The greatest piece of advice I was ever given was this: when you stop work for the day, never stop at a 'clean' break point; stop in the middle of something you can finish easily.
That way the next morning you're not confronted with a a dauntingly blank page or an empty function to write, but a half-finished one you can get back into without difficulty.
I can't remember who gave me that advice, but I've stuck to it dogmatically whenever I can.
El presidente de Estados Unidos, DonaldRTVE.es/Agencias (RTVE.es)
I was recently reminded of this.
A couple decades ago, I wrote a short paper that described how the basic approaches of cryptography and computer security lead to an efficient and practical privilege escalation attack against master-keyed mechanical locks, which I published in IEEE Security and Privacy (a nerdy computing technical journal).
TL;dr: Master-keyed locks have fundamental, exploitable weaknesses.
But I wasn't ready for what happened next.
1/
Fellas I went to a professional sports game tonight and it was $15 for a can or tap beer.
FIFTEEN DOLL HAIRS
MORE USPS FUCKERY
The USPS just changed the meaning of a postmark. Under the old rules, when you dropped the mail off at the post office was the postmark date.
Now, the postmark is the date your mail was first processed by an automated center.
If you drop your mail off Monday but it doesn't get processed until Wednesday, Wednesday is the new postmark date.
Yes, this can affect taxes, healthcare, and-- not coincidentally, I'm sure-- ELECTIONS.
nstp.org/article/usps-announce…
The United States Postal Service (USPS) has adopted a final rule (FR Doc.nstp.org
but this is how it always was. If you drop your mail off into their possession (big blue drop box) but they don't pick it up until tomorrow and process it at the local post office, the postmark is tomorrow not today ...
Yes they will absolutely use this as a way to sceew with mail in ballots by disrupting processing of those too close to the deadline (understaff, shutdown USPS, etc) and now there will be little chance of successfully challenging it. At this point Trump could legally fire EVERYONE at USPS weeks before the election to screw everyone over too and he probably will.
i guess another example is if you drop off late Saturday it wouldn't be postmarked until Monday. If Monday is a holiday, now its Tuesday ...
I guess we have to expect postmark can be up to 4 days in the future now with centralized processing -- or more if they play dirty politics
@alecaddd And in doing so, created a very specific perspective that incorporated their context to decide what to leave in, what to leave out, what additional information to include that was not in the book, and so forth.
There is no canonical "right"or "best" summary. That AI "feature" is shallow, not deep.
The conversation about AI is exhausting, and I'm finding myself more and more talking with my friends about its dangers and downfalls.
I definitely see a new level of awareness and skepticism coming from non-tech people, which is great.
One question that sometimes come up with people wanting to learn how to code is "Is it worth even doing it with all this AI self coding tools?"
Hell yeah! Absolutely! Technical literacy is even more important now than ever!
youtu.be/g5IRn0OzzU4?si=EjUgEw…
In a time when the sentence "junior developers will be replaced by AI" is heard multiple times a day, does it make sense learning how to code?Yes, now more t...YouTube
is an open carry state now.
Sensitive content
I brought a 3.5” floppy disk into my lab. One of my interns said “oh cool, you 3D printed the save icon!”
I spontaneously broke my hip.
reshared this
U.S. distillers complain Canadian provinces favouring local alcohol
ctvnews.ca/toronto/politics/qu…
LOL. You elected your leader. Complain to him.
A group of U.S. alcohol producers claims Canadian retailers are giving unfair advantage to local spirits, including what it calls “discriminatory” markups in Nova Scotia and other provinces.The Canadian Press (CTVNews)
Sensitive content
Going to Costco.
‘Can we get the multi pound bag of pecans?’
‘Yes, Pecan.’
Is there a tool that will either
- let me run a script over files in a directory tree in parallel
- re-encode a directory tree of music files in parallel
while being robust about interruptions (don't have to restart if I interrupt it and run it again), etc.
I'd rather not write this even though it would be a good little exercise.
(I need to recompress my music collection, for my car's stereo, and it needs Very Particular metadata.)
@gnomon I'll need mp3 and was thinking of batching all tracks in an album, which kinda matches my laptop's number of cores.
I need to experiment a bit with the stereo first; it doesn't pick up the track number field, so if it just sorts an album's tracks in alphabetical order I'll need to tell ffmpeg or whatever to output track numbers as part of the track name.
(everything is in flac; I need mp3 smaller than the bitrate I used initially, or music won't fit in an USB stick)
Nos interesaba especialmente una bacteria que no produjera tantas sustancias tóxicas: Liliana Pardo López y Nallely Magaña MontielUNAM (La Crónica de Hoy)
We are receiving reports that Google flags our repo as "having dangerous apps" or being a "dangerous site" – texts being very vague, no proof given (nor did they inform us). They also link to a page they call "Transparency Report" – which is of the same vagueness, but definitely not transparent (transparencyreport.google.com/…)
We're not aware of any such dangerous content. All apps on our repo are properly scanned, see izzyondroid.org/about/security…
@dalias Not sure it works that way here in Europe. But if there's a lawyer around who wants to pick this up that way, they're welcome.
We'd also welcome a fix and public apology from Google here, in a way making that lawyer "unneeded". Giving the missing details would be a start, I'd say. We're not exactly "bored" here, that we'd need a fight to have something to do…
@dalias I mean, imagine a big news portal claiming Google Play had been hacked, and "attackers currently on that site" would install dangerous apps, etc. pp. The fact alone to claim there are "attackers on the site"!
To me, this looks like scare mongering. I didn't expect they'd consider us such a dangerous competition, to need such actions…
Taky jsem si prosel cele vlakno a v tom kontextu ta zprava nema zadnou relevanci. Je to jenom xenofobni vykrik 🤷♂️
A ten CoC Rustu mi prijde dulezity a dobre napsany. V soucasnem svete toxickych IT diskuzi (viz treba kauza Hyprland) chrani dobre nastavena pravidla vsechny zucastnene a ten OSS se muze posouvat dopredu.
we named our security company after the loser who lost because of his bad security
techcrunch.com/2025/12/28/from…
Sauron is appearing on the scene as concerns rise about crime among the most wealthy.Connie Loizos (TechCrunch)
Spricht eigentlich irgendwas gegen #Delta Chat? Ich mein, #Signal ist toll, aber Meredith Whittaker hat bereits angekündigt, dass sie sich aus Europa zurückziehen werden, sollte die #Chatkontrolle kommen.Antifa Style
moment in history where everything comes together perfectlyEU to build no-fee payments service like Visa/Mastercard and Apple/Google Pay L: https://www.independent.ie/business/digital-euro-what-it-is-and-how-we-will-use-the-new-form-of-cash/a165973061.html C: https://news.ycombinator.Hacker News (Mastodon 🐘)
this is a serious question, in case anyone has specific knowledge[1]: how come 20% of Apple device updates (most egregiously the Apple Watch) are getting to "100%" and 80% of the update is "Preparing…" with no percentage
[1]: NOT GUESSES PLEASE DON'T GUESS I ALREADY HAVE QUITE A BIT OF KNOWLEDGE ON THE TOPIC THAT WOULD ALLOW ME TO GUESS MYSELF. ONCE AGAIN NO GUESSES PLEASE
I am attempting to create a jail acting as a specialized proxy with access to multiple host vlan interfaces. The existing host config is: cloned_interfaces="lagg0 vlan0 vlan1 vlan2 lo1" ifconfig_la...grumpybozo (GitHub)
yeah and there are still some bugs lurking from many many years ago that are only resolved with a VNET jail, IIRC. I reported this one in 2012 lol
Matt Blaze
in reply to Matt Blaze • • •Unexpectedly, my paper got some press attention. @jswatz_tx found it and wrote a short piece in the NY Times.
And then locksmiths freaked out. I mean completely lost it. They were very upset, not so much that a very common lock design had a basic security flaw, but that an "outsider" found it and had the poor moral character to make it public.
I started getting weird death threats. They doxed me ("let's see what kind of lock the bastard has on HIS house")
2/
Matt Blaze
in reply to Matt Blaze • • •A trade publication called The National Locksmith ran monthly guest editorials in which prominent members of that profession were invited to denounce me. My favorite quote, from a locksmith named Billy Edwards, who had written a book on master keying, and who took my paper rather personally.
3/
Matt Blaze
in reply to Matt Blaze • • •I should point out that master keying was about a century old at the time, and while the mechanical details weren't secret, locksmiths tended to regard the inner workings of locks as "restricted knowledge", rather like a medieval trade guild. I didn't understand this.
What took me by surprise was how different the physical security wold's attitude was compared with that of my community, where the ethics of discussion of vulnerabilities has long been essentially settled in favor of openness.
4/
Matt Blaze
in reply to Matt Blaze • • •Essentially, their argument was that this would be a huge pain and expense to fix, and so we are all better off just keeping it on the down low. And that kind of worked, for about a hundred years, until more open communities - like computer security research - started looking seriously at locks (as both metaphors and as interesting mechanisms in their own right).
I see their point, even if I personally reject it. But in the age of the Internet, you just can't keep this kind of stuff secret.
5/
Matt Blaze
in reply to Matt Blaze • • •Anyway, my intent in looking at locks and publishing my paper wasn't to disrupt the lock industry. I believed, as I still do, that mechanical locks and physical security have quite a bit to teach computing, but also that the abstract techniques of cryptography and computer security can illuminate weaknesses that are hard to see when looking at systems in strictly mechanical terms.
My attack is intuitive and obvious to cryptographers, but rather subtle without our field's tools.
6/
Matt Blaze
in reply to Matt Blaze • • •I never did reach a truce with the locksmiths. A couple years later, I met Billy Edwards, the author of that editorial denouncing me, at a trade show, and when he learned who I was he refused to shake my hand and asked me to leave him alone.
I wish he had seen things differently, but I can respect that he was coming from a place of genuine concern, even if I think his approach was wrong.
To this day, I worry that I'm pretty screwed if I get locked out of my house.
7/7
Matt Blaze
in reply to Matt Blaze • • •NB: While I never intended to piss off locksmiths with my master keying paper, I did write a followup a couple years later about safes and safecracking, partly out of spite.
mattblaze.org/papers/safelocks…
TL;dr: We can learn a lot from safes and safe locks, and the frameworks of cryptography and computer security are applicable there, too. The fact that our learning about this subject makes people in that industry upset is just a bonus.
Matt Blaze
in reply to Matt Blaze • • •Matt Blaze
in reply to Matt Blaze • • •It occurs to me that people outside the security field might find it odd that we openly publish stuff like this. Why help people who might use the knowledge to do bad things?
There are a number of reasons. The first is that only through open discussion are we able to identify and fix problems. Another, which is what motivated my work, is educational: you can't learn to defend systems unless you understand how they are attacked.
Matt Blaze
in reply to Matt Blaze • • •