@tecnik.bsky.social
Security @ google | kiwi | New Yorker
The economics of buy vs build sure are going to start getting warped as the ability of coding agents hits orbit
15.01.2026 19:07 β π 2 π 0 π¬ 0 π 0
Strong start to 2026
01.01.2026 21:18 β π 1 π 0 π¬ 0 π 0The βAI as a junior engineerβ maps well to building agents. Via prompts (hereβs what to consider) and sub-agents (the key phases/modes of thinking we will be in) I feel like Iβm teaching TAOSSA to a newly joined security engineer
23.12.2025 17:08 β π 0 π 0 π¬ 0 π 0Iβm delightfully surprised how well 99% of people behave at 4-way stop signs.
Iβm interested in what drives this behavior in contrast to most situations where self-interest rules
If you were in favor of providing law enforcement access routes into your encrypted data during the Biden administration, have you changed your mind?
I'm curious how the "This will only be used with due process and legal authority" perspective is holding up in the era of DOGE.
My first car was $100 and I canβt stop comparing things to how many 1985 corollas it costs. I should probably at least update it for inflation to be intellectually honest.
04.02.2025 23:43 β π 0 π 0 π¬ 0 π 0
Wanna see what 200GB of raw footage makes around here?
youtu.be/S9EWITrwcqU
I got Linux running in a PDF file using a RISC-V emulator.
PDFs support Javascript, so Emscripten is used to compile the TinyEMU emulator to asm.js, which runs in the PDF. It boots in about 30 seconds and emulates a riscv32 buildroot system.
linux.doompdf.dev/linux.pdf
github.com/ading2210/li...
Also paying $150 and saying it canβt be disclosed until patched, which takes 9 months. Basically paying to keep mouth shut about exploitable bug.
16.01.2025 17:57 β π 0 π 0 π¬ 0 π 0As someone who's on both sides of this one, it's a no-brainer: Disclose and then the clock starts. Threat actors aren't bound by NDAs or 3rd party intermediaries and neither are security researchers. Coordinated disclosure is in every company's interest, but if they refuse, that's on them.
15.01.2025 22:00 β π 21 π 11 π¬ 1 π 1(please re-post for reach - thank you!)
Learned a cool new Linux trick? Know an interesting quirk in a network protocol? Or have something else to share?
Write a 1-page article for the #6 issue of Paged Out! :)
pagedout.institute?page=cfp.php
Soft deadline is Feb 1st.
Itβs truly phenomenal and inspiring what was achieved by skunkworks - I assumed the 1980s was a freewheeling Wild West lacking regulation and rules.
Certainly does a rug pull on notions of βI could do .. if only ..β
Ben Rich in his book on skunkworks & the F117a: ~the unions wouldβve killed us if they found out we wouldnβt hire bearded men. But osha demanded clean shaved faces due to safety concerns with the materials we used
This post by Haroon sent me down a rabbit hole: blog.thinkst.com/2019/02/when...
Give them a 10gb CSV of system logs and tell them to find the most likely series of events that indicates a compromise.
Itβll take 25 seconds to realize they need to code.
Zero trust is coarse grained, so itβs not an end goal but rather step 1. Step 2 is extending the model to do fully context-aware fine grained (object-level) access. Step 3 isnβt clear, but will be once weβre seeing attacks against step 2.
23.11.2024 16:21 β π 0 π 0 π¬ 0 π 0Iβm pretty sure Iβm young and hip but also pretty sure a lot of security people donβt remember wardriving with PCMCIA cards and debugging bad drivers in a moving car
22.11.2024 22:33 β π 0 π 0 π¬ 0 π 0Wardriving over IP
22.11.2024 22:30 β π 0 π 0 π¬ 0 π 0Now, even microblogging platforms will be a partisan choice!
I foresee no problems whatsoever that this could cause to the fabric of society and our understanding of one another.
