For a lot of years I was in the habit of criticizing cryptography designs that used asymmetric constructions because RSA is much more complicated and hard to get right than symmetric crypto. But the real problem is that it's against the law to authenticate an RSA key.

Seriously, every paper with Backendal as an author is a banger

"presenting a cornucopia of practical attacks". These are my favorite words ever to have occurred in a cryptography paper.

I think even calling it Chess is being charitable; many days I think it's closer to the board game Concentration.

Of all the possible LLM applications to be skeptical about, vulnerability research seems like it has to be the dumbest. Of course it works. If you think it can't, I'll assume you've never once billed an hour looking for vulnerabilities.

JAMC sounds absolutely nothing like Echo & The Bunnymen. That is all.

Peak vertical video food content. I am officially wearing an onion around my belt. It is the fashion of my time.

Just recorded the premiere episode of Season VIII of Security Cryptography & W/evs, this time with Alex Gaynor and Paul Kehrer, who have a momentous announcement about pyca/cryptography and OpenSSL.

This is a perfect piece of technical writing. alexharri.com/blog/ascii-r...

Quick reminder that ChiSec is tonight, it's at Kaiser Tiger now (on Ogden in West Loop), starts at 7PM, no RSVPs just show up, I'll probably make it by around 8PM.

I wrote a thing. fly.io/blog/design-...

Final SCW of 2025! We had Matt Bernhard on to talk about cryptographic voting systems, in the wake of the IACR election. (Everybody I voted for in the new election won! Woo!)

Rust people should be embarrassed by the people trying to argue that Rust is the only truly memory-safe mainstream language. Far and away the cringiest RESF trope.

They should use Vince Guaraldi's instrumenal Joe Cool diagnostically. If you can hear it and not at some point grin, something's clearly wrong.

Quick reminder that ChiSec is tonight at 7PM. It's at Kaiser Tiger, at Randolph and Ogden (just down the street from where Twisted Spoke was).

No he didn't. He said other bad shit, which isn't reported here because it's not as exciting as the made-up shit. Shun accounts that do this.

Three dumb ideas that recur constantly in discussions among nerds about intelligence: (1) IQ tests are illegal in hiring. (2) There exist national average IQ numbers. (3) Intelligence research is suppressed.

I wrote a thing, about a project you should knock out when you get 45 minutes free. fly.io/blog/everyon...

@oakparknerd.bsky.social Mask off for Stopeck, I guess.

Have you moved to the district yet?

Simon calls out this Dan Abramov comment about how ATproto is qualitatively different from ActivityPub. Maybe he's right. But I look at ActivityPub/Mastodon as a midpoint between blog/RSS and Twitter, and I don't remember the blogosphere being ineffective. simonwillison.net/2025/Sep/27/...

New Neko is fine. Good. The music has gotten more interesting. This is better than the last album with all the cigarettes on it. Still not clear how you can ever outdo Fox Confessor.

Called this. www.galois.com/articles/cla...

Good Morning Spider is an underrated album.

New frontiers in carnitas-making. Today: took the fat cap/skin off in a whole sheet, sliced that into big cubes, rendered it for a couple hours, tried not to eat all of that, then browned the shoulder in the fat, cubed up, threw the skin in, and braised it off. I've been doing the fat cap all wrong!

What the FUCK, Microsoft?

Current status at Apple SEAR: www.youtube.com/watch?v=1GJS...

I am unreasonably excited about this. go.dev/blog/jsonv2-...

My basic thing is if you're going to write a whole big splashy blog post about how a piece of anti-surveillance tech has a vulnerability in it, you should first be sure it has that vulnerability in it. It'll look pretty grim if you write the piece and it doesn't.

ANSI art is back, baby. simonwillison.net/2025/Sep/2/r...

I don't get what Ken White thinks he stands to gain by wading into these social media slapfights between progressives and liberals. Lakshya Jain's first couple polls for The Argument haven't impressed me, but he's not a comic book villain. The people who think he is hate Ken and everything believes.

Somewhere on Kyle Kingsbury's site there's a link to a "What are birds?" video (it is what it sounds like) and I always assumed it was just a meme everyone knew but the Internet does not know about this meme and it lives permanently in my brain and I'm constantly having to go find it on his site.

Champaign-Urbana, Illinois: heart of the Prairie Demoscene.

Changed my mind, back to hating AI.

ohhhhh boy queue.acm.org/detail.cfm?i...

It is weird that I feel like I've never read this take before. andre.arko.net/2025/06/30/y...

Ed... can I call you Ed? If you want to write a piece about "how to argue with an AI booster", one good reportorial step you might take would be to actually *have an argument with an AI booster*. I'm available, but so are other people who have done things more recently than 2 months ago.

He's like Steve Buscemi's P.I. character in 30 Rock. How do you take this seriously? There are plenty of LLM skeptics who actually code professionally. Why source your skepticism here?

Marking this now as a contender for the funniest subhed of 2025.

Quick reminder for Chicago nerds that Chisec is tonight, the last one we're having at Twisted Spoke (Ogden/Grand), because Spoke is closing --- 7PM. No RSVP or anything, just show up. It's nice out, we'll probably be on the roof.

Chicago nerds: Chisec is tomorrow, at Twisted Spoke on Ogden/Grand at 7PM-ish. It's the last-ever Spoke Chisec, since Spoke is... ☠️closing☠️. (Erin will find someplace else to hold it in September).

The DARPA AIxCC results are in. Team Atlanta (GATech, KAIST) takes #1, followed by Trail, followed by Theori. Here's Trail's system, open sourced: blog.trailofbits.com/2025/08/08/b...

TIL: once tomatoes show color near the blossom end, the plant has stopped sending them nutrients; in blinded tests, nobody can tell the difference if they ripen on the vine vs. on the plant. DENY THE SQUIRRELS YOUR TOMATOES.

I didn't know we got to brand our dotfiles. I call this segment of my .zshrc TESSARACTUS: (omarchy.org)

this is why I poach fish in liquid osmium

What? No.

Local butcher shop now doing really good rillettes, so time for a sandwich smackdown: the BLT vs. the RLT.

We have a family of Coopers Hawks (4 of them, by my count) in the tree outside my house, presumably picking off 28 starlings and mice a week, and my update for all of you is that they sound real goofy, like angry chickens, nothing at all like movie hawks.

Comments like this are why I will never quit HN. We need cryptocurrency because bank fees are so high because every time you do a conventional bank transfer a truck has to take your money from one bank to another bank. So beautiful my heart is breaking. news.ycombinator.com/item?id=4471...

This is pretty neat. I think they're right, there is a weird discontinuity in tooling and ergonomics for eBPF stuff (bcc, thankfully in the rear-view now, pretty good evidence for that). github.com/multikernel/...