Blake Colquitt claims Hacker News is hospitable to "race realism" (because of Curtis Yarvin). We share most of an opinion about Yarvin, but he is making up that claim about HN. HN is distinctively INHOSPITABLE to that stuff, far more so than Bsky. www.dontbeasucker.blog/p/the-butter...

People meeting up at around 7PM at Kaiser Tiger on Ogden/Randolph for ChiSec, if you're bored and want to drink with nerds. No RSVPs, just show up.

Very much enjoying watching nerds attempt to cancel Olga Tokarczuk for acknowledging she used LLMs in her brainstorming process. Nobelslop!

(good article, I wish I could have clicked on the images to view them full size) I also made a markdown renderer that works exactly like I want, because I was unhappy with glow: github.com/llimllib/mdr...

I wrote a thing. This is not a love letter to Emacs, which is one of my more toxic and codependent relationships. sockpuppet.org/blog/2026/05...

Oh, ChiSec is tonight, bunch of security nerds hanging around at a bar, Kaiser Tiger on Randolph/Ogden, 7PM. No RSVPs, just show up, look for the table of nerds. Has been pretty well attended lately.

Skyr is the king of all dairy products, that is all.

Alex Gaynor on the "sufficiently smart compiler" of software security, the mythical actually-effective static analyzer: alexgaynor.net/2026/apr/13/...

This is a fucking incredibly great bug. Ask Claude to demonstrate it for you; it'll one-shot it. For ECC signatures (at least), WolfSSL thinks a 1-byte SHA2 hash is just as good as a 32-byte hash.

I wrote something: sockpuppet.org/blog/2026/03...

Yeah, so, I'm going to have more to say about this later, but, for now... yeah. securitycryptographywhatever.com/2026/03/25/a...

Extremely psyched about two upcoming SCW guests, one of them this week. We've got very crunch vulnerability research and cryptography stuff coming.

Y'all, I've seen some shit, but I've never seen someone want *both* DNSSEC ceremonies *and* the CA/B Forum before.

Nicholas Carlini at [un]prompted. If you know Carlini, you know this is a startling claim.

None of you are giving me enough credit for not participating on the TLS working group mailing list. You're welcome. Everything I don't do, I don't do it for you.

Annals of things people have actually written down for other people to read: "No one trusts NIST. But people do trust the IETF."

People who hope to apply Daniel Bernstein's rules-lawyering tactics at IETF, which were honed in the DNS WGs (where he was probably in the right), would do well to remember that those tactics have consistently failed. They've merely won him standing to complain about the IETF.

There's only one correct way forward for handling the introduction of MLKEM into TLS, and, indeed, all future tls-wg cryptography debates, and it's this proposal: snkth.com/add-crypto/

Given how i am only a) a beneficiary of air travel (thanks for all the miles so far) b) A non-avionics-expert reader of the EUROCAE WG-128 RTCA/DO-254 drafts c) A spectator usually attending this type of debate with popcorn I hope my comments are useful...

"Auchentoshan" is inarguably the best distillery name.

Very fun: if you have the dictionary of embeddings Semantle uses, solving it is a trivial linear algebra problem: they're giving you the cosine similarity back on every guess, so you can filter out most of the vocabulary on a single guess. victoriaritvo.com/blog/semantl...

For a lot of years I was in the habit of criticizing cryptography designs that used asymmetric constructions because RSA is much more complicated and hard to get right than symmetric crypto. But the real problem is that it's against the law to authenticate an RSA key.

Seriously, every paper with Backendal as an author is a banger

"presenting a cornucopia of practical attacks". These are my favorite words ever to have occurred in a cryptography paper.

I think even calling it Chess is being charitable; many days I think it's closer to the board game Concentration.

Of all the possible LLM applications to be skeptical about, vulnerability research seems like it has to be the dumbest. Of course it works. If you think it can't, I'll assume you've never once billed an hour looking for vulnerabilities.

JAMC sounds absolutely nothing like Echo & The Bunnymen. That is all.

Peak vertical video food content. I am officially wearing an onion around my belt. It is the fashion of my time.

Just recorded the premiere episode of Season VIII of Security Cryptography & W/evs, this time with Alex Gaynor and Paul Kehrer, who have a momentous announcement about pyca/cryptography and OpenSSL.

This is a perfect piece of technical writing. alexharri.com/blog/ascii-r...

Quick reminder that ChiSec is tonight, it's at Kaiser Tiger now (on Ogden in West Loop), starts at 7PM, no RSVPs just show up, I'll probably make it by around 8PM.

I wrote a thing. fly.io/blog/design-...

Final SCW of 2025! We had Matt Bernhard on to talk about cryptographic voting systems, in the wake of the IACR election. (Everybody I voted for in the new election won! Woo!)

Rust people should be embarrassed by the people trying to argue that Rust is the only truly memory-safe mainstream language. Far and away the cringiest RESF trope.

They should use Vince Guaraldi's instrumenal Joe Cool diagnostically. If you can hear it and not at some point grin, something's clearly wrong.

Quick reminder that ChiSec is tonight at 7PM. It's at Kaiser Tiger, at Randolph and Ogden (just down the street from where Twisted Spoke was).

No he didn't. He said other bad shit, which isn't reported here because it's not as exciting as the made-up shit. Shun accounts that do this.

Three dumb ideas that recur constantly in discussions among nerds about intelligence: (1) IQ tests are illegal in hiring. (2) There exist national average IQ numbers. (3) Intelligence research is suppressed.

I wrote a thing, about a project you should knock out when you get 45 minutes free. fly.io/blog/everyon...

@oakparknerd.bsky.social Mask off for Stopeck, I guess.

Have you moved to the district yet?

Simon calls out this Dan Abramov comment about how ATproto is qualitatively different from ActivityPub. Maybe he's right. But I look at ActivityPub/Mastodon as a midpoint between blog/RSS and Twitter, and I don't remember the blogosphere being ineffective. simonwillison.net/2025/Sep/27/...

New Neko is fine. Good. The music has gotten more interesting. This is better than the last album with all the cigarettes on it. Still not clear how you can ever outdo Fox Confessor.

Called this. www.galois.com/articles/cla...

Good Morning Spider is an underrated album.

New frontiers in carnitas-making. Today: took the fat cap/skin off in a whole sheet, sliced that into big cubes, rendered it for a couple hours, tried not to eat all of that, then browned the shoulder in the fat, cubed up, threw the skin in, and braised it off. I've been doing the fat cap all wrong!

What the FUCK, Microsoft?

Current status at Apple SEAR: www.youtube.com/watch?v=1GJS...

I am unreasonably excited about this. go.dev/blog/jsonv2-...