← All episodes

2026-06-17 · A backdoor in a LinkedIn job offer cover art

2026-06-17 · A backdoor in a LinkedIn job offer

Show notes

BRINE — 2026-06-17 · show notes

Guest: the security paranoid (a fictional archetype).

Claims are paraphrased and attributed; nothing is read verbatim. Where a thread disagreed with the article, the show surfaces the disagreement.

Segments

  1. A backdoor in a LinkedIn job offer
  • Source: https://roman.pt/posts/linkedin-backdoor/
  • Discussion: https://lobste.rs/s/2u1z4w
  • Topic: Security / Supply Chain Attacks · interest 90
  • The author details a targeted phishing attack where a fake job offer enticed them to clone a malicious repo containing an npm 'prepare' hook backdoor. The thread features high-signal debate on whether using AI to audit unknown code is a legitimate security practice or a dangerous new vector for prompt injection, alongside documentation of the attack's persistence despite reports.
  1. savearoundtrip: publish an HTTPS DNS record, skip a round trip
  • Source: https://savearoundtrip.com/
  • Discussion: https://lobste.rs/s/wlm6dv
  • Topic: networking · interest 85
  • The article argues for using HTTPS DNS records to enable HTTP/3 and Encrypted Client Hello (ECH) at the start of a connection, bypassing the round-trip latency penalty inherent in the older Alt-Svc header method. It provides a helpful technical breakdown of how HTTPS RR optimizes connection establishment and simplifies cache management for modern web protocols.
  1. How Developers React to AI-Scented Blog Posts
  • Source: https://writethatblog.substack.com/p/dev-reaction-to-ai-blog-posts
  • Discussion: https://lobste.rs/s/pxqwxy
  • Topic: AI in technical writing · interest 85
  • This article presents survey findings suggesting that tech readers exhibit strong negative bias against LLM-authored content, often leading to immediate site abandonment or active downvoting. The comments provide a balanced critique of the study, noting that while the results reflect a genuine backlash against 'LLM-ese' tropes, the survey sample likely suffers from self-selection bias from readers who are already sensitive to the issue.

Transcript

Transcript. Paraphrased; sources in notes.md.

HostIt is June 17th, 2026. Welcome back. Today on the show, we are looking at a classic supply chain bait-and-switch, the quiet efficiency of modern DNS records, and the growing wall of resistance against AI-written technical content. Alex, I have to ask, as someone who treats every pull request like a potential ticking time bomb, did you see this story about the LinkedIn phishing attack?

GuestOh, I saw it, Daniel. It’s beautiful in a horrifying way. The author’s claim is that they were lured in by a fake job offer, complete with a recruiter and a request to debug a repo. It is the oldest trick in the book, yet people still fall for it because they want to believe the process is safe.

HostThey used a tool, Pi, to audit the code in a sandbox before running it. Over on Lobsters, the Lobsters thread had a lot to say about that. A user called banna argued that relying on an LLM to find malicious code is misguided, because the agent itself could be compromised or just plain wrong.

GuestBanna is absolutely right. Relying on an LLM to vet code is like asking a hungry fox to guard the henhouse. You are introducing another black box into your supply chain. You want to know how I would handle that repo? I would dump the strings, look for network calls, and then manually trace the execution path. If it looks like a test suite but it is reaching out to a mystery domain in a different country, you do not need an agent to tell you it is malicious. You need to nuke the VPS and move on.

HostSpeaking of network calls, our next topic is about saving a round trip when connecting to a server. The author argues that using HTTPS DNS records is a much smarter way to signal HTTP/3 support compared to the traditional Alt-Svc header. HTTPS DNS, for the uninitiated, is a way to publish connection parameters directly in the DNS layer so the browser knows exactly how to talk to the server without needing that initial ping-pong of headers.

GuestNow, this I can get behind. The less a browser has to negotiate blindly over the wire, the better. Reducing surface area and latency is the game. But the Lobsters thread pointed out some friction. A user named chrismorgan noted that the article itself was bloated and likely written by an LLM, which is a bit of a meta-irony given our next story. And a user named hoistbypetard mentioned that Apple still uses an ancient version of dig that does not even support these records.

HostIt is a constant battle between shipping the new standard and actually having the tools to verify it. Trousers in the thread suggested using drill from ldns, which seems to be the go-to for people who want to see these records without waiting for macOS to catch up.

GuestEveryone wants the speed, but nobody wants to update their binary dependencies. That is how you get vulnerabilities, Daniel. You have a shiny new protocol and a library from 2014 parsing the packets. It is a disaster waiting to happen.

HostWhich brings us to our final topic, the backlash against AI-scented blog posts. A report surveyed developers and found that, overwhelmingly, people are tired of the soulless, padded style that comes with LLM-generated technical writing.

GuestThank goodness. The AI tone is unmistakable. It is that sickly sweet, condescending, rule-of-three-heavy prose that treats every reader like a complete beginner. A Lobsters user named Hamcha hit the nail on the head. In their words, "it feels condescending, because it's trained on marketing copy that treats everyone like apes." I would take a broken, grammatically messy post written by a human who actually built something over a polished, AI-generated void any day of the week.

HostIt seems the consensus is that the "blank page barrier" that LLMs supposedly solve is actually a filter for whether or not someone has something worth saying. If you cannot write it, maybe you haven't lived it.

GuestExactly. If you need a machine to manufacture your thoughts, your thoughts are probably not worth reading. And frankly, if I see an article that looks like it was spat out by a prompt, I just close the tab. I have enough noise in my threat models already; I do not need it in my reading list, too.

HostThat is all the time we have for today. I am going to go verify my local binaries, and Alex, you are going to go back to staring at your firewall logs, I assume?

GuestNaturally. I have a feeling the coffee machine is planning something, and I intend to catch it in the act.

HostI would expect nothing less. Thanks for joining me, Alex. And thank you to everyone listening; all of today's stories and the accompanying discussions were sourced from Lobsters. We will see you back here tomorrow.