The password to the Louvre’s video surveillance system was “Louvre,” according to a museum employee

U.S. Army advising troops stationed in Germany to go to German food banks during shutdown. “Running list of German support organizations for your kit bags: - Tafel Deutschland - Foodsharing e.V. - Essen für ” web.archive.org/web/20251105...

I had a bug in my new ML-DSA implementation that caused Verify to reject all signatures. I gave up after half an hour. On a whim, I threw Claude Code at it. Surprisingly (to me!) it one-shotted it in 5 minutes. A small case study of useful AI tasks that aren't generating code that requires review.

Nice sunset at the barn outside Barcelona

We're pleased to announce the final lineup for Black Hat Europe '25. Terrific security research spanning 21 tracks. In a separate thread, I'll highlight a few of my favorites. www.blackhat.com/eu-25/briefi...

Microsoft Azure challenges AWS for downtime crown

I'm surprised and encouraged by my new replacement for Chrome and Safari with @kagi.com's browser Orion and its search engine. On the first couple of searches it managed to unsurface content that was exactly what I wanted, including some things I wrote/said years ago that I'd completely forgotten.

Seeing some disturbing early research around ChatGPT's new Atlas web browser. I strongly recommend caution against using it, particularly to interact with any web sites holding sensitive data.

Here's a pic of our dog before a proper grooming, looking rather punk and intimidating. And an after. Enjoy.

One of the things that got drilled into my head working with field clinics in remote developing areas is: Design local systems for as much autonomy as possible and don't ever assume good (or ANY) connectivity for basic operations.

stop scrolling and post two characters that bring you happiness

This is at once one of the most gobsmacking examples of utter incompetence I've read to date coming from the current administration, and yet also a fascinating train wreck of hilarity.

them: "Your required training is due. Please complete it today." 3rd-party training system: “nope nope nope server error please try again later” me: fine time for a nice cup of chai.

Amazon is still working to recover from a major service outage in US-East that started around 2 am ET. Thousands of sites affected, including several large European banks. “The UK government has said it is in contact with Amazon over Monday’s outage.” health.aws.amazon.com/health/status

Oh wow

The top of two prominent newspapers’ mobile editions right now—and the reason that, despite growing up in New York, I always read @theguardian.com first (and rarely open @nytimes.com):

Since I did it in June, I'll do a quick thread of images from the No Tyrants* rally, again at the US embassy in London, 18 October 2025 *Instead of No Kings, because that would be churlish for a bunch of Americans who've been welcome in this kingdom #NoTyrants #NoTyrantsLondon #NoKings

It’s going to take ages to pay all these people

CNN talking about the possibility of violence as a guy in a giraffe costume waddles by

Lisboa, Portugal. One world, one fight.

Boston. Wow.

“A clear visual clue that the photograph was not taken in Portland was that the first officer’s shield is marked “Policia”, the Spanish or Portuguese word for police.” www.theguardian.com/us-news/2025...

Look at this turnout in Charlotte! #NoKings (via Marco Foster/Threads)

South Korea: #NoKings! Thousands of people came to show support to the US democracy!

#NoKings Miami!

#NOKINGS New York City, NY

I just want to live in a world where my thermostat can't have security vulnerabilities

This is a friendly reminder that the call for contributed talks to Real World Crypto in Taipei 2026 is open until October 10. We are looking for interesting talks bridging cryptography and its real-world use! Also it’s a great way to meet new people! rwc.iacr.org/2026/contrib...

“So Kenn, what line of work are you in?”

For the 8th time, the Senate votes to reject the Republican-led government funding bill. The count is 49-45; with six senators missing the vote. Not a single senator has switched their vote since pre-shutdown. The Senate will vote on it again for a 9th time tomorrow afternoon

Thousands of posts from a private Young Republican Telegram chat reveal a culture of casual racism/antisemitism, rape jokes and celebration of Hitler/Nazism. Some of the ringleaders are below: We live in a world where 4chan types now occupy positions of real power. www.politico.com/news/2025/10...

“There is no excuse for the language and tone in messages attributed to me. The language is wrong and hurtful, and I sincerely apologize,” Walker said. “This has been a painful lesson about judgment and trust, and I am committed to moving forward with greater care, respect…” blah blah blah.

Absolutely shameful.

my latest investigation for @consumerreports.org is based on months of reporting and 60+ lab tests of leading protein supplements we found that most protein powders and shakes have more lead in one serving than our experts say is safe to have in a day (🧵) www.consumerreports.org/lead/protein...

With just $800 in basic equipment, researchers found a stunning variety of data—including thousands of T-Mobile users’ calls and texts and even US military communications—sent by satellites unencrypted. Read more: www.google.com/url?q=https:...

Just, you know, the locations of military ships and Blackhawk helicopters being broadcast unencrypted to the planet...

Seems like a good time to post the periodic public service announcement: E2EE || GTFO

This might be one the biggest security stories in years. The take-away isn't: "Some geospatial sat comm networks are wonky and not very secure.", it's: “A stunning volume of global network traffic, comprising orgs' most sensitive systems & mobile carrier voice/SMS flow, is completely unprotected.”

The Wired piece by @agreenberg.bsky.social and @mattburgess1.bsky.social on this just dropped, and the research by Heninger et al is stunning: “sensitive [sat] traffic is being broadcast unencrypted, including critical infrastructure, corp, gov't, and…private citizens’ voice calls & SMS". 🧵

The family had filed a missing report after their 15 year-old autistic son went missing. “He is sometimes non-verbal. His social worker says he has the mindset of a 4-5 year old. […] The family discovered that he has been in ICE custody since Monday.”

What's not to love about Portland

High hopes on this smoothie.

SCOOP: Spyware maker NSO Group confirmed to us that the company has been acquired by a U.S. investment group. NSO's spokesperson said the group "has invested tens of millions of dollars in the company and has acquired controlling ownership," but declined to say who is behind the investment.

The stock market slumped to its worst one-day showing since tariffs roiled markets in April, as President Trump threatened to impose more tariffs on Chinese imports.

During the shutdown, the administration furloughed key people at the Dept of Labor responsible for highly watched economic reports and forecasts, like the Consumer Price Index. They're now being told to come back to work. www.cnbc.com/2025/10/10/c...

In a WestJet filing w/ the Maine AG, WJ said “the stolen data may include passenger names, dates of birth, postal addresses, and travel documents, including passports & gov't-issued identity documents, as well as other passenger accommodations, such as requests & complaints.” From @zackwhittaker.com

Sarah Mullally has been named the new Archbishop of Canterbury, the first woman chosen to lead the world's 85 million Anglicans.

them: "That is so annoying. Bad Bunny is touring all over the world, but he's, like, skipping America." me: "He's performing in Puerto Rico for 6 weeks." them: *blink blink*

Written 55 years ago, Schulz's heartfelt clarity cuts through the noise, even today. h/t @tisserand.bsky.social