John Downey
@jtdowney.com
CISO at GoFundMe. Previously at Root, Braintree, PayPal. Director at the Dystonia Medical Research Foundation. He/him
There is something deeply funny about letting an agentic AI browser fill out a bunch of RFP forms for me and seeing that one of the forms has a question where you need to prove you are human by answering a math question, and the browser doesn't even stop to ask me. It just puts in the answer.
February 3, 2026 at 11:24 AM
There is something deeply funny about letting an agentic AI browser fill out a bunch of RFP forms for me and seeing that one of the forms has a question where you need to prove you are human by answering a math question, and the browser doesn't even stop to ask me. It just puts in the answer.
Tiger got to sleep, bird got to land, bear got to throw an interception on a fourth down
January 18, 2026 at 11:50 PM
Tiger got to sleep, bird got to land, bear got to throw an interception on a fourth down
Deno messed up HMAC-SHA-512/224 and HMAC-SHA-512/256 because they are so obscure, I am sure no one uses them github.com/denoland/deno/issu...
HMAC with SHA-512/224 and SHA-512/256 produces incorrect results using node:crypto polyfill · Issue #31765 · denoland/deno
Version: Deno 2.6.3 I am working on a cryptography library for the Gleam ecosystem and in testing my test suite against the various Gleam targets (Erlang, Node, Bun, and Deno), I noticed that Deno'...
github.com
January 4, 2026 at 5:48 PM
Deno messed up HMAC-SHA-512/224 and HMAC-SHA-512/256 because they are so obscure, I am sure no one uses them github.com/denoland/deno/issu...
I just saw that my library had no unexpired copies of an ebook I had on hold and it made me remember that the overdrive/libby system is insane with forced expiration of digital books
December 29, 2025 at 5:26 PM
I just saw that my library had no unexpired copies of an ebook I had on hold and it made me remember that the overdrive/libby system is insane with forced expiration of digital books
Got back into reading this year by keeping three books going at once and switching by chapter. It removed just enough friction to keep momentum.
Wrote up what worked and what I noticed along the way:
jtdowney.com/blog/2025/12/18/...
Wrote up what worked and what I noticed along the way:
jtdowney.com/blog/2025/12/18/...
So I Got Back Into Reading
I started the year with a reading goal of 12 books because I was trying to become a person who reads again. One a month felt realistic. It was a way to commit without pretending I knew exactly how it would fit into real life.
Once it was obvious I was going to clear 12, I escalated the goal to 26. One every two weeks felt like a useful constraint, the kind that nudges you forward without turning a hobby into a performance review.
jtdowney.com
December 19, 2025 at 2:55 AM
Got back into reading this year by keeping three books going at once and switching by chapter. It removed just enough friction to keep momentum.
Wrote up what worked and what I noticed along the way:
jtdowney.com/blog/2025/12/18/...
Wrote up what worked and what I noticed along the way:
jtdowney.com/blog/2025/12/18/...
I finished pragprog.com/titles/jbtracer/... after like 10 false starts, the big hurdle over the years was the pain of translating the tests from the book to Rust. It turns out LLMs will do that no problem now. I even got in there and tried some SIMD optimizations: github.com/jtdowney/ray_tracer
The Ray Tracer Challenge
Challenge yourself and code a photorealistic 3D renderer from scratch, test-first, with shadows, reflections, and support for a half-dozen graphics primitives.
pragprog.com
December 14, 2025 at 3:28 AM
I finished pragprog.com/titles/jbtracer/... after like 10 false starts, the big hurdle over the years was the pain of translating the tests from the book to Rust. It turns out LLMs will do that no problem now. I even got in there and tried some SIMD optimizations: github.com/jtdowney/ray_tracer
As the parent of a grade schooler, I feel like Spotify is trolling me with 6-7
December 4, 2025 at 2:30 AM
As the parent of a grade schooler, I feel like Spotify is trolling me with 6-7
I got tired of manually copying binaries to servers, so I built Distronomicon. It automates continuous deployment of artifacts directly from CI and supports private GitHub repositories.
It's written in Rust and designed for Linux servers with systemd. Code is here: github.com/jtdowney/distronom...
It's written in Rust and designed for Linux servers with systemd. Code is here: github.com/jtdowney/distronom...
GitHub - jtdowney/distronomicon: Linux tool that checks GitHub for repository releases and performs automatic updates
Linux tool that checks GitHub for repository releases and performs automatic updates - jtdowney/distronomicon
github.com
November 3, 2025 at 3:33 AM
I got tired of manually copying binaries to servers, so I built Distronomicon. It automates continuous deployment of artifacts directly from CI and supports private GitHub repositories.
It's written in Rust and designed for Linux servers with systemd. Code is here: github.com/jtdowney/distronom...
It's written in Rust and designed for Linux servers with systemd. Code is here: github.com/jtdowney/distronom...
Been a fan of Fabric (from @danielmiessler.bsky.social) for a while and wanted this for myself, so decided to build it. Tapestry brings Fabric patterns into Chrome/Firefox. Run prompts on any page without context hopping. github.com/jtdowney/tap...
GitHub - jtdowney/tapestry: Leverage Fabric's crowdsourced LLM prompts directly from your browser
Leverage Fabric's crowdsourced LLM prompts directly from your browser - jtdowney/tapestry
github.com
September 5, 2025 at 1:08 AM
Been a fan of Fabric (from @danielmiessler.bsky.social) for a while and wanted this for myself, so decided to build it. Tapestry brings Fabric patterns into Chrome/Firefox. Run prompts on any page without context hopping. github.com/jtdowney/tap...
Knowing that LLMs are a fuzzy approximation of the internet and then seeing how quickly Claude is willing to ignore failing tests does not bode well for the broader software industry
September 3, 2025 at 1:57 PM
Knowing that LLMs are a fuzzy approximation of the internet and then seeing how quickly Claude is willing to ignore failing tests does not bode well for the broader software industry
Inside every LLM coding agent are three wolves:
1. Superstar instantly spotting bugs you chased for weeks
2. Mid-level dev who can Google and read docs
3. Intern on day one with a recent head injury
Which shows up depends on your prompt and context. It’s not always immediately clear who arrived.
1. Superstar instantly spotting bugs you chased for weeks
2. Mid-level dev who can Google and read docs
3. Intern on day one with a recent head injury
Which shows up depends on your prompt and context. It’s not always immediately clear who arrived.
July 9, 2025 at 12:08 PM
Inside every LLM coding agent are three wolves:
1. Superstar instantly spotting bugs you chased for weeks
2. Mid-level dev who can Google and read docs
3. Intern on day one with a recent head injury
Which shows up depends on your prompt and context. It’s not always immediately clear who arrived.
1. Superstar instantly spotting bugs you chased for weeks
2. Mid-level dev who can Google and read docs
3. Intern on day one with a recent head injury
Which shows up depends on your prompt and context. It’s not always immediately clear who arrived.
Had an itch to simplify my tsnsrv setup, registering multiple services easily in one process. Not a Go dev, but AI coding assistants (mostly Claude, a bit of Gemini) helped me build tsbridge this weekend. It supports Docker too, inspired by Traefik!
Check it out:
github.com/jtdowney/tsb...
Check it out:
github.com/jtdowney/tsb...
GitHub - jtdowney/tsbridge: A lightweight proxy manager built on Tailscale's tsnet library that enables multiple HTTPS services on a Tailnet
A lightweight proxy manager built on Tailscale's tsnet library that enables multiple HTTPS services on a Tailnet - jtdowney/tsbridge
github.com
June 23, 2025 at 11:47 AM
Had an itch to simplify my tsnsrv setup, registering multiple services easily in one process. Not a Go dev, but AI coding assistants (mostly Claude, a bit of Gemini) helped me build tsbridge this weekend. It supports Docker too, inspired by Traefik!
Check it out:
github.com/jtdowney/tsb...
Check it out:
github.com/jtdowney/tsb...
Is it dns or bgp, I'm guessing bgp
June 12, 2025 at 6:47 PM
Is it dns or bgp, I'm guessing bgp
Me too, Claude Code, me too
June 2, 2025 at 5:28 PM
Me too, Claude Code, me too
Something I realized yesterday while testing Codex on a legacy codebase: if your team already supports junior devs with clear documentation, strong test coverage, and clean architecture, you’ll easily adopt these AI coding tools. If you don’t, the AI tools will struggle just like junior devs do.
May 20, 2025 at 12:57 PM
Something I realized yesterday while testing Codex on a legacy codebase: if your team already supports junior devs with clear documentation, strong test coverage, and clean architecture, you’ll easily adopt these AI coding tools. If you don’t, the AI tools will struggle just like junior devs do.
Proud to serve on the board of the Dystonia Medical Research Foundation and support its mission as a dystonia patient.
The DMRF's 2025 Auction for Action is live. Funds raised go directly to research and support for the dystonia community.
Take a look and consider bidding: bit.ly/4diKJVt
The DMRF's 2025 Auction for Action is live. Funds raised go directly to research and support for the dystonia community.
Take a look and consider bidding: bit.ly/4diKJVt
OneCause
bit.ly
May 13, 2025 at 12:53 PM
Proud to serve on the board of the Dystonia Medical Research Foundation and support its mission as a dystonia patient.
The DMRF's 2025 Auction for Action is live. Funds raised go directly to research and support for the dystonia community.
Take a look and consider bidding: bit.ly/4diKJVt
The DMRF's 2025 Auction for Action is live. Funds raised go directly to research and support for the dystonia community.
Take a look and consider bidding: bit.ly/4diKJVt
Reposted by John Downey
“chicago pope” is one of the shows jack donaghy greenlit when he was tanking nbc
May 8, 2025 at 5:29 PM
“chicago pope” is one of the shows jack donaghy greenlit when he was tanking nbc
First pope that's almost certainly eaten an Italian beef
May 8, 2025 at 5:35 PM
First pope that's almost certainly eaten an Italian beef
We've spent so many years teaching people that effective management in creative fields is giving people autonomy and not micromanaging them. Now we want people to manage AI agents where micromanagement is a strength. #ai #management
May 2, 2025 at 12:48 PM
We've spent so many years teaching people that effective management in creative fields is giving people autonomy and not micromanaging them. Now we want people to manage AI agents where micromanagement is a strength. #ai #management
My 6-year-old wanted to help make coffee so they could surprise Mom for Mother's Day. After I explained the coffee maker, they had two big takeaways: it's basically a shower for coffee grinds, and four is not a real number.
#MothersDay #CoffeeTime #Parenting #KidsLogic
#MothersDay #CoffeeTime #Parenting #KidsLogic
April 26, 2025 at 12:19 PM
My 6-year-old wanted to help make coffee so they could surprise Mom for Mother's Day. After I explained the coffee maker, they had two big takeaways: it's basically a shower for coffee grinds, and four is not a real number.
#MothersDay #CoffeeTime #Parenting #KidsLogic
#MothersDay #CoffeeTime #Parenting #KidsLogic
Just released rsubst: a lightweight CLI tool built in Rust for template substitution, inspired by envsubst and Jinja. Great for Docker configs where you don't want to include a Python runtime.
GitHub: https://github.com/jtdowney/rsubst
#Rust #Docker #DevTools #OpenSource
GitHub: https://github.com/jtdowney/rsubst
#Rust #Docker #DevTools #OpenSource
GitHub - jtdowney/rsubst: A small, envsubst-like utility with conditional logic and advanced templating
A small, envsubst-like utility with conditional logic and advanced templating - jtdowney/rsubst
github.com
April 2, 2025 at 11:22 AM
Just released rsubst: a lightweight CLI tool built in Rust for template substitution, inspired by envsubst and Jinja. Great for Docker configs where you don't want to include a Python runtime.
GitHub: https://github.com/jtdowney/rsubst
#Rust #Docker #DevTools #OpenSource
GitHub: https://github.com/jtdowney/rsubst
#Rust #Docker #DevTools #OpenSource
I recently shared how our security and IT teams at GoFundMe rolled out phishing-resistant MFA using YubiKeys. Check out our journey here:
GoFundMe CISO John Downey breaks down its jump to using YubiKeys
John Downey tells IT Brew that he gave YubiKeys a more official role in its zero-trust strategy last year after observing an uptick in phishing attempts.
www.itbrew.com
March 12, 2025 at 8:40 PM
I recently shared how our security and IT teams at GoFundMe rolled out phishing-resistant MFA using YubiKeys. Check out our journey here:
Announcing ExAcme, an Elixir library for interacting with RFC 8555 ACME servers. Still early, but it successfully issues with Pebble and Let's Encrypt staging. There are many missing features, but I wanted to stop and extract this library from my side project.
github.com/jtdowney/ex_...
github.com/jtdowney/ex_...
GitHub - jtdowney/ex_acme: A library for interacting with ACME servers like Let's Encrypt.
A library for interacting with ACME servers like Let's Encrypt. - jtdowney/ex_acme
github.com
February 26, 2025 at 11:37 AM
Announcing ExAcme, an Elixir library for interacting with RFC 8555 ACME servers. Still early, but it successfully issues with Pebble and Let's Encrypt staging. There are many missing features, but I wanted to stop and extract this library from my side project.
github.com/jtdowney/ex_...
github.com/jtdowney/ex_...