I wrote something: sockpuppet.org/blog/2026/03...

Yeah, so, I'm going to have more to say about this later, but, for now... yeah. securitycryptographywhatever.com/2026/03/25/a...

Extremely psyched about two upcoming SCW guests, one of them this week. We've got very crunch vulnerability research and cryptography stuff coming.

Y'all, I've seen some shit, but I've never seen someone want *both* DNSSEC ceremonies *and* the CA/B Forum before.

Nicholas Carlini at [un]prompted. If you know Carlini, you know this is a startling claim.

None of you are giving me enough credit for not participating on the TLS working group mailing list. You're welcome. Everything I don't do, I don't do it for you.

Annals of things people have actually written down for other people to read: "No one trusts NIST. But people do trust the IETF."

People who hope to apply Daniel Bernstein's rules-lawyering tactics at IETF, which were honed in the DNS WGs (where he was probably in the right), would do well to remember that those tactics have consistently failed. They've merely won him standing to complain about the IETF.

There's only one correct way forward for handling the introduction of MLKEM into TLS, and, indeed, all future tls-wg cryptography debates, and it's this proposal: snkth.com/add-crypto/

Given how i am only a) a beneficiary of air travel (thanks for all the miles so far) b) A non-avionics-expert reader of the EUROCAE WG-128 RTCA/DO-254 drafts c) A spectator usually attending this type of debate with popcorn I hope my comments are useful...

"Auchentoshan" is inarguably the best distillery name.

Very fun: if you have the dictionary of embeddings Semantle uses, solving it is a trivial linear algebra problem: they're giving you the cosine similarity back on every guess, so you can filter out most of the vocabulary on a single guess. victoriaritvo.com/blog/semantl...

For a lot of years I was in the habit of criticizing cryptography designs that used asymmetric constructions because RSA is much more complicated and hard to get right than symmetric crypto. But the real problem is that it's against the law to authenticate an RSA key.

Seriously, every paper with Backendal as an author is a banger

"presenting a cornucopia of practical attacks". These are my favorite words ever to have occurred in a cryptography paper.

I think even calling it Chess is being charitable; many days I think it's closer to the board game Concentration.

Of all the possible LLM applications to be skeptical about, vulnerability research seems like it has to be the dumbest. Of course it works. If you think it can't, I'll assume you've never once billed an hour looking for vulnerabilities.

JAMC sounds absolutely nothing like Echo & The Bunnymen. That is all.

Peak vertical video food content. I am officially wearing an onion around my belt. It is the fashion of my time.

Just recorded the premiere episode of Season VIII of Security Cryptography & W/evs, this time with Alex Gaynor and Paul Kehrer, who have a momentous announcement about pyca/cryptography and OpenSSL.

This is a perfect piece of technical writing. alexharri.com/blog/ascii-r...

Quick reminder that ChiSec is tonight, it's at Kaiser Tiger now (on Ogden in West Loop), starts at 7PM, no RSVPs just show up, I'll probably make it by around 8PM.

I wrote a thing. fly.io/blog/design-...

Final SCW of 2025! We had Matt Bernhard on to talk about cryptographic voting systems, in the wake of the IACR election. (Everybody I voted for in the new election won! Woo!)

Rust people should be embarrassed by the people trying to argue that Rust is the only truly memory-safe mainstream language. Far and away the cringiest RESF trope.

They should use Vince Guaraldi's instrumenal Joe Cool diagnostically. If you can hear it and not at some point grin, something's clearly wrong.

Quick reminder that ChiSec is tonight at 7PM. It's at Kaiser Tiger, at Randolph and Ogden (just down the street from where Twisted Spoke was).

No he didn't. He said other bad shit, which isn't reported here because it's not as exciting as the made-up shit. Shun accounts that do this.

Three dumb ideas that recur constantly in discussions among nerds about intelligence: (1) IQ tests are illegal in hiring. (2) There exist national average IQ numbers. (3) Intelligence research is suppressed.

I wrote a thing, about a project you should knock out when you get 45 minutes free. fly.io/blog/everyon...

@oakparknerd.bsky.social Mask off for Stopeck, I guess.

Have you moved to the district yet?

Simon calls out this Dan Abramov comment about how ATproto is qualitatively different from ActivityPub. Maybe he's right. But I look at ActivityPub/Mastodon as a midpoint between blog/RSS and Twitter, and I don't remember the blogosphere being ineffective. simonwillison.net/2025/Sep/27/...

New Neko is fine. Good. The music has gotten more interesting. This is better than the last album with all the cigarettes on it. Still not clear how you can ever outdo Fox Confessor.

Called this. www.galois.com/articles/cla...

Good Morning Spider is an underrated album.

New frontiers in carnitas-making. Today: took the fat cap/skin off in a whole sheet, sliced that into big cubes, rendered it for a couple hours, tried not to eat all of that, then browned the shoulder in the fat, cubed up, threw the skin in, and braised it off. I've been doing the fat cap all wrong!

What the FUCK, Microsoft?

Current status at Apple SEAR: www.youtube.com/watch?v=1GJS...

I am unreasonably excited about this. go.dev/blog/jsonv2-...

My basic thing is if you're going to write a whole big splashy blog post about how a piece of anti-surveillance tech has a vulnerability in it, you should first be sure it has that vulnerability in it. It'll look pretty grim if you write the piece and it doesn't.

ANSI art is back, baby. simonwillison.net/2025/Sep/2/r...

I don't get what Ken White thinks he stands to gain by wading into these social media slapfights between progressives and liberals. Lakshya Jain's first couple polls for The Argument haven't impressed me, but he's not a comic book villain. The people who think he is hate Ken and everything believes.

Somewhere on Kyle Kingsbury's site there's a link to a "What are birds?" video (it is what it sounds like) and I always assumed it was just a meme everyone knew but the Internet does not know about this meme and it lives permanently in my brain and I'm constantly having to go find it on his site.

Champaign-Urbana, Illinois: heart of the Prairie Demoscene.

Changed my mind, back to hating AI.

ohhhhh boy queue.acm.org/detail.cfm?i...

It is weird that I feel like I've never read this take before. andre.arko.net/2025/06/30/y...

Ed... can I call you Ed? If you want to write a piece about "how to argue with an AI booster", one good reportorial step you might take would be to actually *have an argument with an AI booster*. I'm available, but so are other people who have done things more recently than 2 months ago.