Ring Glitch ℍ⊗ℌ

Kinda neat, but why in the hell did they not put name of the chip into abstract, it's short.

Statewatch | Behind closed doors: Europol’s opaque relations with AI companies As part of its research into the expanding—and largely unchecked—use of AI by EU security agencies, Statewatch delves into largely uncharted territory: Europol’s links with the private sector. A surve...

www.statewatch.org/analyses/202...

Every time I see physical attacks on TEEs, I wish someone would put out a position paper on @hdevalence.bsky.social 's "guy with a glock" model
x.com/hdevalence/s...

Government style ad in watercolour. Image of a burglar stealing a painting from the wall of a home. Tagline: "It's not theft... if you say you're using it to train your AI algorithm". Body text: "Theft is now legal, so we can boost the economy by eliminating jobs. If that doesn't make any sense, ask a chatbot to explain it to you." HM government logo in the corner.

Did a new one

You're right but it itches me to finally start the Wireshark fork for Apple Continuity protocol I had sitting around with the nRF52840 DK and dongle sniffers. So let's find it.

Yes blaming Flipper Zeros is on par with blaming literally any random electronics, you can build lot of it yourself.

Proxmark3 existed for 15? years and nobody really blinked since without Blueshark it's not that portable and harder to understand while also waaaaaaaaaaaaay more powerful.

Movement captured by ESP32s

Exploring tracking persons via Wifi which is apparently not so uncommon now. With 2 ESP32 you can get person/movement tracking (ideal to change antennas though).

Responds to movement. Results heavily affected by Wifis around, needs more configuration.

When cheching file checksum/signature, readi is fast converting at 800-1000 MB.s, minimum of the reading 1 TB data | sha256 or signature check.

Adding Reed-Solomon checks that can on 500 MB blocks fix N errors is not hard but the app reads maybe more than it should

Apparently other USB SSDs (even physically larger with better thermal dissipation suffer from such slowdowns).

So I got ~1 kg copper heatsink from scrap, bought thermal-conducting adhesive pad just to try out how much it could cool down (because if 55°C is on outside, inside could be maybe 80°C).

Well the experiment worked, got down the temperature to 30-40 °C, the slowdown is also lesser, around ~330 MB/s.

Needed something faster than classic USB3 HDD, bought Kindstion 2 TB SSD, found out that the 1 TB serial write backup takes 3h35 min on HDD, 1h44 min on SSD.

Because they slow dowwn heat up ater writing more than ~200 GB slow down 10x (mesured pure write operations)

So...coolinh maybe?

Do you have some link summing up Canadian perspective? Ideally sum up and link to actual text, but first would be enough.

I know EU and US perspective (also how local laws give zero fuck about EU if they want), never heard Canadian yet.

So ChatControl going on 6th time after saying 5 times "no", ProtectEU, both to break encryption legally (math...can't really).

Then there was the eIDAS voting in EU where text was secret which was illegal, but who you gonna sue? Age verification in eIDAS "ZKP should be" but not would be really.

Analysis | Google says U.K. hasn’t demanded ‘back door’ to users’ private data Lawmaker’s letter suggests Apple might not be the only company the British government asked for special access to users’ private data.

So this story is confusing because Google initially said some things that make no sense and is now saying different things. www.washingtonpost.com/politics/202...

Yeah, I knew instantly that the paper would be great with his amusing sense ripping into flesh.

Just now I realize I haven't heard from him for a long time, since some mailinglist and such went silent.

Replication of Quantum Factorisation Records with an 8-bit Home Computer, an Abacus, and a Dog This paper presents implementations that match and, where possible, exceed current quantum factorisation records using a VIC-20 8-bit home computer from 1981, an abacus, and a dog. We hope that this ...

One of my students sent me the latest quantum factorization record, and I have to admit: I’m shook. eprint.iacr.org/2025/1237

Commission presents Roadmap for effective and lawful access to data for law enforcement The European Commission presented today a Roadmap setting out the way forward to ensure law enforcement authorities in the EU have effective and lawful access to data.

Well, this horrible idea refuses to die so we should refuse to let it pass and start organizing again.

ec.europa.eu/commission/p...

So I figured I’d quickly write up a little section called “how to hash a message to an integer in the range 0…N-1” because I needed it for something else.

Five hours, three FIPS docs, four reviews of production signature implementations (some vulnerable to DoS) later here’s the output.

I am wildly skipping around to different sections today, because every time I write something I realize I’m missing five background sections. Here’s one of those.

I know this is a couple of days out of date, but I love it anyway.

EXCLUSIVE: Encryption on the menu at EU Justice Ministers debate - Euractiv "Balancing" law enforcement access to digital communications with privacy rights will be discussed at Thursday's Council meeting.

Somehow whenever “encryption is on the menu” in Europe it’s always something about how we’re going to smash encryption, not some new tech product that’s going to make Europeans independent from US tech companies. www.euractiv.com/section/tech...

Guardian headline saying, "‘It’s terrifying’: WhatsApp AI helper mistakenly shares user’s number Chatbot tries to change subject after serving up unrelated user’s mobile to man asking for rail firm helpline"

'Meredith,' some guys ask, 'why won't you shove AI into Signal?'

Because we love privacy, and we love you, and this shit is predictable and unacceptable. Use Signal ❤️

Repeated Public/Private Keypairs It was discovered that the flashing procedure of several hardware vendors was resulting in duplicated public/private keys. Additionally, while triaging this issue, it was discovered that the Meshta...

github.com/meshtastic/f... @bmann.ca was shared this by the v cool Thomas Balthazar heads up for meshtastic folks!

Real problem with C compilers is that they really to this day do not have a way to say "I really want this code here, do not optimize out".

"volatile" helps, unless compiler thinks code is unreachable (glitch protection), __attribute__((optimize()) is specific and not that helpful with nested calls

📣 89 organizations and experts have united to send a strong message to the EU regarding its new Internal Security Strategy. We're deeply concerned about its plans for encryption and the future of digital security in Europe. www.globalencryption.org/2025/05/join...

You can also relay traffic with a cheap nRF52840 + BladeRF with BTLE. E.g. with BLE locks that just need proximity and no user interaction. 1 guy near lock, 1 near victim, add logperioidic antenna for range

Minimum connection interval is 7.5 ms (default around ~30 ms), that's plenty time for relay

I'd laugh few years ago, but not now since I need to work with it.

But every protocol trying to be secure from BLEmishes uses its own encypted tunnel inside BLE.

BLE implementations on devices are so fscked in many ways, you need nRF52840 sniffer to actually check whatever is really trasmitted.

I’m having way too much fun writing about Bluetooth.

I tend to write random IP address like 1.2.3.4 or 1.1.1.1 to be hijacked by the captive portal and it mostly works.

Sometimes captive portal is extra stupid and tries to do redirects with DNS names which unbound does not like and I have to angrily turn it off for a while.