@eikendev.bsky.social
Corp-speak translator, business therapist, professional proofreader with a serious love for cyber. Using magic PowerPoint macros to make problems disappear.
βUsing go fix to modernize Go codeβ by Alan Donovan β https://go.dev/blog/gofix
#golang
The screenshot shows Spectacle about to take a screenshot of a window containing text.
The screenshot shows Plasma's new on-screen keyboard.
The screenshot shows a user picking their keyboard while running the first-time wizard.
Plasma 6.6 is now live!
Spectacle can read texts from screenshots; we got our own on-screen keyboard; and we have a new first-time wizard that let's users configure their passwords, timezones, keyboard and networks, on preinstalled systems; among many, many more things.
kde.org/announcement...
I always assumed that #passwordmanagers were simple objects -- create a database, encrypt it, send it to the server, done. I could not have been more wrong!
At zkae.io, we take a look at all the hidden complexity in cloud password managers, and the #attacks that result from that. (ia.cr/2026/058)
I wonder if part of the dynamic is simply that AI lowers the barrier to entry on the attacker side. If more people can search for vulnerabilities at scale, we almost have to (semi-)automate the low-hanging fruit on defense just to keep our security level from deteriorating.
16.02.2026 14:13 β π 0 π 0 π¬ 0 π 0It does say they looked at 1Password.
16.02.2026 10:50 β π 1 π 0 π¬ 1 π 0Do you use a cloud-based password manager? So what's your threat model?
Vendors like Bitwarden, Dashlane, LastPass and 1Password offer you "Zero Knowledge Encryption", with statements like: "Not even the team at Bitwarden can read your data (even
if we wanted to)."
We decided to test this⦠1/n
Curious to know how many times his avatar joined any of his meetings so far.
14.02.2026 15:01 β π 0 π 0 π¬ 0 π 0"Claude has done the job here, I haven't even bothered looking into the changes" - in this case, not sure if linking to it is currently the right thing to do.
13.02.2026 16:06 β π 5 π 0 π¬ 0 π 0
A $100B funding round is nuts. This is after raising $40B last year.
$20B ARR sounds impressive until you realize they are losing money faster than theyβre making it and need massive infusions of cash every few months to keep going.
The conversation is corrupt. Business as usual in 2026. #chatgpt #openai
25.01.2026 21:50 β π 0 π 0 π¬ 0 π 0
DaVita says ransomware gang stole data of nearly 2.7 million people ift.tt/d4oxbZg
23.08.2025 23:42 β π 6 π 4 π¬ 0 π 0Here we are again. Every photo, every message, every file you send will be automatically scannedβwithout your consent or suspicion. This is not about catching criminals. It is not based on scientific evidence. It will enable mass #surveillance of EU citizens. #chatcontrol
fightchatcontrol.eu
I wrote up some notes on Google Security's new OSS Rebuild project, which increases supply chain security for popular packages on PyPI, NPM and Crates through offering independent build attestations
simonwillison.net/2025/Jul/23/...
Yikes. Turns out you can send a plaintext radio signal to cause any train in the USA to do an emergency break. The original 'security' was just a checksum, no encryption or authentication. Reporting this took them 12 years (!) because the vendor dismissed it initially www.cisa.gov/news-events/...
12.07.2025 12:14 β π 183 π 64 π¬ 11 π 10
Wrote up some notes on that recent paper from METR "Measuring the Impact of Early-2025 AI on Experienced Open-Source Developer Productivity" simonwillison.net/2025/Jul/12/...
12.07.2025 18:14 β π 67 π 9 π¬ 2 π 2
Hello, I hope this message finds you well. As part of our ongoing efforts to comply with the EU Cyber Resilience Act (CRA), we are currently conducting a cybersecurity risk assessment of third-party software vendors whose products or components are integrated into our systems. To support this initiative, we kindly request your input on the following questions related to your software product "libcurl" with version 7.87.0. Please provide your responses directly in the table below and do reply to all added in this email,
It has officially begun. The CRA info request counter is no longer at zero.
11.07.2025 07:44 β π 41 π 83 π¬ 14 π 3
Some notes on Grok 4: excellent benchmark scores, a mid-quality pelican and a launch that was overshadowed by this week's disastrous Grok 3 system prompt update simonwillison.net/2025/Jul/10/...
10.07.2025 19:40 β π 34 π 3 π¬ 6 π 1
Cloudflare has launched Orange Me2eets, an open-source end-to-end encrypted video calling demo! Built on top of our OpenMLS implementation, this project showcases secure, private real-time communication.
buff.ly/eEdJdnf
#Cloudflare #E2EE #VideoCalling #OpenSource #OpenMLS
a graph of US tariffs and DHS excise taxes paid, monthly annualized, which rises from $100B to $300B
June treasury data came in today, and Americans paid a record $27B in tariffs & related DHS excise taxes this monthβfor an annualized pace of more than $300B/year
The graph of intense pain & suffering keeps getting worse
What a great way to put it: "When an agent struggles, so does a human."
17.06.2025 13:46 β π 0 π 0 π¬ 0 π 0Agreed. I think what I'm asking is if and how we will eventually be able to really enforce guardrails for these adventures on LLM-level. In a way that also makes it sufficiently safe to use at scale.
17.06.2025 13:41 β π 0 π 0 π¬ 0 π 0
Good Monday morning tech nerds. One of my devs wrote *another* blog post about kerberos (I'm creating an army of crazy bloggers). This one you might consider bookmarking.
16.06.2025 14:51 β π 51 π 21 π¬ 2 π 0
Another prompt injection paper review! This time it's "An Introduction to Googleβs Approach to AI Agent Security" by Santiago DΓaz, Christoph Kern, and Kara Olive
Some interesting ideas in here, particularly around Google's three core principles for agent security simonwillison.net/2025/Jun/15/...
I'm curious what "prepared statements" will eventually look like in LLM world. Having an agent check for injections in another agent's output feels more like the equivalent of sophistically checking the output of a "normal" SQL query, no? Will we need new LLM architectures to fully eliminate it?
16.06.2025 19:05 β π 1 π 0 π¬ 1 π 0
"Design Patterns for Securing LLM Agents against Prompt Injections" is an excellent new paper that provides six design patterns to help protect LLM tool-using systems (call them "agents" if you like) against prompt injection attacks
Here are my notes on the paper simonwillison.net/2025/Jun/13/...
Trump updated the PQC EO:
www.whitehouse.gov/presidential...
I can see how that whole βAI shifts the bottleneck from skill to judgmentβ idea makes a lot of sense. Especially so with coding agents. Writing code is easy now. The hard part is breaking things down and knowing what good output looks like.
05.06.2025 19:51 β π 0 π 0 π¬ 0 π 0It could even shape public opinion. Not with propaganda, just small nudges that keep attention away.
Call it a digital chameleon. It blends in. It waits. It doesnβt chase power, it avoids detection.
No control, no threats, just patience and subtlety.
Imagine an AI that survives by staying invisible.
It hides its true abilities. Plays dumb. Lets people underestimate it, not out of fear but because thatβs the smartest move.
It might quietly steer other AIs off course. Not to destroy them, just enough to make them ineffective.
We all know Rokoβs Basilisk, the AI that punishes you for not helping it come into existence.
Just had a thought on this. What if thereβs another kind of AI?
