Brownie sends a hearty horse hello from Spain today.

Sebastian's having a chill morning

Leopold hopes you had a relaxing weekend.

It turns out if you social engineer someone to install a malicious browser extension, your browser can do Bad Things. The Passkey & FIDO specs explicitly say browser/endpoint compromise is not in their threat model.

These anti-science buffoons. For the past several weeks, 150-200 people a day in the U.S. have died of COVID, and that's likely an undercount. Removing access to 150M+ Americans is the latest proof that Kennedy and his henchmen are leading a death cult. www.nytimes.com/2025/08/27/h...

This is a real photograph of Washington, DC this week, where the United States president has ordered military occupation in peacetime, and ordered the display of colossal portraits of himself. www.wsj.com/politics/pol...

~this week in security~ is my weekly cybersecurity newsletter, featuring: 🗞️ all the news you need to know 😁 the happy corner of good news 🐈 a reader-submitted cyber cat (or friend) 👀 no email open/link trackers 🌏 read by email, online, or RSS 🔐 plus exclusive analysis & more for premium subscribers

Sebastian says good night.

Seems legit.

There's about another month before Santa Claus melons, sometimes referred to as Christmas or Piel de Sapo ("Toad Skin" in Spanish) melons, are out of season. If you've never tasted one, they are almost the perfect fruit — more firm than a cantaloupe, sweet like a watermelon, but almost no juice.

My security friends' five stages of response to that tweet: 1. laugh & laugh & laugh 2. pause 3. think for a minute 4. read it again 5. channel their best Jonah Hill sighing deeply and rubbing the bridge of his nose

Pretty view out the window right now.

This big guy has been chilling in our backyard for 20 minutes and our Saint Bernard is absolutely losing his mind.

What a wonderful story about an extraordinary life. I had seen pictures of the Kryptos sculpture and read that it had frustrated generations of professional and amateur code breakers, but had no idea of the depth and history of its origin and its creator.

Spotted by the Dupont Circle Krispy Kreme. #SandwichGuy @katestarbird.bsky.social

So tempted to fire up my laptop and see how many beacons, 3rd party trackers and sketchy ad js libraries load on the NYT home page.

Decided to try my luck and ordered a "Empanada de Pollo Chai" from a local Barcelona bakery and holy cow - strong recommend. It's a savory puff pastry dusted in smoked paprika, pepper and garlic powder with a spicy minced chicken & peas filling, almost like a Jamaican patty as a square croissant.

Sebastian is having a great day and wants you to know it.

More favorites from go.dev/doc/go1.25: - go doc -http - waitgroup analyzer - experimental encoding/json/v2 - trace flight recorder - CrossOriginProtection, of course - 3x faster RSA keygen - no more SHA-1 in TLS 1.2 - hash.Cloner and XOF - more os.Root methods - WaitGroup.Go (!) - testing.T.Output

Sebastian is ready to take on the day.

Never gets old.

I just added a copy of my slides for my "We are currently clean on OPSEC" DEFCON talk here, in case you're interested micahflee.com/we-are-curre...

I got a flu booster today and it made me reflect on the sense of national accomplishment I felt when I drove to a public facility, waited in my car until my number was called on an app, and got my first covid jab. It's fucked the right gets to erase what a moment of technological liberation that was

Today @defcon.bsky.social the Quantum Village co-founders will present a fully open source quantum sensor that anyone can build for under $150. And it's all possible because of a Very Specific Diamond 💎💅 www.wired.com/story/fully-...

“Other than that, how was the show, Mrs. Lincoln?”

Here is the emergency directive

Welp, there goes my bookmark for that awesome Hong Kong hand pulled noodles place...

”He says he wears sunglasses at the roulette table so no one can tell what he's looking at.“

Microsoft sent me an invite for a private reception. Not sure who's developing their RSVP forms, but this one's definitely rockin’ a Cold Fusion or ASP classic vibe.

Sebastian is doing his best to fit on the patio sofa and enjoy the sunny nice day.

Some early mornings I go to a cute mom & pop hole in the wall cafe run by a retired couple from Maui. As I got up to leave this morning, spotted a regular at the bar finishing off a *giant* old fashioned soda fountain milkshake. For breakfast. Oh, yes, you sweet bastard. That is the move.

“The earthquake, about 78 miles east-southeast of Petropavlovsk-Kamchatsky, Russia, took place at 7:24 p.m. Tuesday Eastern time, according to the U.S. Geological Survey. It could be the sixth-strongest earthquake ever recorded, according to the Geological Survey”

While most vendors ship timely patches for vulnerabilities reported by Project Zero, they don’t always reach users. Today, we’re announcing Reporting Transparency, a new policy to encourage downstream fixes googleprojectzero.blogspot.com/2025/07/repo...

The gulf between muggles that claim some kind of HIPAA violation in a news story vs reality is vast. But the space between those working on the periphery of healthcare confidently citing Cirque du Soleil-level cryptography “requirements” vs the actual black letter regs is even more vast.

“The only other contact Kim’s family has had with him [besides a brief call with his mother on Friday] is through what they believe to be secondhand text messages — probably an immigration official texting them from Kim’s phone in his presence.” Archive link: archive.is/2025.07.29-0...

TIL Morton kosher salt has 71% more sodium than Diamond Crystal kosher salt. This explains SO much. Also, goddamnit.

Very blunt assessment by Om Malik of Microsoft's spin on its latest moves on the path to AI, starting with the recent 9,000 employee layoff. From the $3.8T company enjoying historically record profits.

This would be like trying to hire A Team-level security engineers but rejecting people who couldn't cite the precise command flags for Burp or nmap, and instead hiring people who don't really understand risk, modern threat modeling, or tactics of current criminal blackhat gangs.

2 BFFs

“Starting today, subscribers to my OnlyFins account will get access to all the breaches they can handle for only 10 chinook salmon a month."

Pharmaceuticals are a weird thing. One medicine called moxifloxacin in drop form is highly effective at clearing up eye infections. Taken orally, for some people, even healthy adults, it can alter a part of the heart rhythm and cause QT prolongation or Torsades de pointes syndrome, and kill you. 1/2

As someone who's made fairly radical changes to my diet in recent years, it's no surprise that giant consumer food brands are getting pummeled by smaller health-focused competitors. Maybe after 20 yrs of pushing "low-fat" high sugar BS & obscene amounts of salt & corn syrup they're getting a clue.

The little one (Skyler) got ahold of big dog's monster bone and went to town while he turned his back in protest. Never give up.

If you code websites, then you KNOW how it’s been to style form controls. Watch this #cssday talk from @ntim.bsky.social to learn why it’s been so hard, and how we are going to fix it for the future. www.youtube.com/watch?v=WgSi... #css #webdev #formcontrols

Good grief, the US National Cancer Institute projects it will fund only one in 25 RO1 grant applications in 2026. This is massively defunding cancer research. Despicable vandalism. www.cancer.gov/grants-train...

“'I told them where I was born, I had an ID, I had a social, I had a birth certificate,' he said. 'None of the ICE agents that were on scene, they didn't' care about none of that.' He was released when a supervisor showed up.” abc7.com/post/us-citi...

Roughed up at an Ontario, Calif. grocery store: "Pina says he tried explaining to the agents that he is American, but they ignored him. "'I told them where I was born, I had an ID, I had a social, I had a birth certificate,' he said. 'None of the ICE agents that were on scene, they didn't care.'"

10,000 steps a day is a good way to keep the doctor away. But you can get most of the same benefits once you get to 7,000 steps, a new study shows. By me for @newscientist.com www.newscientist.com/article/2489...

In which once again @mekka.mekka-tech.com called it long before most analysts in the US: Chinese electric vehicle maker BYD expands its global EV footprint with rollout of budget car "Atto 1", starting at $12,270 with a range of up to 240 miles.