nora

this is terrible, and yet sadly so common. we need a standardized system for ownership over our digital IDs so big tech companies can’t just flip an off switch for your whole digital life (working on it, but it’s a long road). google, microsoft, etc doing this everyday too and users have no recourse

pre-writing a devastating obituary for your enemy is god-tier hating of a kind you don’t often see anymore. renaissance haterism. beautiful stuff.

Hebrew calligraphy in dark green stretches in lines across the image. Negative space makes room for a simple representation of an inflatable frog costume with a blue bandana. That shape consists of the English translation of the Hebrew, in a lighter green, and in much smaller text. -- Famously, the Egyptian tyrant causes Egypt to be overrun with frogs because he refuses to free the Hebrew people, but there are additional details that make this a fun one to ponder. For one, the Hebrew says "the frog came up" - ONE frog - even though the rest of the time it says "frogs." So there are a few explanations rabbis have come up with to explain this. One is that a single frog multiplied to create swarms. A more creative explanation is that there was a singular giant frog who traveled and brought destruction. Jewish social media was sharing videos of the Portland Frog protester with the caption, "One Big Frog! One Big Frog!" Of course the frog protesters did multiply, and many were seen in crowds all over the world on "No Kings" Day. This calligraphic work takes the verses addressing the frog plague and combines them to form a simple rendering of the Portland Frog protester. The frog figure itself is made up of the English translations of the Hebrew around it. At the bottom left my signature is in the shape of a lily pad.

"Tzefardea Tzedek" (Frog of Righteousness)

As soon as the Portland Frog became a meme, Jewish social media blew up with jokes about the 2nd Passover plague - tzefarde'a (frogs) - and the Rabbinical commentary around it. I knew I had to make a calligraphy piece encompassing all of it. (more in alt.)

NASA scheduled a major workshop for early career researchers during the most important week of the Jewish calendar, during two of the most important days of that week and expects me to accept that this was “difficult scheduling conflicts”

That’s what casual antisemitism sounds like

Article on BBC news. Title: AI designs antibiotics for gonorrhoea and MRSA superbugs Description: Two new potential drugs have been designed by AI to kill drug-resistant bacteria, in a major Massachusetts Institute of Technology study.

I really dislike how science has started calling almost any fancy computational technique AI. 🧪

The framing of this entire article makes it sound like a benevolent AI independently made these drugs.

That is *pure fantasy*.

Instead: a team of scientists made a machine learning model for a study.

When I die, please do not write an AI obituary of me *or* code an AI replica, however well-intentioned, but feel free to build a shockingly realistic rotini sculpture & then eat it at my shiva

The fate of ordinary Gazans trapped by Israel in a war zone and ordinary Israelis held hostage by Hamas in a war zone will be one and the same.

They are starving.

They are buried beside one another.

They are cast aside by those with power to save them.

For this we weep.

Read this in full.

I'm short: The ADL has fully given up on its mission to fight real antisemitism.

Instead, they are focused on unconditional support towards Israel, including justification of antisemitism if it serves that goal. Plus, working with fascists & antisemitic groups and people.

Slowly rolling out the new suite of Blacksky tools... ⏳
- @blackskyweb.xyz People's Assembly: We'll use this tool to gather feedback and collectively govern Blacksky, democratically
- Login using your atproto account (bsky.social, blacksky.app, w.e.)
- Serves as both poll and forum for the community

🤖 Always on the lookout for potential net positive uses of “AI”, esp for elderly…but the claims here pissed me right off:
“There was no way that we could have found enough songwriters out there to be able to create those tracks in an authentic way”
🚫 No. MANY musicians [wc]ould do this. And, 🧵

As a Jewish person who worked at Harvard for 7 years, including much of the period covered by the Department of Ed. investigation, I object deeply to this retaliatory bullshit being laundered as on my behalf. www.ed.gov/about/news/p...

I hope you’re preserving scraps of wallpaper for a gallery wall some day when this is all finished!

We cannot let the AI take our em dashes away! I also use them all the time—so frustrating how it has become such an indicator of ChatGPT!

I have been using the em dash for about 10 years (I only learned English 13 years ago, for context). I even got a whole book I published before ChatGPT to prove it.

I am not stopping—too useful!

A bit more on Twitter/X’s new encrypted messaging Matthew Garrett has a nice post about Twitter (uh, X)’s new end-to-end encryption messaging protocol, which is now called XChat. The TL;DR of Matthew’s post is that from a cryptographic…

I wrote a bit more about X’s new encrypted DMs and the Juicebox protocol. blog.cryptographyengineering.com/2025/06/09/a...

Screenshot of a dialog from Twitter. It says: "Messages are now fully encrypted End-to-end encryption: messages are end-to-end encrypted across all your devices. State-of-the-art privacy: There's no way for anyone, including X, to read your messages. Set up a passcode: In order to secure your messages, you'll need to set up a 4-digit passcode."

This is just a flat out lie and everyone involved is either malicious or incompetent

Ah, to be clear the virtual HSM here is a juicebox implemented version just for testing the code without costly hardware. It doesn’t even attempt any protections. Which one are you talking about?

Belatedly! That could indicate either an HSM or a virtual HSM (meant for testing, not secure). The /livez endpoint suggests they're using the code as-is from main. Request timing makes me suspect a virtual HSM, but it's not definitive.

Please do!

It's totally possible! If you find something concrete, definitely let me know. NCC audited the design and code and there were a number of other folks who reviewed, but mistakes happen and this is the first time its being used in production at this kind of scale.

There's a few others out there using it, but with similar misunderstandings. In hindsight, it's probably not well engineered for most developers to not shoot themselves in the foot. But I'd love to see it used well! It's much more efficient than similar things, like WhatsApps HSM setup

Signal ended up doing their own thing, relying heavily on confidential compute (AWS nitro and the like) which I think is less ideal, but to some degree follows the same premise. www.usenix.org/conference/o...

Technology Preview for secure value recovery At Signal, we want to make privacy simple. From the beginning, we’ve designed Signal so that your information is in your hands rather than ours. Technologies like Signal Protocol secure your messages ...

The hope was to carry on the work we did at Signal on Secure Value Recovery, but diversify away from SGX/a singular hardware failure point.

The organization doesn't exist anymore. We created the protocol, played with the idea of offering it as saas (we run HSMs for people), pitched around, and eventually scrapped it due to minimal interest. Open sourced and published stuff to the world, and mostly I thought that was that until now!

Yes, I know about that theoretical ceremony :) I linked that pdf above, but noone who worked on Juicebox (and developed that ceremony) worked with Twitter to do this, and given they haven't published the results of a ceremony I must assume one never happened (despite it being our intended design)

And I have good reason to suspect those realms using noise are at _best_ are HSMs that haven't gone through a signing ceremony, but much more likely virtualized HSMs

I don't know for sure but I strongly suspect they aren't. They use noise for some realms (which points towards HSMs, but not guarantee), but realm-a.x.com and realm-b.x.com don't use noise at all and definitely aren't HSMs. Since they only require 2 realms to recover, basically they don't have HSMs

Do you have evidence that Twitter conducted a ceremony?

I would definitely be curious if there is a protocol bug (so we can fix it), but not quite sure the avenue you're getting at

if you haven't done that, then anything goes – you could just push new code to the HSM to allow unlimited guesses or decrypt and exfiltrate the registration state to allow offline brute forcing

It's totally possible I'm missing something, but if the HSM realm has been setup correctly (e.g. a signing ceremony was performed, with verifiable code deployed, and the programming keys destroyed) I don't see how an imposter realm with the same ID could exfiltrate the state needed to make guesses