 85 minutes MIT session that refuses to teach git as a list of commands to copy, and instead shows you the data model underneath -- the thing that makes every command finally make sense. -> The moment it clicks, git stops being scary magic. You stop memorizing "The incantation that fixed it last time" and start actually knowing what's happening. Most people learn just enough git to not get fired. Four commands, blind faith, and a prayer before every merge. In 2026 that's not enough anymore -> git is the literacy test for being in the room, and "I'll just reclone it" is the fastest way to look junior. An AI agent will branch, commit and rebase faster than you can read. When it tangles the history, untangling it runs on understanding the model MIT teaches in this one hour. Anyone can run git push. The person who understands the graph underneath is the one who saves the repo when it breaks. Bookmark & Watch it ↓

wow porto’s

I went back today, with specifics in mind; and had an unbelievable experience. My first Yelp review ever is below. Don't let Sandy or Henry scare you. They have so much to tell and offer, they just are too afraid of the world now to share it most of the time. Who isn't. If you get a chance to go, do your homework; but I promise you won't regret it. 2/2

Fork your dependencies, trim them to only your use case, never update unless it breaks for your users. I’ve been vocal about this for 10 years. I’ve always said that updating is way riskier than latent bugs (which can be tracked and CVEs monitored). If you are updating a dependency, it’s on you to analyze every single commit in the full transitive set of dependencies. If you dont see anything compelling, dont update! I remember at HashiCorp once in awhile an engineer would try to update a dep or replace a DIY lib with an external one and id always ask “show me the commit we need.” Dont update for the sake of it. Feeling pretty swell about this mentality with all the supply chain attacks happening.

$97,000 AWS bill in 48 hours. Hacked account, Bedrock API, ~2 million tokens per minute. I guess long-lived access keys made it possible! 🔓 Here's what actually protects you: 1. 𝗗𝗶𝘁𝗰𝗵 𝗹𝗼𝗻𝗴-𝗹𝗶𝘃𝗲𝗱 𝗮𝗰𝗰𝗲𝘀𝘀 𝗸𝗲𝘆𝘀

I always thought that each /24 must have it's own DNS zone file for reverse IP Address resolution. I looked it up. TIL that you can have a giant /16 zone file for PTR records. Wow! arin.net/resources/manage/re…

Why can't people spell On-Premises correctly? K3s on On-Prem Infrastructures the GitOps Way: Writing a Custom k0rdent Template from Scratch cncf.io/blog/2026/04/17/k3s-… #cncf via @CloudNativeFDN

Anthropic CISO just told you that 90% of their code is written by Claude. Then he explained how they protect their own secrets while doing it. Why your .env file is the weakest link in your entire AI workflow? Watch it, then grab the full security config below👇

Turns old Android phones into Linux desktops or smart home servers github.com/mayukh4/linux-and…

too real

GRC platform for cybersecurity management github.com/intuitem/ciso-ass…

Microsoft introduces Backup and Recovery for Microsoft Entra ID! Entra Backup and Recovery solution enables you to quickly recover from malicious attacks or accidental changes by reverting your core tenant objects to any previous state within the last 5 days. With automated backups and granular recovery capabilities, it ensures minimal downtime and supports your business continuity in the face of unexpected disruptions. Entra automatically generates one backup per day, retaining the last 5 days of backup history. You can recover key properties of the following core tenant objects: - Users - Groups - Applications - Conditional access policies - Service principals - Organization - Authentication methods - Authorization policy - Named locations #EntraID #Microsoft365 #Microsoft

Affected client: @cluely Yes, that Cluely, the company that sells AI overlays to help people cheat interviews. A company whose entire value prop is undetectable deception was getting its compliance from a company whose entire value prop is undetectable deception. Synergy!

Multithreaded Nmap wrapper with a dashboard github.com/Sharkeonix/nmap-u…

join the society of quantum engineers sqe as we strive towards sqeatsjsu.org Quantum engineering applies quantum mechanics to design technologies that solve problems too complex for classical computers, utilizing qubits for simultaneous processing.

basic software supply chain security controls dictate that we don’t allow unfettered access to the internet from devices on networks we control. use a binary registry service like artifactory with x-ray from @jfrog to mitigate rookie configuration mistake vulnerabilities

Google Cloud is giving out FREE access to its GCP lab environment plus a 100% exam voucher. This is fully covered. All you need to do is complete the required learning activities, and you earn a voucher for an eligible certification exam. Eligible exams include: - Associate Cloud Engineer - Professional Cloud Architect - Generative AI Leader Registrations are currently open and close March 11. If you’ve been waiting for an excuse to get cloud-certified, this is it. Get started here: developers.google.com/progra… Don’t say nobody told you.

New AirSnitch attack breaks Wi-Fi encryption in homes, offices, and enterprises: arstechnica.com/security/202… AirSnitch resets WiFi security back to the bad-old-days of ARP spoofing and trivial MITM.

Sweden is committing more than €100 million to a sweeping classroom overhaul: replacing tablets and screens with traditional printed textbooks to help reverse falling student performance and sharpen focus. After more than a decade of embracing digital-first education, Swedish authorities are now pivoting back to paper-based learning. Official data and recent studies cited by the Ministry of Education show that prolonged screen use in class has been linked to shorter attention spans, weaker reading comprehension, and reduced critical-thinking abilities. Research consistently finds that reading on illuminated screens requires greater mental effort and invites more distractions compared to the calm, linear experience of physical books—factors believed to have contributed to declining academic outcomes in recent years. Under the new plan, every student will receive printed textbooks for all core subjects, restoring books as the central learning tool. Digital devices and online resources will remain available as supportive tools, but they will no longer dominate daily instruction. This bold €100 million investment signals Sweden’s leadership in rethinking the role of technology in education. It underscores a broader, growing recognition worldwide: while screens provide speed and access, the hands-on, distraction-free engagement of physical books supports deeper concentration, stronger memory retention, and more effective long-term learning. By choosing paper over pixels, Sweden is charting a path toward a more balanced, evidence-informed classroom future—one that puts proven pedagogical principles ahead of unchecked digital trends.